Privacy Policy

Welcome to techtone.ai (“we,” “us,” or “our”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Shopify theme customization platform (the “Service”).

By accessing or using techtone.ai, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Information You Provide via Shopify

techtone.ai is exclusively available as a Shopify app. When you install and use our app, we receive information from Shopify:

• Shopify Account Information: Your Shopify store name, email address, and store domain
• Store Information: Your Shopify store domain (.myshopify.com)
• OAuth Tokens: Encrypted access tokens to communicate with Shopify's API on your behalf

We do not collect passwords or payment information directly. All authentication is handled through Shopify's secure OAuth system, and billing is processed through Shopify's billing platform.

1.2 Information You Provide Within the App

While using our Service, you may provide:

• Company Profile: Company name, website URL, industry, brand colors, and brand assets (logos, images)
• Brand Information: Audience personas, custom rules for AI generation, brand messaging preferences
• Chat & Conversation Data: Your interactions with our AI assistant, including messages, requests, and feedback

1.3 Shopify Store Data

When you grant permissions, we collect and process:

• Theme Files: Liquid template files, CSS, JavaScript, and configuration files from your active Shopify theme
• Theme Metadata: Theme name, version, file structure, and modification history

1.4 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage Data: Features used, pages visited, time spent on the platform, actions taken
• Device Information: Browser type, operating system, IP address, device identifiers
• Log Data: Server logs, error reports, API requests, and system diagnostics
• Cookies & Tracking: Session cookies, authentication tokens, and preference settings

1.5 Third-Party Analytics & Tracking

We use the following third-party services to analyze and improve our Service:

• Google Analytics: To understand user behavior, traffic sources, and engagement patterns
• Google Tag Manager: To manage tracking codes and marketing tags
• Facebook Pixel: To measure advertising effectiveness and build targeted audiences

These services may collect information including your IP address, browser type, pages visited, and interactions with our platform. You can opt out of these tracking technologies through your browser settings or by using opt-out tools provided by these services.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Improve the Service

• Process your theme customization requests using AI
• Generate brand-specific content and code modifications
• Store and retrieve your brand assets, colors, and preferences
• Analyze your Shopify theme files to provide intelligent recommendations
• Create embeddings and semantic indexes of your theme code for better AI responses
• Maintain conversation history and context for ongoing AI interactions

2.2 Account & Billing Management

• Authenticate your identity through Shopify's OAuth system
• Process subscription charges through Shopify's billing platform
• Send transactional communications related to your subscription
• Provide customer support and respond to inquiries

2.3 Platform Optimization

• Monitor system performance and identify technical issues
• Improve AI model accuracy and response quality
• Develop new features and enhance existing functionality
• Conduct internal research and analytics

2.4 Security & Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and usage policies
• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety

2.5 Marketing & Communications

• Send product updates, newsletters, and promotional materials (with your consent)
• Measure advertising campaign effectiveness
• Personalize your experience on our platform

3. AI Processing & Data Usage

3.1 Google Vertex AI

We use Google's Vertex AI (Gemini models) to power our AI assistant. Your data sent to Vertex AI includes:

• Your chat messages and requests
• Relevant portions of your Shopify theme code
• Brand information needed to generate contextual responses

Google processes this data according to their own privacy policies. We do not use your data to train public AI models, and Google does not use your data for their own purposes outside of providing the service to us.

3.2 Embeddings & Semantic Search

We create vector embeddings of your theme files to enable intelligent code search and retrieval. These embeddings are mathematical representations stored securely in our database and are only used to improve AI response accuracy for your specific account.

3.3 Data Retention for AI

Conversation history and AI-generated responses are stored to provide context for future interactions. You can delete individual conversations or your entire account at any time, which will remove associated AI processing data.

4. Data Sharing & Disclosure

4.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating the platform:

• Supabase: Database hosting, authentication, and file storage
• Google Cloud Platform: AI processing (Vertex AI), cloud infrastructure, and microservices
• Vercel: Frontend hosting and deployment
• Shopify: To access and modify your store's theme files (with your explicit permission)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Analytics & Marketing Partners

• Google Analytics & Tag Manager: For usage analytics and performance monitoring
• Facebook: For advertising measurement and retargeting (via Facebook Pixel)

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect against fraud, security threats, or illegal activity
• Protect the rights, property, or safety of techtone.ai, our users, or the public

4.4 Business Transfers

If techtone.ai is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our platform before your data becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Storage & Security

5.1 Data Storage

Your data is stored in:

• Supabase (PostgreSQL): User profiles, company data, chat history, theme metadata, and embeddings
• Supabase Storage: Brand assets (logos, images) in encrypted buckets
• Google Cloud Storage: Backup and archival data

5.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Row-Level Security (RLS) policies ensure users can only access their own data
• Authentication: Secure password hashing (bcrypt) and OAuth 2.0 for third-party logins
• API Security: Service role keys, API authentication tokens, and rate limiting
• Regular Audits: Security assessments and vulnerability scanning
• Encrypted Tokens: Shopify OAuth tokens are encrypted before storage

5.3 Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. You may request deletion of your account and associated data at any time. Upon deletion:

• Personal data is deleted within 30 days
• Backup copies are purged within 90 days
• We may retain anonymized analytics data for legitimate business purposes
• Legal or regulatory requirements may require us to retain certain data for longer periods

6. Your Rights & Choices

6.1 Access & Portability

You have the right to:

• Access your personal data stored in our system
• Request a copy of your data in a portable format
• Review your chat history and AI interactions

6.2 Correction & Updates

You can update your information at any time through your dashboard:

• Edit your profile and company information
• Update brand colors, personas, and custom rules
• Manage brand assets and delete uploaded files

6.3 Deletion

You have the right to delete:

• Individual chat conversations
• Specific brand assets
• Your entire data by uninstalling the app from your Shopify store

To request complete data deletion, uninstall the app from your Shopify admin or contact us at privacy@techtone.ai.

6.4 Opt-Out of Marketing

You can opt out of promotional communications by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at privacy@techtone.ai

Note: You will still receive transactional emails necessary for account management and service operation.

6.5 Cookie Controls

You can manage cookies through your browser settings:

• Block all cookies (may affect site functionality)
• Delete existing cookies
• Set preferences for first-party vs. third-party cookies

To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.

6.6 Do Not Track

Our platform does not currently respond to “Do Not Track” browser signals. However, you can opt out of third-party tracking as described above.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union. These countries may have different data protection laws than your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Service providers certified under the EU-U.S. Data Privacy Framework (where applicable)
• Encryption and security measures meeting international standards

8. Children's Privacy

techtone.ai is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@techtone.ai, and we will delete such information from our systems.

9. Third-Party Links

Our Service may contain links to third-party websites, including Shopify, Google, and other services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email (if you have an account)
• Display a prominent notice on our platform

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt out of the “sale” of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@techtone.ai. We will verify your identity before processing your request.

12. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of whether we process your data and access to your data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on:

• Performance of our contract with you (to provide the Service)
• Your consent (for optional features and marketing)
• Legitimate interests (to improve our Service, prevent fraud, and ensure security)
• Legal obligations (to comply with applicable laws)

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. For urgent security or privacy concerns, please mark your communication as “URGENT.”