Privacy Policy

peakbyt is the operator of the e-bot platform. We are based in Bangladesh and the service is governed by Bangladeshi law (see the Terms of Service). You can contact us at contact@peakbyt.com for any privacy question or data request.

We collect only what we need to run the service. Categories:

• Store owner account data — store name, owner identifier, contact email, store description, and the return / exchange policy you choose to publish.
• Product catalog — titles, descriptions, prices, currencies, stock counts, sizes, images, discounts, and offer text. We also generate and store a visual embedding (a numerical vector) from each product image using the DINOv2 model.
• Facebook Page metadata and tokens — Page ID, Page name, and the Page Access Token you provide. Access tokens are encrypted at rest before being stored.
• Messenger conversation data — for each customer, their page-scoped user ID (PSID), conversation thread ID, message text, image attachments, and conversation history needed to give context-aware replies.
• Order data — delivery address, delivery zone, items ordered, quantities, unit price, subtotal, delivery charge, currency, total, and order status.
• Operational logs — OpenAI prompt and completion token counts per store (for cost monitoring), error logs, request timing data.
• Technical data — IP address, browser user agent, device information, and basic analytics events when you use our marketing site or dashboard. We may set cookies for session management and analytics.

• To operate the bot — answer customer queries, run image and text searches, and place orders on your behalf inside Messenger.
• To deliver the dashboard — let you manage stores, products, delivery zones, locations, and orders.
• To monitor usage and cost (OpenAI token usage) so we can bill fairly and detect anomalies.
• To secure the platform — detect abuse, prevent fraud, and respond to incidents.
• To improve the product — aggregate, de-identified usage metrics inform what we build next.
• To comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not train our own machine-learning models on your customers' messages. We do not use customer conversations for advertising.

Running e-bot requires a handful of trusted service providers. Each one only receives the minimum data needed to do its job:

• OpenAI— receives the system prompt, recent conversation history, and tool results to generate replies. OpenAI's API terms prohibit them from training on this data by default.
• Meta Platforms (Facebook, Instagram) — we exchange messages and webhook events with the Messenger Platform on your behalf.
• Database & cache hosts — PostgreSQL with the pgvector extension stores your data; Redis is used as a short-lived cache and Celery task broker.
• Cloud infrastructure — the servers that run the API, the Celery workers, and the static frontend.
• Legal & safety — we may disclose information if compelled by valid legal process or where necessary to protect rights, property, or safety.

• Product context cache in Redis: 5 minutes (TTL 300 seconds).
• Conversation history: retained as long as your store is active so the bot has context for follow-up questions. Deleted on request.
• Order records: retained for as long as legally required for accounting and tax purposes (typically up to seven years under Bangladeshi law).
• Operational logs (token usage, request timing): retained for up to 24 months for billing and capacity planning.
• Account data: retained while your account is active. Deleted within 30 days of account closure, except where retention is required by law.

We apply industry-standard safeguards:

• Facebook Page Access Tokens are encrypted at rest.
• All traffic to our API and dashboard is over HTTPS.
• Database credentials and secrets are stored in environment variables, not source control.
• Webhook signatures from Facebook are verified using your app secret.
• Access to production data is limited to authorized personnel.

No system is perfectly secure. If we discover a breach that materially affects you, we will notify you without undue delay.

Your data may be processed in countries other than the country you live in, including by our third-party providers (notably OpenAI and Meta Platforms, which operate globally). Where data leaves Bangladesh, we rely on standard contractual protections from those providers and reasonable security measures.

Depending on where you live (including under the GDPR in the EU and the CCPA in California), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data.
• Export your data in a portable format.
• Object to or restrict certain types of processing.
• Withdraw consent (where processing is based on consent).
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email contact@peakbyt.com. We will respond within 30 days.

If you are a customer messaging a store that uses e-bot and you want your messages deleted, ask the store owner first — they control your data on their account. We will assist if needed.

e-bot is built for businesses and is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided personal information to us through a store using e-bot, contact us and we will delete it.

Our marketing site and dashboard use cookies and similar technologies to:

• Keep you logged in across sessions.
• Remember your preferences.
• Measure basic site analytics (page views, navigation paths).

You can disable cookies in your browser, but parts of the dashboard may not function correctly without them.

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be announced in-product or by email before they take effect.

peakbyt
Email: contact@peakbyt.com
Bangladesh