Skip to content
Launching Fri 15 May

Privacy Policy

Last updated: 8 April 2026

1. Who We Are

cellbot is operated by Ampliflow Ltd, a company registered in England and Wales. We provide an AI-powered repair commerce platform for tech repair shops.

Data Controller: Ampliflow Ltd
Contact: hello@cellbot.chat

Ampliflow Ltd does not currently designate a Data Protection Officer, as we do not meet the thresholds requiring mandatory DPO appointment under UK GDPR Article 37. For all privacy-related enquiries, please contact us at the email address above.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Customer data — name, email address, phone number (collected during repair bookings via the chat widget)
  • Device information — device brand, model, and repair type for quoting and booking purposes
  • Repair history — ticket status, timeline events, parts used, and completion dates
  • Payment data — payment amounts and statuses (card details are tokenised by our payment processor and never stored on our servers)
  • Conversation transcripts — messages exchanged with our AI chat assistant during repair enquiries
  • Analytics data — page views, session data, and feature usage (collected only with your consent)
  • Photos/videos — device images uploaded for diagnosis purposes
  • Beta waitlist data — name and email address (collected when you request beta access via our homepage dialog)

3. How We Use Your Data

We use personal data for the following purposes:

  • Repair bookings — to process your repair request, generate quotes, and schedule appointments
  • Communication — to send repair status updates via SMS, WhatsApp, or email. WhatsApp messages are only sent to customers who have opted in to receive WhatsApp communications. You can opt out at any time by replying STOP or by contacting your repair shop directly
  • AI chat — to power our conversational AI assistant that helps you with repair enquiries
  • Analytics — to improve our platform and understand usage patterns (with your consent)
  • Customer portal — to provide secure access to your repair status and history
  • Beta waitlist — to send you a beta passcode and notify you the moment cellbot opens for sign-up

4. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance — processing repair bookings and payments
  • Legitimate interests — platform improvement, fraud prevention, security
  • Consent — analytics cookies, marketing communications
  • Legal obligation — financial records retention, responding to data subject requests

5. Third-Party Services

We use the following categories of third-party processors. Specific processor names are available on request at hello@cellbot.chat.

CategoryPurposeData Shared
Payment processorPayment processingPayment amounts and tokenised card data. Our payment processor is PCI DSS Level 1 certified. Card details never touch our servers.
Authentication providerShop owner authenticationShop owner email, hashed password, session tokens, IP address (for fraud prevention). Account data is deleted when the shop owner deletes their account.
AI providerAI chat assistant and device diagnosticsConversation messages, device/repair context, uploaded device photos (for vision-based damage assessment). Data is sent to the provider's API for processing and is not used to train their models. Photos are processed via the API and are not stored permanently.
Database hosting partnerDatabase and backendAll application data (encrypted at rest)
Analytics partner (EU)Product analytics (with consent)Anonymous usage events, session recordings
Error monitoring partnerError trackingError reports, stack traces (no PII)
Messaging partnerSMS, WhatsApp Business API, and voice messagingPhone numbers, message content, delivery and read receipt statuses. For WhatsApp messages specifically: messages are sent via the WhatsApp Business API through our messaging partner as Business Solution Provider. Message content is encrypted in transit. Our messaging partner processes data in the US and retains message logs for up to 13 months per their data retention policy. You can request deletion of your WhatsApp message history by contacting hello@cellbot.chat.
Email delivery partnerTransactional emailEmail addresses, email content

6. Cookies

We use the following types of cookies:

  • Necessary cookies — authentication session cookies. These are required for the platform to function and cannot be disabled.
  • Analytics cookies — anonymous analytics cookies for understanding site usage. These are only set with your explicit consent via our cookie banner.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

7. Data Retention

  • Active accounts— data is retained for the duration of the shop owner's subscription
  • Deleted accounts — data is deleted within 30 days of account closure or app uninstallation
  • Conversation transcripts (including WhatsApp messages) — retained for 12 months from creation, then automatically purged. Note: our messaging partner may retain WhatsApp message logs for up to 13 months independently per their retention policy
  • Financial records — payment records retained for 7 years as required by UK tax law
  • Beta waitlist data — retained until you request deletion, or up to 90 days after the beta closes

8. Your Rights (GDPR Articles 12-23)

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you
  • Right to rectification — request correction of inaccurate personal data
  • Right to erasure— request deletion of your personal data ("right to be forgotten")
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restrict processing — request limitation of how we use your data
  • Right to object — object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making — our AI provides repair quotes but does not make decisions with legal or significant effects

9. How to Exercise Your Rights

You can exercise your rights by:

  • Emailing us at hello@cellbot.chat
  • If you booked through a Shopify-powered shop, contacting the shop directly — they can submit a data request through Shopify which we process automatically

We will respond to all data subject requests within 30 days, as required by GDPR.

10. International Data Transfers

Some of our third-party processors (for AI, payments, authentication, and messaging) operate in the United States. Data transfers are protected by:

  • EU-US Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the UK Information Commissioner

Analytics data is processed within the EU (Frankfurt, Germany).

11. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Multi-tenant data isolation (each shop's data is logically separated)
  • HMAC-SHA256 webhook signature verification
  • Magic-link authentication for customer portal access
  • Regular security updates and dependency auditing

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered shop owners of material changes via email. The "last updated" date at the top of this page indicates the most recent revision.

13. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

14. AI and Automated Processing

cellbot uses artificial intelligence to provide the following services:

  • AI chat assistant — answers customer repair enquiries, provides quotes from your pricebook, and guides customers through booking. The AI never fabricates prices; all quotes are pulled directly from your configured pricebook.
  • Vision-based damage assessment— customers can upload photos of their device, which are analysed by our AI provider's vision model to identify the device and assess visible damage. Photos are processed via the API and are not stored permanently.
  • cellbot Copilot — a staff-facing assistant that helps shop owners search customers, look up tickets, check pricing, and view business statistics using natural language.

How AI data is handled:

  • Data sent to our AI provider is processed via their API and is subject to their enterprise privacy commitments. API data is not used to train their models.
  • Conversation transcripts are stored in our database for 12 months (see Section 7) to allow shop owners to review interactions. They can be deleted on request.
  • The AI does not make decisions with legal or significant effects on individuals. All repair quotes are advisory and subject to in-person technician confirmation.

15. Shopify Merchant Data

When you install the cellbot app from the Shopify App Store, we collect and process the following merchant data:

  • Store information — your shop name, domain, and Shopify store ID to identify and connect your account
  • Access tokens — OAuth access tokens issued by Shopify, stored securely and used only to create draft orders and manage the widget on your behalf
  • Draft orders — we create draft orders in your Shopify store when customers book repairs through the widget
  • Order confirmation data — Shopify sends us an orders/paid webhook notification when orders are paid. While the webhook payload may include customer details (name, email, shipping address), cellbot only processes the order ID, draft order reference, and payment status to update the corresponding repair ticket. We do not extract, store, or use any customer personal data from this webhook beyond what is necessary to match the payment to a repair ticket.

How we use this data: Merchant data is used solely to operate the cellbot widget within your Shopify store and create draft orders for repair bookings. When a customer completes checkout on Shopify, we receive a payment confirmation webhook to update the repair ticket status.

Data retention:All merchant data is automatically deleted within 30 days of app uninstallation. This is enforced via Shopify's mandatory shop/redact GDPR webhook, which triggers full deletion of your shop record and all associated data.

Customer data via Shopify: When customers interact with the cellbot widget on your store, their data (name, email, phone) is subject to the same protections described in Section 2 above. Shopify merchants can submit customer data requests through Shopify Admin, which cellbot processes automatically via the customers/data_request and customers/redact mandatory GDPR webhooks.

16. Google User Data (Gmail Integration)

cellbot offers an optional integration that lets repair shops connect their Gmail account to sync inbound customer emails into their cellbot inbox and reply to customers directly from the cellbot dashboard. This section describes what Google user data we receive, how we use it, and how we protect it. cellbot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

The Gmail integration is strictly opt-in. We do not access any Google user data unless a shop owner explicitly clicks “Connect Gmail” in the cellbot settings and grants consent on Google's OAuth screen.

OAuth scopes we request:

  • https://www.googleapis.com/auth/userinfo.email— to identify the Google account that was connected and display its address in the settings UI
  • https://www.googleapis.com/auth/gmail.readonly— to read inbound messages so we can match them to existing repair tickets or create new ones
  • https://www.googleapis.com/auth/gmail.send— to send replies that the shop owner composes inside the cellbot dashboard

What data we receive from Gmail:

  • Message metadata— sender address, recipient addresses, subject, date, message ID, and threading headers (In-Reply-To, References) used to group replies into a single ticket conversation
  • Message bodies— the plain-text and HTML body of inbound customer emails, used to extract repair details (device model, reported issue) and display the conversation inside the shop's ticket view
  • Attachments— photos or documents customers attach to repair enquiries, displayed alongside the ticket so the shop owner can review them
  • OAuth tokens— encrypted access and refresh tokens issued by Google, stored securely and used only to call the Gmail API on behalf of the connected account

How we use this data:Google user data is used solely to operate the features the shop owner has explicitly enabled — matching inbound emails to repair tickets, displaying conversations inside cellbot, and sending replies that the shop owner has composed and clicked “Send” on. We do not use Google user data for any other purpose.

How we do NOT use this data — Limited Use compliance: In accordance with the Google API Services User Data Policy Limited Use requirements, cellbot:

  • Does not use Google user data to serve advertising of any kind
  • Does not sell, rent, or trade Google user data to third parties
  • Does notuse Google user data to train, fine-tune, or improve any generalised AI or machine-learning model. Inbound Gmail messages are parsed by deterministic code only — they are never sent to any AI provider for processing
  • Does notallow humans to read Google user data, except (a) with the shop owner's explicit consent for support, (b) for security purposes such as investigating abuse, or (c) where required by law
  • Does not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the cellbot UI, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users

Where the data is stored:Synced Gmail content is stored in our database hosted in the European Union (Frankfurt region). OAuth tokens are encrypted at rest. Access is restricted to the authenticated shop owner and their invited team members under cellbot's tenant-isolation model — no other cellbot customer can access your data.

Data retention:Synced email content becomes part of the customer's repair ticket history inside cellbot and is retained for as long as the shop account remains active, so that shop staff can reference past conversations when handling future repairs from the same customer. You may delete individual emails, tickets, or customer records at any time from inside cellbot, or request bulk erasure of all data under your GDPR rights (see Section 8). When a shop account is closed, all synced Gmail content is permanently deleted within 30 days.

How to revoke access: You can disconnect the Gmail integration at any time from Settings → Email Accountsinside the cellbot dashboard. Disconnecting clears the OAuth tokens immediately and stops all further syncing. You can additionally revoke cellbot's access from your Google account at myaccount.google.com/permissions. To request deletion of historical synced email content from cellbot, contact us at hello@cellbot.chat and we will action the request within 30 days under UK GDPR Article 17.

17. Affiliate Referral Tracking

We use a first-party cookie (cellbot_ref) to track affiliate referrals. This cookie:

  • Is set when you visit our website via an affiliate referral link
  • Lasts for 90 days
  • Is classified as a functional cookie under GDPR legitimate interest (determining whether a commission is owed to a referring affiliate)
  • Is additionally covered by the UK Data (Use and Access) Act 2025 statutory exemption for commission tracking cookies
  • Contains only the affiliate's referral code (no personal data)
  • Is used solely to determine whether a commission is owed to the referring affiliate

Our affiliate programme platform processes affiliate personal data (name, email, and payment details) as a data sub-processor under Ampliflow Ltd's instructions. This data is used exclusively for programme administration, commission calculation, and payout processing.

18. Contact

For any privacy-related questions, contact us at:
hello@cellbot.chat

Related pages