Privacy Policy

Who we are

Reden AI is an AI studio operated by Omar Rayan, based in Cairo, Egypt. You can reach us at [email protected] for any privacy-related question.

We build three products — Commerce Agent, StyleAI, and Admin Chatbot — that operate on behalf of our clients (brands that sell on Shopify, Instagram, and WhatsApp). When you interact with one of our agents, you are interacting with the client's brand. Reden AI is the data processor; the brand is the data controller.

What we collect

From visitors to redenai.reden.cc

The FAQ chat widget on our marketing site processes the messages you send to it. We do not collect cookies, set tracking pixels, or build advertising profiles. Conversation text is sent through OpenRouter to a third-party large language model to generate a response and is not stored beyond the active session unless you explicitly leave contact information.

From end customers interacting with our agents on client platforms

When a customer messages a brand that uses Reden AI on Instagram, WhatsApp, or a Shopify storefront, we process:

• Message content (text, images, voice notes if relevant)
• Platform identifier (Instagram-scoped ID, WhatsApp number, Shopify customer ID)
• Display name as shown on the platform
• Order data, when the conversation involves a purchase or order lookup
• Product catalog data from the client's store, used to answer questions accurately

What we do not collect

• Payment card details — these are handled by Shopify Checkout, never by us
• Government identifiers (national ID numbers, passport numbers)
• Biometric data, facial recognition data, or health data
• Conversations on platforms our agents are not deployed to

Why we collect it

We process data strictly to deliver the service the client has hired us for. Specifically:

• To respond to messages with relevant, accurate information about the client's products and policies
• To complete checkout flows by generating Shopify checkout links scoped to the conversation
• To recognize returning customers within the same client's account, so the conversation remains coherent
• To allow the client's team to take over a conversation when escalation is appropriate
• To monitor and improve agent quality on behalf of the client

We do not use end-customer conversations to train AI models. We do not sell, share, or rent personal data to third parties for marketing.

Third-party processors

To deliver the service, we share data with the following processors. Each is contractually bound to use the data only as needed to provide their service.

• OpenRouter — for routing AI message-generation requests to the underlying large language model providers. OpenRouter and the providers it routes to do not train on data sent through their API.
• Cloudflare — for hosting our backend infrastructure (Workers, KV, D1).
• Meta Platforms — for Instagram and WhatsApp messaging delivery. Meta's own privacy policy applies to data within their platforms.
• Shopify — for accessing the client's product catalog and creating checkout sessions.
• Netlify — for hosting the redenai.reden.cc marketing site.

Where data lives and how long we keep it

Conversation data is stored on Cloudflare's globally distributed infrastructure, with primary processing in EU regions. We retain conversation history for as long as the client has an active agreement with Reden AI, plus thirty days afterward for offboarding purposes, after which it is permanently deleted.

Webhook event IDs and rate-limit counters are cached for 24 hours and 60 seconds respectively, then automatically expire.

Aggregate, anonymized usage statistics may be retained indefinitely for service improvement.

Your rights

If you have interacted with one of our agents and want your data accessed, corrected, or deleted, contact us at [email protected] with enough information to identify your conversation (the brand you messaged, your platform handle or order number, and the approximate date). We will respond within 30 days.

Depending on where you live, you may also have rights under the GDPR (European Economic Area), the CCPA (California), or Egypt's Personal Data Protection Law (Law No. 151 of 2020). These include the right to access, correct, delete, restrict processing of, and object to processing of your personal data.

If we are processing your data on behalf of a brand and you want it deleted, you can also contact the brand directly — they have the authority to instruct us to delete it.

Instagram & Meta Platforms

To request deletion of data Reden AI may have processed about your Instagram interactions with a brand we serve, email [email protected] with the subject line "Instagram data deletion" and include your Instagram username. We will confirm receipt within 7 days and complete the deletion within 30 days.

Security

We use industry-standard practices to protect personal data: encrypted transport (HTTPS/TLS) for all API calls, encrypted secrets storage on Cloudflare for credentials, signed webhook verification to prevent forgery, scoped access tokens that are rotated periodically, and least-privilege access controls within our team.

No system is perfectly secure. In the event of a data breach affecting personal data, we will notify affected users and relevant authorities within 72 hours of discovery, as required by applicable law.

Children

Our services are designed for use by adult e-commerce customers. We do not knowingly collect data from anyone under 13 years of age (or under 16 in jurisdictions where that is the legal threshold). If you believe a child has interacted with one of our agents, contact us and we will delete the data promptly.

Changes to this policy

We may update this policy as our practices evolve. Material changes will be announced on this page with an updated "Last updated" date at the top. Continued use of our services after the update constitutes acceptance.

Contact

For any question about this policy, or to exercise any of your rights: