Privacy Policy

Elizabeth.ai ("we", "our", "us") provides an AI-powered ordering automation platform for micro-businesses operating on Facebook ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Elizabeth.ai, you agree to the collection and use of information in accordance with this policy.

2.1 Merchant Information

When you sign up as a merchant, we collect:

• Name and email address
• Business/store name
• Facebook Page information (Page ID, Page name) when you connect your Facebook Page
• Product catalog data you enter (names, prices, inventory)

2.2 Customer Information (End-Users)

When customers interact with a merchant's Facebook Page that uses Elizabeth.ai, we may collect:

• Facebook User ID and public profile name (as provided by Facebook Messenger)
• Messages sent to the merchant's Page via Messenger or comments
• Order information (items ordered, delivery details provided voluntarily)

2.3 Automatically Collected Information

• Webhook event data from Facebook (message timestamps, event types)
• Usage analytics (page views, feature usage) for improving the Service
• AI processing metadata (token counts for billing purposes)

We use the information we collect to:

• Process and manage orders placed through Facebook Messenger and Page comments
• Provide AI-powered natural language parsing of customer orders
• Manage inventory, delivery tracking, and customer relationship data for merchants
• Send order confirmations and updates via Messenger
• Improve our AI models and Service functionality
• Monitor usage for billing and subscription tier management
• Communicate with merchants about their account

Our use of Facebook Platform data complies with the Meta Platform Terms and Developer Policies.

• We only request permissions necessary for the Service (pages_messaging, pages_manage_metadata, pages_read_engagement, pages_show_list)
• Facebook Page Access Tokens are stored securely and used solely to operate the merchant's ordering bot
• We do not sell, share, or use Facebook data for advertising purposes
• Merchants can disconnect their Facebook Page at any time via their dashboard settings

• All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enforcing strict tenant isolation
• Each merchant's data is fully isolated — merchants cannot access other merchants' data
• Access tokens are encrypted at rest and transmitted only over HTTPS
• Webhook payloads are verified using HMAC-SHA256 signatures
• We follow industry-standard security practices including environment-based configuration and secret management

We do not sell your personal information. We may share data:

• With AI service providers (Anthropic, Google, OpenAI) to process natural language orders — only the message text is sent, no personally identifiable information
• With infrastructure providers (Vercel, Supabase) as necessary to operate the Service
• When required by law or to protect our legal rights

• Merchant account data is retained for the duration of the account
• Order and customer data is retained as long as the merchant account is active
• Conversation state data may be automatically purged after 24 hours of inactivity
• Upon account deletion, all associated data is permanently removed within 30 days

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Disconnect your Facebook Page at any time
• Export your data (order history, customer list, product catalog)

To exercise these rights, contact us at privacy@elizabeth.ai.

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us to have it removed.

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or dashboard notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, please contact us:

• Email: privacy@elizabeth.ai
• Website: elizabeth.ai