Melissa AI
Book a Demo
Legal

Privacy Policy

Last updated: May 12, 2026

At Melissa AI we treat your shop's customer data and your team's workflow data as a trust. This policy explains in plain language what we collect, why, who we share it with, and the rights you have over it.

1. Scope

This policy covers how Melissa AI (\"we\", \"us\") collects, uses, and discloses information when you visit our marketing website, sign up as a customer, or interact with our products on behalf of a flower shop.

2. Information we collect

  • Contact information. Name, email, phone, shop name, and role when you submit a demo request or sign up.
  • Operational data. Customer conversations, order details, delivery addresses, and other workflow data your shop processes through Melissa.
  • Usage data. How your team interacts with the dashboard — page views, actions, response times — to improve the product.
  • Technical data. IP address, browser type, device info, cookies, and standard server logs.

3. How we use information

  • To operate the Melissa product and provide the services you contracted for.
  • To support your team and respond to operational questions.
  • To improve our product — never by training models on your customer data for the benefit of other shops.
  • To send service-related communications (billing, security, product updates).
  • To comply with legal obligations.

4. How we share information

We do not sell your data. We share data with sub-processors strictly necessary for product operation — cloud hosting (AWS), email delivery, payment processing, and analytics. Each sub-processor is bound by a data-processing agreement. A current list is available on request.

5. AI processing

Customer conversations are processed by large-language-model providers under zero-retention agreements. Inputs and outputs are not used to train provider-side models. We log conversations on our infrastructure so your team can audit them; logs are retained for as long as your contract is active plus a short post-termination window.

6. Data location & retention

Customer data is stored in the United States on infrastructure we operate. We retain data for the lifetime of your contract and up to 90 days after termination, after which it is permanently deleted unless legal hold requires otherwise.

7. Your rights

You may request access, correction, deletion, or export of your data at any time by emailing privacy@melissasolution.com. For residents of California, the EU, and other jurisdictions with specific privacy statutes, additional rights apply — contact us for details.

8. Security

We encrypt data at rest and in transit, scope access via least-privilege IAM, require MFA for all admin actions, and run regular access reviews. Incident response procedures are in place; we will notify affected customers within 72 hours of a confirmed breach.

9. Children

Melissa is not intended for users under 16. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

We may update this policy. Material changes will be notified to active customers by email and posted at the top of this page.

11. Contact

Questions or requests? Reach us at privacy@melissasolution.com.