Privacy Policy

About This Policy

MadCrow AI is a product suite developed and operated by GlobeCo Technologies Pvt Ltd ("we", "us", or "our"), a company incorporated in India. This Privacy Policy describes how we collect, use, store, and disclose personal information when you visit our websites, create an account, or use any MadCrow product — including Madcrow: AI Chat & Support for Shopify and beCo AI. By using our products or websites, you acknowledge that you have read and understood this policy.

1. Information We Collect

We collect information in the following categories:

• —Identity and Contact Data: Your name, email address, company name, phone number, and job title when you register, contact us, or request a demo.
• —Account Data: Login credentials, account preferences, and subscription details associated with your MadCrow account.
• —Platform and Store Data: For merchants using Shopify-integrated products, we access store information (product catalogues, shop policies, order metadata) through authorised Shopify APIs solely to power AI responses. We do not store raw order or customer payment data.
• —Usage Data: Information about how you use our products — feature interactions, session duration, page views, error logs, and configuration choices.
• —Communications Data: Content of messages you send us via contact forms, support tickets, or email.
• —Technical Data: IP address, browser type, operating system, device identifiers, referral URLs, and log data collected automatically when you access our services.
• —Cookie Data: Information collected through cookies and similar tracking technologies as described in Section 10.

2. How We Use Your Information

We use your information only for the following purposes:

• —Providing and operating our products and services, including generating AI responses grounded in your specific data.
• —Managing your account, subscription, and billing.
• —Communicating with you about support requests, product updates, and important service notices.
• —Improving the quality, accuracy, and reliability of our AI systems at the product level — without using your proprietary data to train models for other customers.
• —Analysing aggregated, anonymised usage patterns to guide product development.
• —Complying with legal obligations and enforcing our terms and policies.
• —Detecting, preventing, and responding to fraud, abuse, or security incidents.

3. Legal Basis for Processing

Where applicable (including under GDPR and India's Digital Personal Data Protection Act 2023), we process your personal data on the following legal bases:

• —Contract Performance: Processing necessary to deliver the services you have subscribed to.
• —Legitimate Interests: Analytics, security monitoring, and service improvement, where our interests do not override your privacy rights.
• —Legal Obligation: Compliance with applicable laws, regulatory requirements, and lawful government requests.
• —Consent: Where we seek your explicit consent, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.

4. Data Isolation and AI Processing

Each customer's data is strictly isolated within our infrastructure. We do not share, combine, or use your business documentation, chat logs, store data, or uploaded knowledge base content to train or improve AI models for any other customer or for our own foundational models. AI inference is performed using vetted third-party AI providers who are bound by data processing agreements that prohibit them from using your data for any purpose other than completing your requests.

5. Third-Party Sub-processors

We share your data with third parties only as necessary to provide our services. Our current sub-processors include:

• —AI Inference Providers (e.g., Google Gemini API): For generating AI responses. Bound by zero-data-retention agreements where applicable.
• —Cloud Infrastructure (e.g., AWS, GCP): For hosting, encrypted storage, and database services.
• —Shopify Inc.: For authentication, billing, and store data synchronisation in Shopify-integrated products.
• —Analytics Services: Anonymised, aggregated usage analytics only. No personally identifiable data is shared with third-party analytics platforms.
• —Legal and Regulatory Authorities: Where required by applicable law or court order.

6. International Data Transfers

Our services are operated from India. If you access our services from outside India, your data may be transferred to and processed in India or other countries where our sub-processors operate (including the United States and the European Union). We ensure that any international transfers are protected by appropriate safeguards, including Standard Contractual Clauses where required under GDPR.

7. Security

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include TLS encryption for all data in transit, AES-256 encryption for data at rest, role-based access controls, audit logging, vulnerability assessments, and regular security reviews. In the event of a confirmed data breach that affects your personal data, we will notify you and relevant authorities as required by applicable law.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

• —Account and identity data: Retained for the duration of your account and for up to 12 months after account closure, unless deletion is requested earlier.
• —Chat and interaction logs: Retained for the duration of your active subscription to support analytics. You may request earlier deletion at any time.
• —Technical logs: Retained for up to 90 days for security and debugging purposes.
• —Billing records: Retained for 7 years as required by applicable tax and accounting regulations.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• —Right of Access: Request a copy of the personal data we hold about you.
• —Right to Rectification: Request correction of inaccurate or incomplete data.
• —Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• —Right to Restriction: Request that we limit processing of your data in certain circumstances.
• —Right to Data Portability: Receive your data in a structured, machine-readable format.
• —Right to Object: Object to processing based on legitimate interests or for direct marketing.
• —Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

10. Cookies and Tracking

We use the following categories of cookies on our websites:

• —Essential Cookies: Required for the website and our products to function correctly. These cannot be disabled.
• —Analytics Cookies: Used to understand how visitors interact with our website (e.g., pages visited, time spent). Data is anonymised and aggregated.
• —Preference Cookies: Store your settings and choices to personalise your experience across sessions.

11. Children's Privacy

Our products and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at support@madcrow.ai and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by sending an email to your registered address or by posting a prominent notice on our website at least 14 days before the changes take effect. Your continued use of our services after the effective date constitutes your acceptance of the updated policy.