Privacy Policy

Effective 2026-04-30

TouTouBot Privacy Policy

Effective date: 30 April 2026 Last updated: 30 April 2026 Version: 1.1

This Privacy Policy explains how TouTouBot ("TouTouBot", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use the TouTouBot platform.

The "Services" means, collectively: (a) any TouTouBot-powered shop website, including any *.toutoubot.com subdomain or custom domain operated through TouTouBot; (b) the TouTouBot Telegram Mini Apps and the merchant Telegram bots provisioned through TouTouBot; (c) the TouTouBot Shop Admin panel at admin.toutoubot.com; (d) the TouTouBot mobile application(s) distributed through the Apple App Store and Google Play Store, where applicable; and (e) any related APIs, websites, and features that link to this Policy.

If you do not agree with this Policy, do not use the Services.

1. Who we are and our role

TouTouBot is a multi-tenant, white-label e-commerce software-as-a-service platform headquartered in Phnom Penh, Cambodia. It allows independent merchants ("Shop Owners") to run branded online storefronts that include catalogue browsing, ordering, payments, AI-powered virtual try-on, and Telegram-based distribution.

For data-protection purposes, our role depends on how you use the Services:

Platform-level features — your TouTouBot account, TouTou Pro subscription, virtual try-on photo library, AI Credits wallet, and platform-wide login. TouTouBot is the data controller.
Shop-level features — when you place an order, register on a specific Shop Owner's storefront, contact a Shop Owner, or otherwise interact with an individual merchant. The Shop Owner is the independent data controller of that shop's customer information; TouTouBot acts as a data processor on behalf of that Shop Owner. Each Shop Owner is responsible for its own privacy practices, marketing communications, and order fulfilment, including delivery of goods.
Shop Owners themselves — when a Shop Owner signs up, configures a shop, or pays subscription fees to TouTouBot, TouTouBot is the data controller of that Shop Owner's account and billing data.

If you have a question about a specific shop's practices (for example, why a delivery driver was sent to your address), please contact that Shop Owner directly. If you have a question about TouTouBot itself, contact us using the details in Section 16.

2. Summary at a glance

| Question | Short answer | |---|---| | Who runs this? | TouTouBot, based in Phnom Penh, Cambodia. | | What data do you collect? | Account, contact, order, payment-reference, device, photo (for try-on), measurement (height/weight), and usage data. Details in Section 3. | | Do you sell my data? | No. We do not sell personal information. | | Do you use my data to train AI models? | No. Photos you upload for try-on are processed only to generate your try-on image and are not used to train or fine-tune any AI model. Details in Section 7. | | Do you share data with the shop I bought from? | Yes — the order, delivery, and contact information necessary to fulfil your order is shared with that Shop Owner, who is independently responsible for it. | | Can I delete my account? | Yes. Customer accounts delete immediately from the Profile screen. Shop Owner accounts delete with a 7-day recovery window from Settings → Danger Zone. See Section 12. | | Children? | The Services are not intended for children under 13 (or under 16 in jurisdictions where that is the minimum digital-consent age). | | How do I contact you? | See Section 16. |

3. Information we collect

We collect the following categories of information. Not every category applies to every user; what we collect depends on which features you use.

3.1 Information you provide directly

Account information. When you sign in, we collect identifiers needed to create or recognise your account, including: name or display name, Telegram user ID and Telegram username (when you sign in through Telegram), Google account ID, name, email address and profile picture (when you sign in through Google), Apple user identifier and email (when you sign in through Sign in with Apple), or a phone number (when you sign in by phone OTP).
Shop Owner account information. If you sign up to operate a shop, we collect your business name, owner name, owner contact (phone/email), Telegram identity, chosen username, password (stored as a bcrypt hash; we never see your plaintext password), and your shop subdomain.
Shop Owner business credentials. If you connect ABA PayWay, we collect your merchant ID, API key, and secret. These are encrypted at rest using AES-256-GCM and decrypted only at the moment of use to authorise a transaction. If you connect a Telegram bot, we store your bot token encrypted in the same way.
Order and delivery information. When you place an order, we collect your delivery phone number, delivery address, optional GPS coordinates, optional address label (e.g. "Home"), delivery notes, and the items, sizes, colours, and quantities ordered.
Payment information. TouTouBot does not store full credit card or bank account numbers. For online payments via ABA PayWay, your card data is collected and processed by ABA Bank's PayWay gateway under its own privacy policy; we receive only a transaction status and reference. For manual QR / bank transfer payments, you transfer funds outside the Services and we record only a reference code (e.g. TT-XXXX), the declared amount, and the time you tap "I've Paid". For cash on delivery, no payment data is collected by us.
Try-on photos. If you use the Virtual Try-On feature, you may upload up to five photos of yourself to your photo library. These are stored on our infrastructure and used as described in Section 7.
Body measurements. If you use size recommendation or try-on, you may enter your weight and (optionally) your height. These are stored in your account or in your browser's local storage, depending on whether you are signed in.
Reviews and reports. If you submit a product review or report content as inappropriate, we collect what you wrote and the product or shop it relates to.
Communications with us and with shops. If you contact our support (including via Telegram support bot, email, or in-app chat), we keep a record of the message, your contact identifier, attachments you send, and our response. If you message a Shop Owner through that shop's Telegram chat or in-shop chat, the message is stored under the Shop Owner's control as part of that shop's customer-service records.

3.2 Information collected automatically

Device and connection information. IP address, approximate location derived from IP address, device type, operating system, browser type and language, screen size, the page you came from, and the page you go to next.
Usage and analytics events. Pages and products viewed, items added to cart, try-on attempts, search queries within shops, language preferences, sound preferences, and similar interactions inside the Services.
Cookies and similar technologies. Strictly necessary cookies for session and authentication, plus first-party local storage for preferences (e.g. language, recently viewed products, cart contents for guests).
Mobile-app diagnostics. If you use a TouTouBot mobile application, we may collect crash logs and basic performance telemetry. This data is not used for advertising and is not linked to advertising identifiers.

3.3 Information from third parties

Telegram. When you sign in through a Telegram Mini App or the Telegram Login Widget, Telegram shares with us the data you authorise: your Telegram user ID, first name, last name (if set), username (if set), language code, and profile photo URL. We validate this data using Telegram's HMAC-SHA256 signature scheme.
Google. When you sign in with Google, we receive the basic profile fields you authorise (typically your Google account ID, name, primary email address, and profile picture). Our use of information received from Google APIs is subject to Section 8 (Google API Services User Data Policy — Limited Use).
Apple. When you use Sign in with Apple, we receive a unique Apple user identifier and, on first sign-in only, the name and email you choose to share (which may be a private relay address Apple generates to forward email to you).
Payment processors. ABA PayWay returns transaction status and reference data to us via signed webhooks.
Shop Owners. Shop Owners may upload customer information in bulk (e.g. through CSV import) when migrating from a previous platform. They are responsible for having a lawful basis to share that information with us.

We do not purchase personal information from data brokers.

4. How we use information

We use information for the following purposes:

To provide the Services — create and authenticate your account, route you to the correct shop, display the catalogue, process the cart, take you through checkout, generate your virtual try-on image, sync your wishlist and photo library across shops, and deliver Telegram notifications you have signed up for (such as restock alerts, order updates, and live-session notifications).
To complete and support orders — share the necessary order, delivery, and contact information with the Shop Owner so they can prepare and dispatch your order; confirm payments; send transactional Telegram messages; and handle returns, cancellations, and refund discussions between you and the Shop Owner.
To run subscriptions and billing — for TouTou Pro and AI Credit purchases, we record the reference code, plan, status, and renewal/expiry; for Shop Owner subscriptions, we generate monthly invoices, mark overdue accounts, and (if extended overdue) suspend the shop.
To improve and secure the Services — debug errors, prevent fraud, detect abuse, enforce rate limits, watermark try-on output to protect Shop Owners' product imagery, and analyse aggregated usage to plan capacity and roadmap.
Trust and safety — review reports, moderate content, suspend accounts that violate the Terms of Service, and respond to lawful requests from authorities.
Communications — respond to support requests, send service announcements (such as security or planned downtime notices), and — only with your consent where required by law — send marketing messages about TouTouBot. Shop Owners' marketing to their own customers is the Shop Owner's responsibility.
Legal compliance — comply with applicable laws, including Cambodia's Law on E-Commerce and any applicable personal-data-protection rules, and respond to lawful requests.

We do not use your personal information to train AI/ML models. See Section 7.

5. Legal bases for processing (EEA/UK users)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar law, we rely on the following lawful bases:

Performance of a contract — to provide the Services you asked for (including your account, your orders, and try-on requests you initiate).
Legitimate interests — to keep the Services secure, prevent fraud, debug errors, watermark output, and develop and improve the Services in ways that do not override your rights.
Consent — for optional features that require it (such as access to camera, photo library, or precise location on a mobile device, for marketing messages from us where required, and for non-essential cookies). You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation — when we must process information to comply with a law that applies to us.

6. How we share information

We share information only as described below. We do not sell personal information.

With the Shop Owner whose storefront you used. When you place an order, the Shop Owner receives your name, phone number, delivery address, optional GPS coordinates, delivery notes, the items in your order, and any messages you sent through that shop. The Shop Owner needs this information to fulfil the order. Shop Owners are independently responsible for handling that information, including for choosing and supervising their own delivery agents and staff. The order itself is part of the Shop Owner's commercial records and remains with the Shop Owner under their retention rules even after you delete your TouTouBot account (with personal fields anonymised — see Section 12).
With service providers we use to run TouTouBot. This includes: our cloud and infrastructure provider (currently Hostinger), our payment gateway (ABA Bank's PayWay), the Telegram messaging platform (for bots and Mini Apps), and AI inference providers we operate or contract with for try-on and image processing. These providers may only process information on our instructions and for the purposes of providing their services to us.
With Apple and Google, to the extent necessary for the Services to function on their platforms (for example, push notification routing, in-app purchase processing if used, sign-in services, and crash diagnostics).
In aggregated or de-identified form. We may share statistics that cannot reasonably be used to identify you (for example, total orders processed across all shops in a month).
In connection with a corporate transaction. If TouTouBot is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or a notice in the Services) and require the recipient to honour this Policy.
For legal reasons. We may disclose information if we have a good-faith belief that disclosure is necessary to: comply with a law, regulation, court order, or other legal process; protect the safety of any person; protect TouTouBot's rights, property, or operations; or investigate, prevent, or take action regarding suspected fraud or abuse.

7. Virtual try-on, photos, and AI

The Virtual Try-On feature uses generative AI models to produce an image showing how a garment from a Shop Owner's catalogue might look on you. Because this feature touches biometric and likeness-related data, we want to be specific.

Source images. Try-on uses (i) a photo of you that you upload to your photo library and (ii) a flat-lay garment photo provided by the Shop Owner.
Where it runs. Inference may run on hardware operated by us in Cambodia or, if we add capacity, on rented GPU instances provided by a cloud GPU operator under a written processor agreement.
What we do with your photos. Your uploaded photos are stored in your TouTouBot account and used only to (a) display them back to you in your photo library, (b) generate a try-on image when you start a try-on, and (c) keep a record of your try-on history that you can review and delete. Generated try-on images are server-side watermarked before delivery to protect the Shop Owner's design.
What we do NOT do with your photos. We do not sell your photos. We do not publish them. We do not use them to train, fine-tune, evaluate, or otherwise improve any AI model. We do not use facial-recognition technology to identify you or to build a biometric profile of you. We do not share your photos with Shop Owners (the Shop Owner only sees your final order, not your try-on photos).
Your control. You can delete any photo from your library at any time from your Profile screen. Deleting your TouTouBot account deletes the entire library immediately (see Section 12).
AI is imperfect. Try-on output is an artistic visualisation, not a guarantee of fit, colour accuracy, or appearance. Do not rely on it as a substitute for trying the garment in person.

If you do not want to use try-on, you do not have to. The rest of the Services work without it.

8. Google user data — Limited Use disclosure

When you sign in with Google, the Services request only the basic profile scopes needed to create or match your TouTouBot account.

In line with the Google API Services User Data Policy, including the Limited Use requirements:

We use Google user data only to provide and improve the user-facing features of the Services that are visible and prominent in the requesting application.
We do not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
We do not use Google user data to serve advertisements.
We do not allow humans to read Google user data, except: (a) with your explicit consent for specific messages, (b) to comply with applicable law, (c) for security investigations, or (d) where the data has been aggregated and anonymised for internal operations.
We do not use Google user data to train or improve generalised or non-personalised AI/ML models.

9. Apple user data and App Store disclosures

If you access the Services through an iOS application:

Sign in with Apple. We support Sign in with Apple. The unique Apple user identifier and any name/email you choose to share are used only to create or match your TouTouBot account.
App Tracking Transparency. The TouTouBot iOS application does not track you across apps or websites owned by other companies for advertising purposes within the meaning of Apple's App Tracking Transparency framework. If we ever introduce a feature that does, we will request your permission through the system prompt before any such tracking begins.
Permissions. The application may request permission to access your photo library (to upload a try-on photo), your camera (to take a try-on photo), and to send push notifications (for order updates and restock alerts). All such permissions are optional and only requested at the point of use. You can change them at any time in iOS Settings.
Privacy nutrition label. Our App Store listing discloses the categories of data we collect and how they are linked to you, in accordance with App Store Connect requirements.
In-app account deletion. The application includes an in-app control to delete your account, in compliance with App Store Review Guideline 5.1.1(v). See Section 12.
Children. The application is not directed to children under 13. We do not knowingly collect data from children under 13 (or under the equivalent minimum age in your jurisdiction).

10. International transfers

TouTouBot is operated from Cambodia. Our infrastructure is currently hosted in Singapore and Cambodia. Some service providers we rely on (such as Apple, Google, and Telegram) operate globally and may process your information in other countries.

Where required by law, international transfers are made under appropriate safeguards (for example, standard contractual clauses, your explicit consent, or another lawful transfer mechanism).

11. Data retention

We retain personal information only for as long as we need it for the purposes set out in this Policy or as required by law.

| Category | Typical retention | |---|---| | Customer account profile after you delete it | Removed immediately from active systems; encrypted backups overwritten on rotation cycle (typically 30–90 days). | | Customer photo library after you delete it | Image files removed from active storage immediately; backups overwritten on rotation. | | Try-on result images after you delete your account | Soft-deleted on confirmation; image files purged by the next scheduled cleanup task. | | Order records (after Customer account deletion, with personal fields anonymised) | Up to 7 years from the date of the order, in line with Cambodian commercial-records practice, held by the Shop Owner as the controller of those records. | | Customer-shop chat threads after Customer deletion | Retained under the Shop Owner's control as customer-service evidence with the customer's platform identity removed. | | Shop Owner shop after a deletion request | 7-day grace window during which the shop is suspended but data is preserved and recoverable; full irreversible teardown after the grace window. | | Try-on photos (active accounts) | Until you delete them. | | Support correspondence | Up to 3 years. | | Server logs | Typically 30–90 days. | | Encrypted backups | Up to 90 days from the day they were taken. |

If a longer retention period is required by law (for example, tax law) we will keep the information for that period and then delete or anonymise it.

12. Your rights, including account deletion

Subject to your local law, you have the following rights over your personal information:

Access — ask for a copy of the information we hold about you.
Correction — ask us to correct information that is inaccurate or out of date. You can update most of your profile yourself in the Services.
Deletion — delete your account and your personal information. (See below.)
Restriction or objection — ask us to limit or stop certain types of processing.
Portability — ask for a copy of certain information in a structured, machine-readable format.
Withdraw consent — where we rely on your consent, you can withdraw it at any time without affecting earlier processing.
Complain — lodge a complaint with your local data-protection authority. EEA/UK users may contact their national supervisory authority.

How to delete your account

TouTouBot offers two distinct self-service deletion paths, depending on whether you are a Customer or a Shop Owner. Both are available directly inside the Services in compliance with Apple App Store Guideline 5.1.1(v) and Google Play account-deletion requirements.

Customer accounts

Open the Profile tab in any TouTouBot storefront, scroll to the Delete account section, and confirm.

If your account is linked to Telegram, the application will ask you to re-confirm with a fresh Telegram authentication. This proves you still control the Telegram account that owns the profile and protects you from a stolen session being used to delete your account.
If you signed in as a guest (no Telegram link), your existing session is enough.
The action is rate-limited to two attempts per hour to prevent abuse.

When you confirm, we immediately and permanently:

Cancel any active TouTou Pro subscription and stop future auto-renewals. Pro benefits remain in effect until the end of the period you have already paid for.
Delete your TouTouBot platform profile, including your name, body measurements (height, weight), Telegram identifier link, and platform-level user record.
Delete your photo library, including the image files on disk.
Delete your wishlist, AI Credits wallet balance, try-on usage counters, and Pro subscription history.
Soft-delete your try-on result images. The watermarked image files are physically removed by a scheduled cleanup task.
In every shop where you have ordered, erase the personal fields (phone, delivery address, GPS coordinates, delivery notes, customer notes) from your order rows and rename your customer record to [deleted user].
Sign you out. The next request from your device receives an authentication error and the app drops you to a fresh signed-out state.

What is kept, and why:

The order rows themselves (item, size, quantity, price, status, timestamps) remain in the relevant Shop Owner's records for as long as Cambodian commercial-records law requires (typically up to 7 years). The Shop Owner is the independent controller of those records. We anonymise the personal fields so that the order remains usable for tax and bookkeeping but no longer identifies you.
Customer-shop chat threads. If you exchanged messages with a Shop Owner through their Telegram bot or the in-shop chat, those messages are kept as customer-service evidence under the Shop Owner's control, with your platform identity removed. If you want a Shop Owner to delete those messages, contact that Shop Owner directly.
Aggregated, anonymised statistics that cannot be tied back to you (such as "this shop processed N orders in March").
Audit log entries required for security investigations and regulatory compliance.

Customer deletion is immediate and irreversible. We do not offer a recovery window for Customer accounts. If you want to keep your purchase history, photos, or try-on results, save them before tapping Delete.

Shop Owner accounts (closing your shop)

Shop Owners can close their shop from Settings → Danger Zone → Delete shop in the Shop Admin. This option is visible only to the shop's owner; staff and managers cannot see it.

The Services will ask you to type your admin password twice. Both copies must match each other and verify against the password we have on file.
On confirmation your shop's status flips to a deletion-pending state and a 7-day grace window begins.
During the grace window: your storefront stops resolving (visitors see a closed-shop message), new orders are blocked, and any active addon subscriptions (Broadcast, Back-Office, Community) are cancelled. Your shop's data — products, orders, customers, files, bot configuration — is not yet destroyed.
To recover, log back in to the Shop Admin within 7 days. Instead of the dashboard, you will see a recovery screen with a Cancel deletion button. One tap returns your shop to active. (Cancelled addon subscriptions are not automatically reactivated; contact @toutoubot_support to re-enable them.)
After 7 days, an automated process permanently destroys the shop's database schema, files (logos, photos, exports), Telegram webhook registration, and every reference to the shop in our platform tables. This step is irreversible.

We strongly recommend exporting your product catalogue, order data, and customer data from the Shop Admin before initiating closure or, at the latest, during the 7-day grace window.

By email or Telegram support (fallback)

If for any reason you cannot use the in-app controls — for example, you have lost access to the Telegram account or admin credentials needed to confirm — write to us at the address in Section 16 from the email associated with your account, with the subject line "Delete my account". We will verify your identity and process the request within 30 days.

After deletion

Deleting your TouTouBot account does not automatically remove information that a Shop Owner has independently retained about you outside the Services (for example, an exported invoice in their accounting software, or a Telegram conversation you had with them privately). To exercise your rights against a Shop Owner, contact that Shop Owner directly. We will help you identify the right contact if you ask.

To exercise any other right listed at the top of this Section, contact us using the details in Section 16. We may need to verify your identity before responding. We will respond within 30 days, or sooner if your local law requires it.

13. Security

We take reasonable technical and organisational measures to protect personal information, including:

TLS encryption in transit for all client–server traffic.
AES-256-GCM encryption at rest for sensitive credentials such as Shop Owner payment-gateway keys and Telegram bot tokens.
bcrypt hashing of Shop Owner and staff passwords. We never store plaintext passwords.
Schema-per-tenant database isolation, so one shop's data is logically separated from another's.
JWT-based session tokens with type claims that prevent privilege escalation.
Rate limiting and abuse detection on authentication and high-cost endpoints, including a 2-attempts-per-hour cap on account-deletion requests and a fresh Telegram HMAC re-attestation requirement for Telegram-linked accounts.
Owner-only role gate, double-password confirmation, and a 7-day recoverable grace window before any shop deletion takes irreversible effect.
Schema-name allowlist validation and slug filtering before any database DROP or filesystem cleanup, to prevent cross-tenant escapes during deletion.
Server-side watermarking of try-on images so that unwatermarked output is never delivered to a client.
Periodic, scoped security testing of our public domains.

No security measure is perfect. If we become aware of a security incident affecting your personal information, we will notify you and, where required, the relevant authority, in line with applicable law.

14. Children

The Services are not directed to children under the age of 13 (or under 16 in jurisdictions where 16 is the minimum age of digital consent, including parts of the EEA). We do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information without parental consent, please contact us so we can delete it.

15. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this Policy.
Post a notice in the Services and, where reasonable, send a message to your account.
Where required by law, ask for your renewed consent.

If you continue using the Services after the change takes effect, you accept the updated Policy.

16. Contact us

For privacy questions, requests, or complaints:

TouTouBot — Privacy Phnom Penh, Cambodia Email: privacy@toutoubot.com Telegram: @toutoubot_support

For general support: support@toutoubot.com.

If you are an Apple App Store or Google Play user submitting a regulatory or platform-policy request, please mention which platform you are writing from so we can route your request quickly.