E-commerce

AI Chatbot and Attachments: Leveraging Photos and Documents Securely

AI Chatbot and Attachments: Leveraging Photos and Documents Securely

July 1, 2026

"I attached the photo but the bot says it doesn't see anything." "Is my PDF secure?" Three exchanges where the upload widget fails or the attachment confidentiality is not explained.

An e-commerce AI chatbot for attachments receives photos and PDFs, validates format and size, confirms receipt, answers questions about file retention, and routes to customer service without exposing sensitive data.

This guide #896 covers intents bot_custatt_*, flow CUSTATTbot CAB-1 to CAB-8 and guardrails CUSTATT-UPLOAD-GATE. Partner bot of the CUSTATT playbook (#895). Use case: secure upload and attachment utilization on the widget side.

Summary

Why does the bot need to manage attachments?

Without reliable upload, the customer resubmits the same proof three times and opens ticket custatt_ #895. CUSTATT-UPLOAD-GATE and RECEIVED-CONFIRM-BOT reduce widget failures and security questions, separate from clarification of blurry message #894.

What the attachment bot resolves

  • Failed upload: 12 MB HEIC rejected without guidance

  • No acknowledgment: customer thinks they sent it, bot remains silent

  • Privacy question: storage retention not explained

  • CS proof: invoice damage to be routed to agent

  • Fewer tickets: decrease in custatt_not_received

DTC retail example

DTC fashion, upload gate + security copy. custatt_bot_upload_success_rate 91%, custatt_bot_deflect +34% in 5 weeks.

CUSTATTbot #896 vs CUSTATT #895, CLARIFY #894, PHOTOPROOF #897 and MESSYMSG #893

Five piece of proof file contents, five distinct roles.

Quick Matrix

Pipeline: customer attaches file → #896 upload gate → confirmation or handoff #895 / #897.

Which bot_custatt_* intents should be configured?

Eight attachment intents mapped CUSTATT-MAP #895.

Eight bot_custatt intents

  • bot_custatt_upload_receive: ingest file widget map

  • bot_custatt_format_validate: JPG PNG PDF accepted map

  • bot_custatt_size_validate: MB limit registry map

  • bot_custatt_received_confirm: acknowledgment of receipt name format size map

  • bot_custatt_security_answer: retention data access map

  • bot_custatt_resend_guide: guide resend alternative channel map

  • bot_custatt_proof_route: route proof customer service handoff map

  • bot_custatt_feed_loop: consume LOG #895 prioritize gate map

Each upload logs file_name format size_bytes upload_status custatt_* tag.

How should CUSTATT-MAP #895 be consumed?

The bot reads CUSTATT-MAP #895 + upload fields: accepted_formats, max_size_mb, retention_days, security_copy, custatt_feed_priority, proof_route_sla.

Attachment Guardrails

  • CUSTATT-UPLOAD-GATE: validate format size before processing content

  • RECEIVED-CONFIRM-BOT: always confirm valid attachment received

  • NO-OCR-SENSITIVE-BOT: do not read full credit card on photo

  • SECURITY-COPY-BOT: security_answer from registry is not improvised

  • FORMAT-GUIDE-BOT: HEIC → JPG clear instructions

  • PROOF-ROUTE-BOT: proof_submitted → handoff CS attachment context

  • CUSTATT-FEED-LOOP-BOT: LOG #895 enriches accepted_formats max_size

  • HANDOFF-CONTEXT-BOT: attachments handoff #155

CUSTATTBOT-SUP Policy in six rules

Six rules for upload manager attachment.

  1. CUSTATT-UPLOAD-GATE: reject or guide before storing invalid file

  2. RECEIVED-CONFIRM-BOT: systematic acknowledgment of receipt if upload OK

  3. SECURITY-COPY-BOT: privacy answers from registry #895

  4. NO-OCR-SENSITIVE-BOT: detect sensitive data and request masked resubmission

  5. PROOF-ROUTE-BOT: proof of damage invoice escalated to after-sales service under proof_route_sla

  6. CUSTATT-FEED-LOOP-BOT: each LOG #895 review gate within 48 hours

Flow CUSTATTbot CAB-1 to CAB-8

Eight-step flow: inbound upload validation confirmation route log handoff.

  1. CAB-1 Ingest: widget file or security question without attachment

  2. CAB-2 Upload gate: format_validate size_validate CUSTATT-UPLOAD-GATE

  3. CAB-3 Classify: custatt_* via CUSTATT-MAP #895

  4. CAB-4 Confirm or guide: received_confirm or resend_guide format_guide

  5. CAB-5 Security: security_answer if security_question

  6. CAB-6 Proof route: proof_route handoff CS if CS proof

  7. CAB-7 Custatt feed: LOG #895 triggers gate adjustment

  8. CAB-8 Log: upload_success_rate deflect file_metadata audit

TPL-CUSTATTbot-RECEIVED Example

"We have successfully received {{nom_fichier}} ({{format}}, {{taille}} MB). Your proof has been forwarded to the team. Response within {{SLA}}."

TPL-CUSTATTbot templates and touchpoints

Four short templates upload embed.

TPL-CUSTATTbot-RECEIVED

[received_copy map.] RECEIVED-CONFIRM-BOT. Name format size.

TPL-CUSTATTbot-FORMAT-GUIDE

[format_guide_copy map.] Formats {{accepted_formats}}. FORMAT-GUIDE-BOT.

TPL-CUSTATTbot-SECURITY

[security_copy map.] Retention {{retention_days}}. SECURITY-COPY-BOT.

TPL-CUSTATTbot-RESEND

[resend_copy map.] Channel {{canal_alt}}. Max size {{max_size_mb}} MB.

Touchpoints

  • Damage photo attached: upload gate + proof_route #897

  • HEIC refused: format_guide conversion JPG

  • "Is my data secure?": security_answer

  • LOG CUSTATT #895: custatt_feed adjusts gate

Edge cases and reroutes

Five cases outside the standard flow.

  • Blurry message without attachment: #894 CLARIFY not uploaded

  • Error screenshot: received_confirm + clarify if needed #894

  • Credit card visible in photo: NO-OCR-SENSITIVE resend masked

  • 20 MB PDF: size_validate + resend email channel #895

  • Ticket custatt_ despite bot: custatt_feed review gate formats

Essential custatt_bot KPIs

Five CUSTATTbot steering metrics and correlation #895.

  • custatt_bot_upload_success_rate: valid attachments received / upload attempts

  • custatt_bot_deflect: bot resolved without customer service ticket

  • custatt_bot_received_confirm_rate: % successful uploads with acknowledgment of receipt

  • custatt_bot_security_answered_rate: privacy questions with security_copy

  • custatt_bot_proof_route_sla: proof_route handoff customer service delay

Target: upload_success close to 90% and deflect increasing after gate is active.

CUSTATTbot anti-patterns

Five common upload bot errors.

  1. Upload without acknowledgment of receipt: REQUIRED-CONFIRM-BOT mandatory

  2. HEIC rejection without guide: FORMAT-GUIDE explicit conversion

  3. Improvised security response: SECURITY-COPY from registry #895

  4. Bank card OCR: Strict NO-OCR-SENSITIVE

  5. Ignoring feed #895: CUSTATT-FEED-LOOP adjusts max_size formats

CUSTATTbot with Qstomy

Qstomy on Shopify: secure upload widget, CUSTATT-MAP sync #895, gate size format, SECURITY-COPY templates, proof_route handoff, KPI custatt_bot dashboard.

Scenario: retail DTC, 14% of conversations with attachments. Gate + received_confirm + security_copy. custatt_bot_upload_success_rate 91%, custatt_ tickets -31% in 5 weeks.

Explore AI support and request a demo.

Checklist, FAQ and going further

CUSTATTbot Checklist (8 steps)

  1. Sync CUSTATT-MAP #895: formats max_size retention security_copy

  2. Policy CUSTATTBOT-SUP: 6 rules UPLOAD-GATE RECEIVED SECURITY

  3. 8 intents bot_custatt_*: flow CAB-1 to CAB-8

  4. 4 templates TPL-CUSTATTbot-*: RECEIVED FORMAT-GUIDE SECURITY RESEND

  5. Upload widget: agent preview + encrypted storage retention

  6. proof_route handoff: context PJ #155 to Customer Service

  7. Red team HEIC 15 MB: format_guide + resend test

  8. Dashboard KPI: custatt_bot_* section 9 + delta custatt_

FAQ

Difference #895?
#895 = agents process PJ tickets. #896 = bot receive, validate, confirm, route.

Does the bot read the content of the photos?
No for sensitive data. NO-OCR-SENSITIVE. Routing proof to human Customer Service.

Difference #894?
#894 = clarify incomplete message. #896 = security upload file management.

Difference #897?
#896 = receive PJ. #897 = damage photo criteria on the agent side.

Going Further

This week: activate CUSTATT-UPLOAD-GATE, templates received_confirm security_copy, proof_route handoff, measure custatt_bot_upload_success_rate.

Enzo

July 1, 2026

Convert over 2,000 customers on average per month with Qstomy.

The world’s 1st Shopify AI dedicated to customer conversion

Empowering 200+ e-commerce merchants

Subscribe to the newsletter and get a personalized e-book!

No-code solution, no technical knowledge required. AI trained on your e-shop and non-intrusive.

*Unsubscribe at any time. We do not send spam.

Subscribe to the newsletter and get a personalized e-book!

No-code solution, no technical knowledge required. AI trained on your e-shop and non-intrusive.

*Unsubscribe at any time. We do not send spam.