Privacy Policy

1. Who we are and who this policy covers

This Privacy Policy explains how skaii handles personal data when people use our website, signup and login pages, dashboard, public demos, embedded widgets, and related tools for creating and managing AI shopping assistants. It also applies to people who interact with skaii-hosted demos or merchant-deployed assistants where skaii processes that interaction.

Skai Technology Sweden AB, company registration number 559536-8522, c/o Simon Skoog, Ruddammsvägen 4, 114 21 Stockholm, Sweden, is responsible for this policy.

2. Information you give us directly

We may collect information such as:

• your email address, display name, and account details;
• login and authentication data, including password hashes and OAuth identifiers;
• store URLs, onboarding responses, prompts, branding, and assistant settings;
• support messages, feedback, and other communications you send us; and
• demo, sharing, and deployment choices you make inside the product.

3. Conversation and assistant interaction data

When you use a skaii assistant, public demo, or embedded widget, we may process conversation content, assistant replies, tool-result context, session identifiers, page or store context needed to answer the request, and related interaction metadata. This helps us run the assistant, keep session continuity, investigate issues, and improve reliability and safety.

4. Product and usage data

We collect operational data needed to run and secure the service. This can include request logs, IP address, browser and device information, session activity, assistant usage, public-demo or share-link activity, dashboard actions, and error or diagnostics data.

5. Discovery, testing, and trace data

If you use skaii's discovery, testing, monitoring, or browser-based tools, we may receive technical browser and page data needed to run those features. Depending on the feature, this may include page snapshots or DOM excerpts, URLs and navigation paths, search queries, product snippets, and portions of request or response data from connected merchant flows, as well as relevant session or cookie data when a feature requires it.

These features should only be enabled on sites you control or are authorized to monitor. They are not intended for special-category or other sensitive personal data unless you have clearly assessed and approved that use.

6. Cookies and browser storage

skaii uses cookies and browser storage to keep the service working and secure. For example, we use a skaii_session cookie to keep an account signed in for up to 30 days, a short-lived skaii_oauth_state cookie during OAuth sign-in for about 10 minutes, and widget browser storage to keep recent messages and session continuity for about 4 hours.

7. How we use information

We use personal data to:

• create and secure accounts and authenticate users;
• provide, maintain, and improve assistants, demos, widgets, and sharing features;
• support discovery, testing, deployment, and monitoring workflows;
• respond to support requests and communicate with you about the service;
• detect misuse, investigate incidents, and improve reliability, safety, and product quality; and
• comply with legal obligations and enforce our terms.

We may also use aggregated or de-identified usage information to understand product performance and improve skaii.

8. Lawful bases

Depending on the situation, we process personal data because it is necessary to provide the service, because it is in our legitimate interests to operate and protect the platform, or because we must comply with the law. Some information is optional, but certain account, authentication, and operational data is required for the service to work.

9. Roles and responsibilities

Skai Technology Sweden AB is the controller for personal data related to our own website, accounts, authentication, support, security, product operations, and skaii-hosted demos.

When a merchant or operator deploys a skaii assistant, widget, or trace tooling on its own site, that merchant or operator is typically responsible for the legal basis, notices, and instructions for shopper-facing interactions and merchant-site data collection. In those situations, skaii may process that data on the merchant or operator's behalf to provide the service, and any separate commercial or data processing terms will govern those roles more specifically.

10. Sharing and disclosure

We may share information with:

• service providers that help us host, operate, secure, support, and monitor skaii;
• authentication providers when you choose to sign in with OAuth;
• AI or model providers that help us generate, evaluate, or support assistant responses;
• merchant systems, integrations, or other parties when you ask the service to connect to them;
• people you choose to share public demos or share links with; and
• courts, regulators, law enforcement, or other third parties when disclosure is reasonably necessary to comply with the law or address fraud, abuse, or security issues.

We do not sell personal data or use it for third-party advertising.

11. International processing

skaii and our service providers may process information in countries other than your own. Where required, we use transfer safeguards that are appropriate for the data and the jurisdictions involved.

12. Retention

We keep information for as long as needed to provide the service, maintain security, resolve disputes, enforce our agreements, and comply with legal obligations. In practice, different categories may be kept for different periods. For example, widget browser storage typically expires after about 4 hours, server-side assistant session memory typically expires after about 24 hours unless reset or reconfigured, share links normally expire after 30 days unless revoked earlier, heartbeat status signals are short-lived and typically expire after about 5 minutes, and trace batches are typically retained for about 24 hours.

13. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to our processing of your personal data, or to ask for a copy of it. You may also be able to withdraw consent where processing depends on consent.

To make a request, contact privacy@skaii.me. If your request relates to a merchant-deployed assistant or merchant-site trace activity, you should usually contact the relevant merchant or operator first because they are typically responsible for that deployment.

14. Security

We use reasonable technical and organizational measures to protect information, but no system is completely secure. You should also use strong passwords, protect your accounts, and avoid sharing sensitive information through public or shared demo surfaces unless it is appropriate for that use.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version here and update the "Last updated" date above.

16. Contact