Bespoke SLegal
Privacy Policy
This policy is provided in English, which is the governing language. A French version is available on request at privacy@bespokeseb.ai.
1. Who we are
Bespoke Seb is a software service operated by LG MGMT SRL ("LG MGMT", "we", "us", "our"), a company incorporated in Belgium, VAT BE0790851688, registered office Rue Elise 43. Bespoke Seb provides an embeddable AI sales associate that online merchants add to their store to help shoppers find the right product.
For questions about this policy or your personal data: privacy@bespokeseb.ai.
2. Our two roles (controller vs. processor)
Bespoke Seb handles two kinds of personal data in two different roles under the EU General Data Protection Regulation (GDPR):
- As a data controller — for personal data about our merchant customers and their staff (the people who sign up for and administer a Bespoke Seb account) and visitors to this marketing site. This policy governs that data.
- As a data processor — for personal data contained in shoppers' conversations with the associate on a merchant's storefront. Here the merchant is the controller and decides why and how that data is used; we process it only on the merchant's documented instructions under our customer agreement / data-processing terms. Shoppers should consult the privacy notice of the store they are visiting.
3. Personal data we process
| Category | Examples | Role |
|---|---|---|
| Account & contact | name, work email, brand/store name, role, password (hashed) | Controller |
| Billing | plan, subscription status, billing email; card payments are handled by Stripe — we do not store card numbers | Controller |
| Usage & logs | dashboard activity, audit log, API/usage metering, technical logs and IP address | Controller |
| Shopper conversations | messages a shopper types, the qualification profile inferred for the session, and conversion/analytics events | Processor (on behalf of the merchant) |
| Shopper leads | email and note a shopper voluntarily submits to be contacted (e.g. "talk to a person") | Processor |
We do not sell personal data, and we do not build cross-merchant profiles of shoppers.
4. Why we use it, and our legal bases
- To provide the service (run the associate, the dashboard, ingestion, billing) — performance of a contract (Art. 6(1)(b)).
- To secure, maintain and improve the service, prevent abuse, and keep audit/usage records — our legitimate interests (Art. 6(1)(f)).
- To send service and transactional emails (e.g. set-password and invite links) — contract / legitimate interest.
- To comply with legal, tax and accounting obligations — legal obligation (Art. 6(1)(c)).
- For shopper conversation data, the legal basis is determined by the merchant (the controller).
5. The AI associate
Shoppers are told they are interacting with an AI associate (EU AI Act transparency). The associate can only surface products and facts returned by a live query against the merchant's own catalogue and knowledge — it does not invent products, prices, or policies. Conversation content is sent to our model provider solely to generate the reply and is not used to train AI models.
6. Sub-processors
We use a small number of vetted sub-processors to run the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Anthropic | AI model inference (generating replies) | USA (under appropriate safeguards; no training on API data) |
| Render | Application hosting & database | EU (Frankfurt) — EU data residency |
| Stripe | Subscription payments | EU/USA (PCI-DSS; we store no card data) |
| Email provider | Transactional email delivery | EU/USA |
An up-to-date list is available on request; we maintain appropriate data-processing terms with each.
7. International transfers
Data is hosted in the EU. Where a sub-processor (e.g. Anthropic) processes data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
8. Retention
We keep account and billing data for the life of the account and as required by law (e.g. accounting retention). Conversation sessions expire automatically and stored transcripts are prunable; merchants can request deletion of their tenant data. We retain only what is needed for the purposes above.
9. Security
We protect data with TLS in transit, encrypted storage, role-based access, a tamper-evident audit log, and tenant isolation. See our Security page for detail.
10. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent where processing is based on consent. To exercise these rights for data we control, contact privacy@bespokeseb.ai. For shopper data processed on a merchant's behalf, please contact that merchant (the controller); we will assist them as their processor.
You may also lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels — dataprotectionauthority.be.
11. Cookies & local storage
Our dashboard and operator console use a small number of strictly necessary cookies to keep you signed in and remember your interface language — no advertising or cross-site tracking cookies. The embeddable widget uses your browser's local storage (not cookies) to remember a conversation and a visitor identifier for measuring assisted-vs-unassisted conversion; that storage stays on the merchant's site origin.
12. Children
Bespoke Seb is a business tool and is not directed at children. We do not knowingly collect personal data from children.
13. Changes
We may update this policy as the service evolves; we will revise the "last updated" date and, for material changes, take reasonable steps to inform account holders.
14. Contact
LG MGMT SRL — VAT BE0790851688 — [registered office address] — privacy@bespokeseb.ai.