Privacy Policy

This Privacy Policy describes how Slivo ("Slivo," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website at slivo.app and our AI voice sales agent platform (the "Service").

1. Our Role in Data Processing

Slivo operates as a platform that connects e-commerce merchants ("Merchants") with their customers ("Buyers") through AI-powered voice consultations.

As a Data Processor: When processing Buyer data on behalf of Merchants, Slivo acts as a data processor (or "service provider" under CCPA). The Merchant is the data controller and is responsible for obtaining any necessary consents from Buyers and maintaining their own privacy policy.

As a Data Controller: When collecting data directly from Merchants (account registration, billing) and website visitors, Slivo acts as a data controller.

If you are a Buyer and have questions about how your data is handled, please contact the Merchant whose website you interacted with. The Merchant controls how your data is used.

2. Information We Collect

2.1. Information from Merchants

Data Type	Examples	Purpose
Account information	Email address, password (hashed)	Authentication, account management
Store information	Store name, website URL, store description	Service configuration
Integration credentials	WooCommerce API keys	Accessing your product catalog and creating orders
AI agent configuration	Greeting message, voice selection, FAQ entries, consultation flow	Powering your AI agent
Billing information	Stripe customer ID, subscription plan, usage data	Subscription management and billing

Note: Payment card details are collected and processed directly by Stripe. Slivo does not store your credit card numbers.

2.2. Information from Buyers

When a Buyer interacts with the AI voice agent on a Merchant's website, the following data may be collected during the call:

Data Type	Examples	Purpose
Contact information	Name, email, phone number	Order creation, delivery
Shipping address	Street, city, state, ZIP, country	Order fulfillment
Call transcript	Text record of the conversation	Quality assurance, order verification
Call metadata	Duration, timestamp, call outcome	Analytics for the Merchant
Product selections	Products chosen, quantities	Order creation

Voice/Audio Data: Slivo does not directly record or store audio from calls. Voice audio is processed in real time by our third-party AI provider (Retell AI) via encrypted WebRTC connections. Slivo stores only text transcripts of calls. Please note that Retell AI may retain call recordings, transcripts, and related data in accordance with their own data storage settings and privacy policy. We configure our integration to minimize data retention by third-party providers where possible.

2.3. Information Collected Automatically

When you visit our website, we may collect:

• IP address
• Browser type and version
• Pages visited and time spent
• Referring website

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and manage subscriptions
• Create and fulfill orders on the Merchant's e-commerce platform
• Communicate with Merchants about their account, billing, and Service updates
• Monitor usage and enforce our Terms of Service
• Detect, prevent, and address fraud, abuse, and security issues
• Generate aggregated, anonymized analytics to improve the Service
• Comply with legal obligations

We do not use Buyer personal data to:

• Send marketing communications to Buyers
• Sell Buyer data to third parties
• Build advertising profiles of Buyers
• Train AI models on identifiable Buyer data

4. Third-Party Services

The Service relies on the following third-party providers, each with their own privacy policies:

Provider	Purpose	Data Shared
Retell AI	AI voice processing, speech recognition and synthesis	Call audio (real-time, not stored by Slivo), conversation context
Stripe	Payment processing and subscription billing	Merchant billing information
WooCommerce	Product data and order creation	Buyer order details (name, address, products) — sent to the Merchant's own store

We require our third-party providers to protect the data we share with them, but we are not responsible for their privacy practices. We encourage you to review their privacy policies.

5. Data Retention

Data Type	Retention Period
Merchant account data	Until account deletion
Call transcripts and Buyer data	Until the Merchant deletes their account
Integration credentials	Until account deletion (encrypted at rest)
Billing records	As required by law (typically 7 years for tax purposes)
Webhook event logs	48 hours
Debug/system logs	7 days
Aggregated analytics	Indefinitely (contains no personal data)

Account Deletion: When a Merchant deletes their account, we retain data for 30 days (to allow for accidental deletion recovery), after which all data — including Buyer data from calls — is permanently deleted.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption at rest: Sensitive credentials (API keys, webhook secrets) are encrypted using AES-256
• Encryption in transit: All data transmitted to and from the Service uses HTTPS/TLS
• Voice call encryption: WebRTC calls are encrypted end-to-end between the Buyer's browser and the AI provider
• Access controls: API authentication via signed tokens, domain whitelisting for widgets, HMAC signature verification for webhooks
• Rate limiting: Protection against brute-force and abuse
• Tenant isolation: Each Merchant's data is logically isolated — no Merchant can access another Merchant's data

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Sharing and Disclosure

We do not sell personal data. We may share data in the following circumstances:

• With third-party service providers as described in Section 4, solely to provide the Service
• With the Merchant whose website the Buyer interacted with (Buyer data belongs to the Merchant)
• For legal compliance — if required by law, regulation, legal process, or governmental request
• To protect rights — to enforce our Terms, protect our rights, safety, or property, or the rights of others
• In a business transfer — in connection with a merger, acquisition, or sale of assets, in which case your data may be transferred to the successor entity

8. Your Rights and Choices

For Merchants

You may:

• Access your account data through your dashboard
• Update your account information at any time
• Delete your account by contacting help [at] slivo.app — all associated data will be permanently deleted after the 30-day retention period
• Export your call data and analytics from the dashboard
• Cancel your subscription at any time

For Buyers

Since Slivo acts as a data processor for Buyer data, Buyers should contact the Merchant (the data controller) to exercise their privacy rights, including:

• Right to access their personal data
• Right to request correction of inaccurate data
• Right to request deletion of their data
• Right to know what data was collected

The Merchant may then instruct us to fulfill these requests.

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information we collect and how it is used
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Opt out of the sale or sharing of your personal information (we do not sell or share personal data for cross-context behavioral advertising)
• Not be discriminated against for exercising your privacy rights

To exercise these rights, contact help [at] slivo.app .

9. AI Disclosure

Buyers interacting with the Service are informed that they are communicating with an AI assistant before any call begins. The AI agent processes conversational data in real time to provide product recommendations and assist with purchases. AI responses are generated by machine learning models and may not always be accurate.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at help [at] slivo.app .

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your data to the United States. If we expand to serve EU/UK customers, we will implement appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

12. Cookies and Tracking

Website (slivo.app): We may use cookies and similar technologies for basic website analytics and functionality.

Widget: The Slivo widget embedded on Merchant websites uses browser localStorage for session state during calls. It does not use tracking cookies and does not track Buyers across websites.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Merchants of material changes via email or through the Service. The "Last Updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.