What we store, where it lives, who else touches it, and what we explicitly don't do with it. No legal fog, no marketing claims we can't verify.
Last updated:
Emporiqa is operated by Rosel Group LTD, registered in Bulgaria and operating inside the European Union. Your shoppers' data stays under EU data-protection law. There is no parent company in another jurisdiction with access to your account.
Conversations, products, and policies you sync to Emporiqa are used only to answer your shoppers. They are not used to train any AI model: ours, OpenAI's, OpenRouter's, or anyone else's. Where the provider offers a zero-retention API tier, we use it, so prompts and responses are not persisted on the provider's side beyond the request.
Customer chat history is kept for exactly 90 days from the conversation date and then automatically deleted. Account data after termination is retained for 30 days for reactivation, then deleted. Aggregate usage analytics and activity logs are kept for 2 years. Catalog data is retained while your store is active and deleted when you cancel.
One-click magic links by default, so there's no password to leak. Google sign-in for accounts with Workspace. A password fallback for any account that wants one (set via password reset, never required). Sessions are cookie-based with secure + HttpOnly flags in production.
Data is encrypted at rest in PostgreSQL and Redis. Webhook signing secrets we issue to your store are stored Fernet-encrypted and used only to verify HMAC signatures on inbound webhooks. All public traffic is HTTPS: the chat widget, the platform admin, and the public API.
We engage a short list of named subprocessors to run the service. Names, purposes, and jurisdictions are published in full at our subprocessors page. We notify customers in advance when the list changes.
Standard DPA available on request. We sign yours or provide ours. Email us when you need it. Required for enterprise contracts in regulated industries; optional but available for everyone else.
GDPR by default: you remain the data controller, we act as data processor for shopper interactions. EU AI Act: Emporiqa is a general-purpose AI system used for product recommendation and customer assistance, neither high-risk nor a prohibited use. We track regulatory guidance and surface changes that affect customers.
Email security findings to [email protected]. We acknowledge within one business day. No bug bounty in cash today, but we credit reporters publicly with consent and prioritise fixes.
Connect your products and watch the salesperson handle real shopper questions on your catalog.