Privacy Policy

Effective Date: March 28, 2026

This policy explains how Nativ Studio ("Assistify", "we") collects and processes personal data.

Important Distinction

  • For the data of our Clients' representatives (account creation, billing), Assistify acts as the Data Controller.
  • For the data of visitors interacting with the chat widget on our Clients' websites, Assistify acts as a Data Processor.

1. Data Collected

B2B Client Data

Name, email, hashed password, billing information (managed by Stripe), organization role.

Visitor Data (Processed on behalf of the Client)

IP address, user-agent, visited pages, chat message history, name/email (if provided), approximate geolocation.

Integration Data

API tokens and data fetched from Shopify, SellAuth, Slack, and other connected services.

2. Purposes and Legal Basis

  • Performance of a Contract: To provide the SaaS service, hosting, and knowledge base vectorization.
  • Legitimate Interest: To improve the platform, generate usage analytics, and optimize the semantic cache.
  • Legal Obligation: Retention of invoices and payment data.

3. Sub-processors and International Transfers

We use third-party sub-processors to operate Assistify:

  • AI Model Providers (USA/Europe) — Generation of AI responses and summaries. Transfers safeguarded by EU Standard Contractual Clauses. Providers may change over time.
  • Stripe (USA/Europe) — Payment processing.
  • Hosting Provider (Europe) — Server hosting and databases.
  • Integration Providers — As selected by the Client (Shopify, Slack, etc.).

4. Retention Periods

  • Client account data: Kept for the duration of the contract + 5 years after closure (statutory limitation).
  • Visitor chat data: Determined by the Client. Assistify deletes this data upon Client termination or upon Client request.

5. Data Subject Rights (GDPR & CCPA)

You have the right to access, rectify, delete, restrict, and port your personal data.

For California Residents (CCPA): Assistify does not "sell" or "share" your personal information for cross-context behavioral advertising.

To exercise your rights: dpo@assistify.com.

Note: End-visitors must send their privacy requests directly to the Assistify Client, who is the Data Controller.

6. Data Processing Agreement

As required under Art. 28 of the GDPR, Assistify acts as Data Processor for visitor data collected via the chat widget and integrations. Our obligations include:

  • Process data only on documented instructions from the Client.
  • Ensure confidentiality (personnel subject to confidentiality obligations).
  • Implement technical security measures (encryption in transit, multi-tenant isolation, secure databases).
  • Assist the Client in fulfilling data subject rights requests (GDPR/CCPA).
  • Notify the Client of any personal data breach within 48 hours.
  • Upon termination, delete or return all personal data at the Client's choice.

7. Contact

For any questions regarding this Privacy Policy, contact us at dpo@assistify.com.