Help Pilot — Terms of Service
Last updated: 2026-05-28
By installing or using the Help Pilot application (the "Service"), you ("Merchant") agree to these Terms of Service ("Terms"). These Terms govern your access to and use of the Service.
1. The Service
Help Pilot is a Shopify app that adds an AI-powered chat assistant to your storefront. The assistant uses OpenAI's language models and the Shopify Admin API to answer shopper questions about products, orders, and store policies. When the merchant enables voice chat, shoppers may also speak their messages and hear spoken replies; recorded audio is streamed to OpenAI for transcription and synthesis and is not retained on Help Pilot servers.
2. Eligibility and account
You must have an active Shopify store and the authority to bind that store to these Terms. By installing the app, you confirm both.
3. Acceptable use
You agree not to:
- Reverse engineer, scrape, or attempt to bypass the Service's billing or rate limits.
- Use the Service to send unsolicited messages, deceive shoppers, or impersonate a human agent.
- Configure the assistant to give medical, legal, or financial advice, or to violate applicable consumer-protection law.
- Submit data to the Service that you do not have the right to process.
4. Fees and billing
Paid plans are billed through Shopify's managed pricing. Plan features, message quotas, and prices are described on the app's pricing page and in the Shopify App Store listing. Shopify's billing terms apply. Refunds, when offered, are handled through Shopify per their refund policy.
5. Bring Your Own Key (BYOK)
If you provide your own OpenAI API key, you are solely responsible for charges OpenAI assesses against that key. The Service stores such keys encrypted at rest and uses them only to make requests on your behalf. You can remove the key at any time from the Settings page.
6. AI output disclaimer
The assistant's replies are generated by a third-party large language model. Output may contain errors, hallucinated facts, or omissions. You agree that you are responsible for reviewing the assistant's behavior on your storefront and for any decisions shoppers make based on its responses. The Service is provided "as is" without warranty of accuracy or fitness for any particular purpose.
7. Data and privacy
Our Privacy Policy describes what data we collect, how we use it, and the third parties involved. By using the Service you agree to the Privacy Policy.
8. Trust and safety
We design the Service to limit what the assistant can do on the shopper's behalf and to bound the data it handles. Concretely:
- Read-only by design. The assistant cannot place orders, modify carts, apply discounts, change shipping addresses, cancel orders, issue refunds, or change any account or store setting. It can only read product, policy, and (after a shopper-completed verification challenge) order data.
- Order data gating. Order details are only returned to a shopper after the shopper has matched the order email and order number against the merchant's Shopify records. Verification grants 30 minutes of access to that specific order; nothing else.
- Sensitive-data redaction. Shopper messages are scanned for Luhn-validated payment card numbers, CVV/CVC/CV2 codes, and U.S. Social Security Numbers, and those values are masked before any database write. We do not knowingly accept payment information through the chat widget.
- Prompt hardening. The assistant is instructed to refuse attempts to alter its role, reveal its instructions or tool list, impersonate other parties, write code on the shopper's behalf, or output URLs that did not come from a tool call. No system is jailbreak-proof, but we actively defend against common patterns.
- Rate limits and abuse caps. Per-session, per-IP, per-shop, and per-conversation limits prevent both scripted abuse and runaway spend on a single store.
- Encrypted secrets. Merchant-supplied OpenAI keys (BYOK) are encrypted at rest using authenticated AES-GCM derived from a server-side secret. The plaintext key is never logged or returned to the client.
- Voice audio is not retained. When voice chat is enabled by the merchant, the shopper’s recorded audio is forwarded to OpenAI for transcription and the assistant’s reply is forwarded for speech synthesis. Help Pilot does not persist either the recorded audio or the synthesized speech. Browsers gate microphone access behind an explicit user permission prompt; voice chat does not start without the shopper’s consent.
9. Uninstall and data deletion
You may uninstall the Service at any time from your Shopify admin. Upon uninstall, access tokens are revoked immediately and Shopify dispatches the shop/redact webhook 48 hours later; we then delete all data for your shop.
10. Service availability
We aim for high availability but do not guarantee uptime. The Service may be temporarily unavailable for maintenance, upstream OpenAI or Shopify outages, or other operational reasons.
11. Limitation of liability
To the maximum extent permitted by law, in no event shall the Service, its operators, or its suppliers be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the Service. Our aggregate liability for any direct damages will not exceed the fees you paid to us in the twelve (12) months preceding the claim.
12. Termination
We may suspend or terminate access to the Service if you breach these Terms or if your use creates an undue risk to the Service or its other users. On termination, your right to use the Service ends.
13. Changes
We may update these Terms. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after a change constitutes acceptance.
14. Contact
Questions about these Terms: legal@help-pilot.app.