Privacy Policy

Welcome to techtone.ai (“we,” “us,” or “our”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Forge App Engine™ — our Shopify-native module marketplace (the “Service”).

By accessing or using techtone.ai, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Information You Provide via Shopify

techtone.ai is exclusively available as a Shopify app. When you install and use our app, we receive information from Shopify:

• Shopify Account Information: Your Shopify store name, email address, and store domain
• Store Information: Your Shopify store domain (.myshopify.com)
• OAuth Tokens: Encrypted access tokens to communicate with Shopify's API on your behalf

We do not collect passwords or payment information directly. All authentication is handled through Shopify's secure OAuth system, and billing is processed through Shopify's billing platform.

1.2 Information You Provide Within the App

While using our Service, you may provide:

• Module Configuration: Settings you create for each installed Module (badge text, colours, display logic, position preferences) stored as Shopify Metaobjects.
• Store Profile: Optional store information you provide during setup (store name, brand colour preferences).

1.3 Shopify Store Data

When you grant permissions, we collect and process:

• Store Metadata: Shop domain, currency, plan, and owner details retrieved from Shopify's API during install to personalise your experience.
• Metaobject Data: Module settings created and managed on your behalf as Shopify Metaobjects within your own store.

Note: We do NOT permanently store your theme code. Limited theme metadata may be cached temporarily for module compatibility checks.

1.4 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage Data: Features used, pages visited, time spent on the platform, actions taken
• Device Information: Browser type, operating system, IP address, device identifiers
• Log Data: Server logs, error reports, API requests, and system diagnostics
• Cookies & Tracking: Session cookies, authentication tokens, and preference settings

1.5 Third-Party Analytics & Tracking

We use the following third-party services to analyze and improve our Service:

• Google Analytics: To understand user behavior, traffic sources, and engagement patterns
• Google Tag Manager: To manage tracking codes and performance tags

We may use analytics tools to understand aggregate usage patterns and improve the Service. We do not use advertising pixels to build individual user profiles for third-party advertising.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Improve the Service

• Install, configure, and maintain your Modules within your Shopify store
• Process one-time charges and subscriptions through Shopify's Billing API
• Manage your Module ownership and billing state
• Store and retrieve your module configuration via Shopify Metaobjects
• Provide technical support and respond to inquiries

2.2 Account & Billing Management

• Authenticate your identity through Shopify's OAuth system
• Process subscription charges through Shopify's billing platform
• Send transactional communications related to your subscription
• Provide customer support and respond to inquiries

2.3 Platform Optimization

• Monitor system performance and identify technical issues
• Improve AI model accuracy and response quality
• Develop new features and enhance existing functionality
• Conduct internal research and analytics

2.4 Security & Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and usage policies
• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety

2.5 Marketing & Communications

• Send product updates, newsletters, and promotional materials (with your consent)
• Measure advertising campaign effectiveness
• Personalize your experience on our platform

3. AI Processing & Data Usage

3.1 AI Services (Coming Soon)

AI Tailor™ and The Imagineer™ are upcoming subscription-based AI services. When launched, they will process module configuration requests and generate content using AI models. A supplemental privacy notice will be published before these services launch.

3.2 Current AI Usage

The current Forge App Engine™ platform does not use AI for merchant-facing operations. Module configuration is purely mechanical — settings you enter are stored as Shopify Metaobjects and rendered by Theme App Extensions. No AI processes your store data in the current product.

4. Data Sharing & Disclosure

4.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating the platform:

• Supabase: Database hosting, authentication, and file storage
• Google Cloud Platform: AI processing (Vertex AI), cloud infrastructure, and microservices
• Vercel: Frontend hosting and deployment
• Shopify: To access and modify your store's theme files (with your explicit permission)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Analytics Partners

• Google Analytics & Tag Manager: For usage analytics and performance monitoring

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect against fraud, security threats, or illegal activity
• Protect the rights, property, or safety of techtone.ai, our users, or the public

4.4 Business Transfers

If techtone.ai is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our platform before your data becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Storage & Security

5.1 Data Storage

Your data is stored in:

• Supabase (PostgreSQL): Shop records, module ownership state, billing audit logs, and staff accounts
• Shopify Metaobjects: Module configuration data stored within your own Shopify store
• Google Cloud Storage: Backup and archival data

Data Retention for Module Data: Module configuration data (Metaobjects) lives within your Shopify store and is deleted from Shopify's systems when you uninstall the app via Shopify's GDPR webhook. Our backend records of billing state are retained for legal/accounting purposes for 7 years, then deleted.

5.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Row-Level Security (RLS) policies ensure users can only access their own data
• Authentication: Secure password hashing (bcrypt) and OAuth 2.0 for third-party logins
• API Security: Service role keys, API authentication tokens, and rate limiting
• Regular Audits: Security assessments and vulnerability scanning
• Encrypted Tokens: Shopify OAuth tokens are encrypted before storage

5.3 Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. You may request deletion of your account and associated data at any time. Upon deletion:

• Personal data is deleted within 30 days
• Backup copies are purged within 90 days
• We may retain anonymized analytics data for legitimate business purposes
• Legal or regulatory requirements may require us to retain certain data for longer periods

6. Your Rights & Choices

6.1 Access & Portability

You have the right to:

• Access your personal data stored in our system
• Request a copy of your data in a portable format
• Review your chat history and AI interactions

6.2 Correction & Updates

You can update your information at any time:

• Edit module configuration settings from within the Shopify Admin app
• Update your store profile information
• Manage or delete individual module configurations

6.3 Deletion

You have the right to delete:

• Individual module configurations (from within the app)
• All your data by uninstalling the app from your Shopify store (triggers our GDPR erasure webhook)

To request complete data deletion, uninstall the app from your Shopify admin or contact us at privacy@techtone.ai.

6.4 Opt-Out of Marketing

You can opt out of promotional communications by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at privacy@techtone.ai

Note: You will still receive transactional emails necessary for account management and service operation.

6.5 Cookie Controls

You can manage cookies through your browser settings:

• Block all cookies (may affect site functionality)
• Delete existing cookies
• Set preferences for first-party vs. third-party cookies

To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.

6.6 Do Not Track

Our platform does not currently respond to “Do Not Track” browser signals. However, you can opt out of third-party tracking as described above.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union. These countries may have different data protection laws than your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Service providers certified under the EU-U.S. Data Privacy Framework (where applicable)
• Encryption and security measures meeting international standards

8. Children's Privacy

techtone.ai is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@techtone.ai, and we will delete such information from our systems.

9. Third-Party Links

Our Service may contain links to third-party websites, including Shopify, Google, and other services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email (if you have an account)
• Display a prominent notice on our platform

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt out of the “sale” of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@techtone.ai. We will verify your identity before processing your request.

12. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of whether we process your data and access to your data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on:

• Performance of our contract with you (to provide the Service)
• Your consent (for optional features and marketing)
• Legitimate interests (to improve our Service, prevent fraud, and ensure security)
• Legal obligations (to comply with applicable laws)

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. For urgent security or privacy concerns, please mark your communication as “URGENT.”