Support Desk

Privacy Policy

Last updated: June 30, 2026

This Privacy Policy explains how Chat Celeste inc. d/b/a Customer Served collects, uses, discloses, and protects personal information in connection with Support Desk. If you are a merchant using Support Desk, you are responsible for providing your own privacy notice to your customers and for making sure you have a lawful basis to process their information through the Service.

1. Scope and Roles

This policy applies to personal information we process for our own business purposes, such as account management, billing, support, security, analytics, and marketing. Customer support tickets, Shopify order context, imported Freshdesk history, attachments, and similar information that merchants submit about their own customers are usually processed by us on behalf of the merchant as described in the Data Processing Addendum.

2. Information We Collect

  • Account information, such as name, email address, Firebase authentication identifiers, role, workspace membership, and login/session metadata.
  • Workspace information, such as brand name, support email, support instructions, Brand Brain content, mailbox configuration, domain verification records, Shopify store domain, and integration settings.
  • Customer support content, such as inbound and outbound emails, ticket metadata, customer names, customer email addresses, attachments, internal notes, tags, assignments, AI drafts, macros, and satisfaction follow-up content.
  • Shopify information, such as store identity, order identifiers, customer/order/product/fulfillment context, returns, variants, tracking numbers, and actions that authorized users choose to take.
  • Imported information, such as Freshdesk tickets, conversations, product IDs, email configuration IDs, and historical response examples.
  • Tracking information, such as shipment identifiers, courier data, tracking status, and Ship24 refresh results.
  • Billing and usage information, such as Stripe customer IDs, subscription status, invoices, checkout state, usage events, billable tickets, AI drafts, outbound replies, attachment bytes, overage calculations, and billing portal activity.
  • Technical and security information, such as IP address, device/browser metadata, logs, audit events, request metadata, error traces, queue/job status, and rate-limit data.
  • Communications with us, including support requests, feedback, sales questions, legal requests, and operational notices.

3. How We Use Information

  • Provide, operate, maintain, secure, and improve the Service.
  • Authenticate users, manage workspaces, process onboarding, and enforce permissions.
  • Route inbound email, send outbound replies, verify domains, process attachments, and provide exports.
  • Display Shopify, tracking, Freshdesk, and other integration context inside the support workflow.
  • Generate, evaluate, and store AI-assisted drafts, classifications, summaries, support-instruction suggestions, and Brand Brain content.
  • Process subscriptions, trials, invoices, taxes, usage, overages, and billing support.
  • Monitor availability, debug issues, prevent abuse, investigate incidents, and enforce our Terms and Acceptable Use Policy.
  • Comply with legal obligations and respond to lawful requests.
  • Send service, security, billing, onboarding, product, and administrative communications.

4. AI Processing

AI features may send relevant support content, workspace instructions, Shopify context, tracking context, historical examples, and user prompts to AI model providers or routing providers so they can generate drafts, summaries, classifications, or recommendations. AI output can be inaccurate or inappropriate. Merchants and their authorized users are responsible for reviewing AI output before sending it to customers or acting on it.

Do not submit information to AI features unless you have the right to process that information for support operations. Do not use AI features for medical, legal, financial, employment, housing, credit, education, or other high-risk decisions unless you have independent legal approval and appropriate safeguards.

5. How We Share Information

  • Service providers and subprocessors that host, secure, process, store, transmit, or support the Service.
  • Stripe for checkout, subscriptions, invoices, billing portal, taxes, fraud prevention, and payment processing.
  • Postmark for inbound and outbound email, domain verification, bounce handling, and delivery events.
  • Firebase/Google for authentication and related security services.
  • Shopify, Freshdesk, Ship24, Cloudflare, OpenRouter, model providers, and other integrations you connect or enable.
  • Professional advisors, insurers, auditors, and legal, tax, or compliance service providers.
  • Government, law enforcement, courts, regulators, or private parties when we believe disclosure is legally required or necessary to protect rights, safety, security, or integrity.
  • A successor or potential successor in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

6. Cookies and Similar Technologies

The Service uses cookies and similar technologies for authentication, session management, security, preferences, analytics, and product operation. You can control cookies through your browser settings, but blocking required cookies may prevent the Service from working.

7. Retention, Export, and Deletion

We keep information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, preserve backups, and operate our business. Workspace owners may request export, deactivation, or deletion workflows where available. Some information may remain in backups, logs, audit records, billing records, security records, or legal archives for a limited period.

8. Security

We use technical and organizational safeguards designed to protect information, including access controls, encryption for selected secrets and tokens, audit logs, domain verification, private attachment storage, webhook authentication, and operational monitoring. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

9. International Processing

We and our subprocessors may process information in Canada, the United States, and other countries where we or they operate. Those countries may have privacy laws different from the laws where you or your customers live.

10. Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port certain personal information. You may also have the right to withdraw consent or lodge a complaint with a privacy regulator. To make a request, contact support@customerserved.ai. If we process information on behalf of a merchant, we may direct the request to that merchant.

11. Children

The Service is intended for businesses and is not directed to children. Do not use the Service to knowingly collect information from children where doing so would violate applicable law.

12. Changes

We may update this Privacy Policy from time to time. The updated version will be posted here with a new last updated date. If we make material changes, we may provide additional notice through the Service or by email.

13. Contact

Questions or requests can be sent to support@customerserved.ai.