Skip to content

Trust & Safety

Last updated: July 4, 2026Version v1.0

WallaB.AI puts an AI concierge in front of your customers at a sensitive moment — when they are thinking about cancelling. We take that responsibility seriously. This page describes the safety controls the platform actually runs. We have written it to be honest: it describes what the system does today, not aspirations, and it does not claim certifications, audits, or partnerships we do not have.

1Server-Enforced AI Guardrails

The AI proposes; the server decides. WallaB can suggest a retention offer — a skip, pause, plan swap, or discount — but every proposed action is validated against the merchant’s configured settings on our server before it is ever applied. The model is never trusted to enforce its own limits.

  • Merchants configure the guardrails: maximum discount, which offer types are allowed, allowed pause and swap options, and tone.
  • Any offer the AI proposes that falls outside those guardrails is rejected by the server, not applied.
  • This means an offer a customer receives is always one the merchant authorized by configuration — the AI cannot invent a bigger discount than the merchant permits.

2Moderation on Every Concierge Turn

Every concierge conversation is screened in both directions. Inbound customer messages are screened before the AI is asked to respond, and WallaB’s own reply is screened before it is shown to the customer or stored — the model’s text never reaches a shopper unscreened.

  • The moderation filter is deterministic and runs with no external network calls, so it works everywhere, always — it does not depend on any third-party AI service being reachable.
  • It screens across all of the platform's shipped languages (English, Spanish, French, German, and Brazilian Portuguese), because a customer can type in any language regardless of the portal's configured locale.
  • It is tuned to avoid flagging ordinary business and shipping vocabulary, so genuine complaints still reach the concierge, while abusive or inappropriate content is caught.
  • When a customer message is flagged, WallaB responds with a calm, respectful de-escalation that keeps both doors open — more help, or a plain cancel — and never lectures or retaliates. When WallaB's own draft is flagged, it is replaced with a safe, neutral reply. Flagged events are recorded for the merchant's review.

The plain cancellation path always remains available, so no customer is ever trapped in a conversation.

3A Full, Reviewable Audit Trail

Everything the concierge does is logged. Merchants can review, for every conversation, what happened and why:

  • The full conversation transcript.
  • Each AI decision, including the offer proposed, the outcome, and audit metadata such as the model used and a summary of the reasoning.
  • The activity is visible in the merchant dashboard — there is no hidden concierge behavior.

This audit trail is also the merchant’s evidence of what was offered and accepted, and it survives customer redaction in anonymized form so the merchant keeps lawful analytics without retaining a redacted customer’s identity.

4No Dark Patterns

Retention should be earned with a better offer, not trapped with a worse experience. By design and as a matter of policy:

  • A plain, always-visible cancellation path stays present throughout the concierge flow — cancelling never requires talking to the AI.
  • We do not use countdown timers, pre-checked add-ons, guilt or shaming copy, or other manipulative patterns, and our Acceptable Use Policy forbids merchants from configuring them.
  • The concierge leads with listening and a genuinely helpful offer within the merchant's limits — or an easy goodbye.

Our Acceptable Use Policy makes defeating the plain cancel path, or configuring dark patterns, a violation.

5Data Security

Security is built into how the Service handles data. Highlights (the full picture is in the Privacy Policy):

  • We never see, store, or log payment card data — all payments are processed by Shopify Checkout and the merchant's payment gateway.
  • Shopify access tokens are encrypted at rest at the application layer (AES-GCM) on top of the database's own at-rest encryption.
  • Connections are encrypted in transit (TLS); merchant passwords and one-time login codes are stored only as hashes.
  • Every database query is scoped to a single tenant, so one shop's data is isolated from another's; access is role-based and audit-logged.

6Privacy & Data-Subject Requests

The merchant is the controller of their customers’ data and we are the processor. We honor Shopify’s mandatory privacy webhooks — customer data request, customer redact, and shop redact — as real, data-touching operations, not stubs, and we give merchants self-serve tools so a customer’s access or erasure request can be fulfilled. Redaction removes a customer’s identifying data while allowing lawful anonymized analytics to remain. Full detail, including retention windows, is in the Privacy Policy.

7Incident Response

We maintain a written security incident response process. If we confirm a security incident affecting merchant or customer data:

  • We assess and contain it, and rotate any potentially exposed credentials, as a priority.
  • We preserve evidence and remediate the root cause with a regression test before closing it out.
  • We aim to notify affected merchants within 72 hours of confirming the incident — sooner where the law requires — with a plain-language explanation of what happened, what data was involved, what we did, and what they should do; and we notify Shopify and any regulators where applicable.

The 72-hour notification target reflects the GDPR breach-notification standard, which we treat as our default bar.

8Reporting a Concern

If you believe you have found a security vulnerability, or want to report abuse or a safety concern, email support@wallab.ai with the subject line [SECURITY]. We acknowledge reports within two business days. Please do not test against live tenants or other merchants’ data.

These documents were prepared for and on behalf of WallaB.ai. They describe the WallaB.AI service and the terms on which it is offered; they are not legal advice to you. Your subscription program, your store, and your customer communications carry their own legal obligations — you should seek independent legal counsel about your own compliance before relying on these terms.