Support FabricLast updated: April 14, 2026

Privacy Policy

Effective date: April 14, 2026

1. Introduction

Support Fabric (“we”, “our”, or “us”) operates a SaaS platform that enables businesses to deploy AI-powered chat widgets on their websites and manage customer conversations across multiple messaging channels, including WhatsApp, Instagram Direct, and Facebook Messenger.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights in relation to that data. It applies to all users of our platform—both businesses (our customers) and end users who interact with chat widgets or messaging channels powered by Support Fabric.

By using Support Fabric, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2. Who We Are

Support Fabric is the data controller for personal data collected through our platform. For questions about this policy or your data, please contact us at:

Support Fabric

Email: support@myperfexcrm.com

Website: https://supportfabric.com

3. Data We Collect

We collect the following categories of personal data:

3.1 Account & Registration Data

When a business registers for Support Fabric, we collect email address, full name, and account credentials. This data is used to create and manage your account.

3.2 Conversation & Message Data

Messages sent through chat widgets or Meta messaging channels are processed and stored to enable real-time customer support. This includes:

  • Message content (text)
  • Media attachments (images, videos, documents, audio files)
  • Message timestamps and read status
  • Sender and recipient identifiers
  • Platform origin (website widget, WhatsApp, Instagram, Messenger)
  • Reply context and thread identifiers

3.3 Contact & Identity Data

When end users interact through Meta platforms, we may receive the following data as provided by those platforms:

  • WhatsApp: Phone number, WhatsApp Business Account ID, display name
  • Instagram: Instagram user ID, username, display name, profile picture URL, follower count, account type
  • Facebook Messenger: Page-scoped user ID, sender name, Page ID and Page name

3.4 Technical & Usage Data

We collect technical data to provide and improve our services:

  • IP address
  • Approximate geolocation (city, region, country, latitude, longitude) derived from IP address
  • Browser type and device information
  • Widget interaction events and timestamps
  • Webhook request logs

3.5 Integration Credentials

When businesses connect Meta platform accounts, we securely store OAuth access tokens, app credentials, and business account identifiers required to send and receive messages on their behalf. These credentials are encrypted and are never shared with third parties other than the respective Meta platform APIs.

4. Meta Platform Integrations

Support Fabric integrates with Meta's platforms under their respective developer policies. The following describes each integration:

WhatsApp Business Platform

Support Fabric uses the WhatsApp Business API to enable businesses to send and receive messages through their WhatsApp Business phone numbers.

  • Permissions used: whatsapp_business_messaging, whatsapp_business_management
  • Data received: Phone numbers, message content, media, message status updates
  • Webhook events processed: messages, message_status_updates, account_update
  • How data is used: Displaying incoming messages in the business dashboard, enabling AI-assisted responses, storing conversation history
  • Media handling: Media attachments are downloaded from WhatsApp servers and stored in encrypted AWS S3 storage
  • Webhook security: All incoming webhook payloads are verified using HMAC-SHA256 signature validation

Instagram Graph API

Support Fabric uses the Instagram Graph API to enable businesses to manage Instagram Direct Messages through our platform.

  • Permissions used: instagram_basic, instagram_manage_messages, pages_read_engagement, pages_manage_metadata
  • Data received: Instagram user ID, username, profile photo, message content, media attachments, story reply context
  • Webhook events processed: messages, messaging_seen, messaging_read
  • How data is used: Routing Instagram DMs to the business dashboard, enabling customer support responses, storing conversation history
  • Webhook security: All webhook payloads are verified against integration tokens stored per account

Facebook Messenger Platform

Support Fabric uses the Messenger Platform API to enable businesses to send and receive Facebook Page messages.

  • Permissions used: pages_messaging, pages_read_engagement, pages_manage_metadata, pages_show_list
  • Data received: Page-scoped user ID, sender name, message content, attachments, Page ID
  • Webhook events processed: messages, messaging_postbacks, message_reads, message_deliveries
  • How data is used: Displaying Facebook Page messages in the business dashboard, enabling AI-assisted responses, storing conversation history
  • Webhook security: All incoming payloads are validated using HMAC-SHA256 with the Facebook App Secret

Meta Data Policy Compliance: Support Fabric accesses and uses Meta platform data solely to provide the services described above. We do not sell Meta platform data, use it for advertising, or share it with third parties beyond what is necessary to deliver the service. We comply with Meta's Platform Terms and Developer Policies.

4. Shopify Integration

Support Fabric integrates with the Shopify Admin API to power AI-assisted customer support for Shopify merchants. The following describes what data is accessed and how it is used.

Shopify Admin API

When a Shopify merchant installs Support Fabric, they grant OAuth-authenticated access to their store. We use this access solely to power the support features described below.

  • Products & inventory: Read product listings, prices, stock levels, and collections to answer customer product questions via the AI assistant
  • Orders: Read and create orders and draft orders to allow the AI to place, update, and track orders on behalf of customers during support conversations
  • Customers: Read and create customer records when a new customer completes a purchase through the chat widget
  • Shipping & fulfilment: Read shipping rates and fulfilment status to provide accurate order tracking information to customers
  • Themes: Write access is used solely to enable the Support Fabric App Embed Block in the merchant's active theme — no other theme modifications are made

OAuth tokens: Shopify access tokens are stored encrypted in our database and are never shared with third parties. Tokens are cleared immediately when the app is uninstalled.

Product vectors: Product titles, descriptions, and metadata are indexed in Pinecone (a vector database) to power semantic product search within the chat widget. Raw product data is not stored permanently — only vector embeddings.

Data deletion: When a merchant uninstalls the app, their Shopify access token is revoked immediately. All associated store data is removed within 48 hours in response to Shopify's mandatory shop/redact webhook.

Shopify API Data Policy Compliance: Support Fabric accesses Shopify store data solely to provide the support features described above. We do not sell merchant or customer data, use it for advertising, or share it with third parties beyond what is necessary to deliver the service. We comply with the Shopify API Terms of Service.

5. How We Use Your Data

We use the data we collect for the following purposes:

PurposeLegal BasisData Used
Providing and operating the chat platformContract performanceAccount data, messages, integrations
Routing and displaying messages to business agentsContract performanceMessage content, sender identifiers, platform metadata
AI-assisted customer support responsesLegitimate interest / contractMessage content, conversation history
Storing conversation history for business useLegitimate interestMessages, attachments, contact data
Analytics and conversation insights for businessesLegitimate interestGeolocation (IP-derived), interaction timestamps
Security, fraud prevention, and platform integrityLegitimate interest / legal obligationIP addresses, webhook logs, access logs
Service communications and account notificationsContract performanceEmail address, account data

6. Data Sharing & Disclosure

We do not sell your personal data. We share data only in the following limited circumstances:

Meta Platforms, Inc.

When sending messages through WhatsApp, Instagram, or Messenger on behalf of a business, message data is transmitted to Meta's APIs. This is governed by Meta's own Privacy Policy and Platform Terms.

Amazon Web Services (AWS)

Media attachments (images, videos, documents, audio) are stored in AWS S3. AWS processes data as our infrastructure sub-processor under our data processing agreement.

Supabase

Our primary database and authentication provider. Conversation data, user accounts, and integration configurations are stored in Supabase-hosted PostgreSQL databases with Row Level Security enforced.

Shopify

When merchants connect their Shopify store, order, product, and customer data is accessed via the Shopify Admin API to power support features. This data is governed by Shopify's Privacy Policy.

Pinecone

Product data from connected Shopify stores is converted into vector embeddings and stored in Pinecone for semantic search within the chat widget. Only vector representations are stored — not raw product text. Pinecone acts as an infrastructure sub-processor under our data processing agreement.

AI Processing Services

Message content may be sent to AI language model services for the purpose of generating automated responses. This only occurs when AI assistance is enabled by the business account owner. Data is not used to train third-party models.

Legal & Safety

We may disclose data if required by law, court order, or governmental authority, or if necessary to protect the rights, property, or safety of Support Fabric, our customers, or the public.

7. Data Retention

Conversation data and messages are retained for the duration of the business account's active subscription and for a reasonable period thereafter to allow for data export. Upon account deletion or written request, personal data is removed from our active databases within 30 days, subject to our legal obligations to retain certain records.

Webhook and access logs are retained for security and debugging purposes for up to 90 days. Backup copies may persist for up to an additional 30 days before full deletion.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • All webhook payloads from Meta platforms are verified using HMAC-SHA256 cryptographic signature validation before processing
  • Database access is enforced through Row Level Security (RLS) policies, ensuring each business can only access its own data
  • OAuth 2.0 is used for all Meta platform authentication flows
  • Integration credentials and access tokens are stored encrypted in our database
  • All data in transit is encrypted using TLS 1.2 or higher
  • AWS S3 storage uses server-side encryption for stored attachments
  • Access to production systems is restricted to authorized personnel only

While we take all reasonable steps to protect your information, no method of transmission or storage is 100% secure. We encourage you to contact us immediately at support@myperfexcrm.com if you suspect any unauthorized access to your data.

9. Cookies & Tracking Technologies

Our platform and chat widgets may use cookies and similar technologies for:

  • Session management: Maintaining login sessions for business users
  • Conversation continuity: Associating widget conversations with returning visitors
  • Link tracking: Tracking clicks on links sent within conversations (using conversation ID parameters) to capture geolocation analytics for the business account
  • Performance monitoring: Vercel Speed Insights for measuring frontend performance

End users interacting with a chat widget embedded on a third-party website should also review that website's own privacy policy.

10. Children's Privacy

Support Fabric is intended for use by businesses and is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at support@myperfexcrm.com and we will promptly delete it.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restriction

Request that we limit processing of your data in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, please email support@myperfexcrm.com. We will respond within 30 days. For business account deletion, you may also use the account deletion option within Settings.

12. International Data Transfers

Support Fabric operates globally. Your data may be processed and stored in the United States and other countries where our infrastructure providers (Supabase, AWS) operate. When transferring data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

13. Third-Party Links & Integrations

Our platform may link to or integrate with third-party services (e.g., Shopify for e-commerce businesses). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered business users by email or through an in-app notification. The “Last updated” date at the top of this page will always indicate when the policy was last revised.

Continued use of Support Fabric after changes are posted constitutes your acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

Support Fabric Privacy Team

Email: support@myperfexcrm.com

Website: https://supportfabric.com

We aim to respond to all privacy inquiries within 30 days.