Autone

Privacy Policy

Last updated: February 14, 2026

1. Introduction

Autone Solutions ("we", "our", "us") operates the Autone platform at autone-solutions.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our influencer marketing platform and related services, including our Shopify application and integrations with third-party e-commerce platforms.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and billing information necessary to provide our services.

Email Integration Data

When you connect your email account (Google or Microsoft) via OAuth, we receive an access token that allows our platform to send emails on your behalf. We request only the minimum permissions required:

  • Google: gmail.send (send emails only) and userinfo.email (your email address)
  • Microsoft: Mail.Send (send emails only) and User.Read (your profile)

We do not read, access, or store the contents of your inbox. We cannot view your existing emails or contacts. The only emails we access are those sent through our platform on your behalf.

Shopify Store Data

When you connect your Shopify store via our OAuth integration, we access the following data through the Shopify Admin API:

  • Order data: Order IDs, totals, discount codes used, timestamps, and line items — to attribute sales to influencer programs
  • Customer data: Customer names and email addresses — to determine new vs returning customer attribution and deduplicate orders
  • Product data: Product names, prices, and inventory levels — to support program creation and product selection
  • Discount codes: We create and manage discount codes tied to influencer programs
  • Store metadata: Store name, domain, currency, and timezone — for display and configuration purposes

Customer IDs are hashed using one-way SHA-256 cryptographic hashing before storage in our database. These hashes cannot be reversed to retrieve the original customer identifiers. We process the minimum customer data required to provide sales attribution functionality.

Program and Outreach Data

We store program settings, outreach messages, and response data that you create through the platform. This includes email templates, creator communications, and program analytics.

3. How We Use Your Information

  • To provide and maintain our influencer marketing platform
  • To attribute e-commerce sales to influencer programs using discount codes
  • To calculate program ROI, conversion rates, and revenue metrics
  • To send outreach emails to influencers on your behalf via your connected email account
  • To receive and process replies to your outreach messages
  • To provide AI-powered program recommendations and creator matching
  • To create and manage discount codes on your Shopify store
  • To process payments and manage your subscription
  • To send you service-related communications (account updates, billing)
  • To improve our platform and develop new features

We limit our use of personal data to the purposes listed above. We do not use merchant or customer data for advertising, marketing to end customers, or any purpose unrelated to providing our services.

4. Email Sending and Receiving

When you connect your email account and start outreach:

  • Emails are sent from your own email address using your connected account's OAuth credentials
  • Outgoing emails include a Reply-To header that routes influencer replies to our processing system
  • We process incoming replies to classify them (interested, not interested, questions, etc.) and present them in your dashboard
  • All email content is encrypted in transit and at rest

You can disconnect your email account at any time from Settings, which immediately revokes our access to send emails on your behalf.

5. Shopify Integration and Merchant Customer Data

Our Shopify application accesses merchant store data to provide influencer sales attribution. We handle this data with the following safeguards:

  • Minimum data access: We only request the Shopify API scopes necessary for attribution and discount code management
  • Customer data hashing: Customer identifiers are hashed (SHA-256) before storage — we do not store raw Shopify customer IDs
  • Token encryption: Shopify access tokens are encrypted using AES-256-GCM at rest and are never exposed to end users
  • Webhook verification: All incoming Shopify webhooks are verified via HMAC-SHA256 signatures
  • No customer marketing: We never contact, market to, or share data about your Shopify customers with third parties

Data on App Uninstall

When you uninstall our Shopify app or disconnect your store:

  • Your Shopify access token is immediately revoked and deleted
  • Webhook subscriptions are removed from your store
  • Raw order data containing personal information is deleted within 30 days
  • Aggregated, anonymized attribution data (revenue totals, order counts) may be retained for your program reporting history

GDPR Compliance Webhooks

We implement all three mandatory Shopify GDPR compliance webhooks: customer data requests, customer data erasure, and shop data erasure. When we receive a data deletion request, we anonymize or delete all associated personal data within 30 days. For customer data export requests, we respond within 30 days as required by GDPR. Merchants and their customers can exercise their data rights by contacting us or through Shopify's built-in privacy request mechanisms.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All OAuth tokens (email, Shopify) are encrypted using AES-256-GCM before storage
  • All data is transmitted over HTTPS/TLS
  • Database access is restricted via role-based access controls
  • We use Supabase (built on AWS) for database hosting with SOC 2 Type II compliance
  • Application hosting on Vercel with enterprise-grade security and SOC 2 compliance
  • Database backups are encrypted at rest
  • Staff access to personal data is limited and logged

7. Data Sharing

We do not sell, rent, or trade your personal data or your customers' personal data. We share data only with:

  • Service providers: Supabase (database), Vercel (hosting), Stripe (payments), Resend (email delivery), Anthropic and OpenAI (AI processing)
  • When required by law: To comply with legal obligations or valid legal processes
  • With your consent: When you explicitly authorize sharing

All service providers are contractually bound to process data only as instructed and to maintain appropriate security measures. Data transferred internationally is protected by appropriate safeguards including standard contractual clauses where applicable.

8. Data Retention

We retain data only as long as necessary to provide our services:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Program and outreach data: Retained for the duration of your subscription plus 30 days
  • Shopify order data: Raw order data is retained while your store is connected; deleted or anonymized within 30 days of disconnection or uninstall
  • Attribution analytics: Aggregated, non-personally-identifiable analytics may be retained for historical reporting
  • OAuth tokens: Deleted immediately upon disconnection of the respective service

You can request deletion of your data at any time by contacting us at support@autone-solutions.com.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing your personal data
  • Withdraw consent: Where processing is based on consent, withdraw at any time
  • Non-discrimination: Exercise your rights without receiving discriminatory treatment

For Shopify Merchants

You can disconnect your Shopify store at any time from Settings > Integrations, which immediately revokes our API access. You can also request complete deletion of all store data by contacting us.

For Shopify Store Customers

If you are a customer of a Shopify store that uses our platform, your data rights requests should be directed to the store owner (the merchant). We will cooperate with merchants to fulfill all valid data requests. You may also contact us directly at support@autone-solutions.com.

10. Consent and Cookies

We respect customer consent decisions as communicated through Shopify's Customer Privacy API and merchant cookie consent configurations. Our platform does not place tracking cookies on merchant storefronts. We do not engage in cross-site tracking, behavioral advertising, or selling of personal data.

11. Third-Party Services

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data for the purposes described in this policy and do not use it for serving advertisements.

Our Shopify application complies with Shopify's privacy requirements for apps, including protected customer data access policies and mandatory GDPR compliance webhooks.

12. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our services under your subscription agreement
  • Legitimate interests (Art. 6(1)(f)): Platform improvement, security, and fraud prevention
  • Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities
  • Legal obligation (Art. 6(1)(c)): Where processing is required by applicable law

If you wish to lodge a complaint regarding our data processing, you may contact your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where required, notifying you by email.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: