AI Auto Support logoKefuAgent
  • Features
  • Workflow
  • Pricing
  • FAQ
AI Auto Support logoKefuAgent

Make AI SaaS in days, simply and effortlessly

Product
  • Features
  • Pricing
  • FAQ
Resources
  • Changelog
  • Roadmap
Company
  • About
  • Contact
Legal
  • Cookie Policy
  • Privacy Policy
  • Terms of Service
© 2026 KefuAgent. All Rights Reserved.

Privacy Policy

How we handle your account data, your customers' email data, and data flows during AI processing

2026/06/12

Introduction

AI Auto Support (kefuagent.cn) is an AI customer-service product for cross-border ecommerce merchants. We process two distinct categories of data: your account data (the merchant's own registration and usage information) and your customers' email and chat data (the content of the support mailbox and live chat you authorize us to take over). This policy covers both.

By using this service you confirm that you are authorized to let us process the mail in your support mailbox, and that you have fulfilled your own privacy-notice obligations toward your end customers under the laws of your region and target markets (e.g. GDPR, US state privacy laws).

1. Your account data

We collect:

  • Registration information: email, name, login credentials (passwords are stored hashed using industry standards), and linked OAuth accounts (GitHub / Google).
  • Subscription and payment records: plan, payment status, AI credit balance and consumption history. Payments are processed by Stripe / Alipay; we never store your card number.
  • Usage data: feature usage and operation logs (reviews, sends, settings changes) for security auditing and product improvement.

2. Your customers' email and chat data (core terms)

Once you connect a support mailbox or enable live chat, we process the following data belonging to your customers:

  • Raw emails (body, subject, addresses, headers) and chat messages;
  • Support context extracted from them (order numbers, issue categories, knowledge candidates);
  • Order information (status, tracking numbers) fetched on demand after you connect platforms such as Shopify.

How processing works, and its boundaries:

  1. AI processing: email and chat content is sent to third-party large-model APIs (such as DeepSeek, or any OpenAI-compatible provider you configure) for classification, reply drafting, and quality evaluation. We transmit only the text fragments needed for the task, and we never use your customers' data to train our own or any third party's models.
  2. BYOK mode: if you configure your own AI API key, requests go directly to your provider account. Your key is stored encrypted with AES-256-GCM, and our managed AI channel never sees those requests.
  3. Mailbox credentials: your IMAP/SMTP passwords are stored encrypted with AES-256-GCM and decrypted only to sync mail and send replies.
  4. Shadow mode: in shadow testing we only read mail to produce benchmark reports. We never change the state of any message in your mailbox and never send anything to your customers.
  5. Non-support mail: messages classified as not customer service keep only a classification record used to improve detection; the messages themselves stay untouched in your mailbox.

3. Storage and retention

  • Data is stored in a Supabase-hosted PostgreSQL database; all transport is TLS-encrypted.
  • Email and chat data is retained for the duration of your subscription to power continuous learning and context retrieval.
  • You can disconnect a mailbox at any time, which stops synchronization. You can ask us to delete all historical data in a workspace; we complete deletion within 30 days (except payment records we must keep by law).
  • After account deletion, associated workspace data is removed within 30 days.

4. Data sharing

We do not sell your data or your customers' data. Data is shared only with:

  • AI providers, as described in section 2, limited to the text required for processing.
  • Infrastructure providers: database hosting (Supabase), application hosting (Vercel), and your own SMTP server for outbound mail.
  • Payment providers: Stripe / Alipay, limited to what payment processing requires.
  • Legal requirements: when required by law or necessary to protect our legitimate rights.

5. Your rights

You may access, correct, export, or delete your account data and workspace data. If your end customers exercise data rights against you (such as requesting deletion of their email records), contact us and we will assist.

6. Cookies and analytics

We use essential cookies to maintain login sessions. Site analytics run on self-hosted, privacy-friendly tooling that sends no data to third-party ad networks. See the Cookie Policy for details.

7. Changes

Material changes will be announced in-app or by email. Continued use of the service constitutes acceptance of the updated policy.

Contact

For questions about this policy or to exercise your data rights, please contact us.