AutoPageSign in

Privacy Policy

Effective date: March 23, 2026 · Last updated: March 23, 2026

AutoPage (“we”, “us”, “our”) operates the AutoPage platform at autopage.io. This policy describes what data we collect, how we use it, and your rights regarding that data.

1. Account Information

When you create an AutoPage account, we collect:

  • Email address and password — used for authentication. Passwords are hashed by our authentication provider and are never stored in plaintext.
  • Google account data — if you choose to sign in with Google, we receive your email and display name via Google OAuth.
  • Profile details — name, company name, and use case, optionally collected during onboarding.

2. Shopify Integration

When you connect your Shopify store, we collect:

  • Shop domain — your myshopify.com store address, used to identify your connection.
  • OAuth access token — allows us to read your product catalog. This token is encrypted at rest using AES-256-GCM before storage.
  • Store name, email, and currency — used to display your products within AutoPage.

We request read-only access to your product listings. We do not write to or modify any data in your Shopify store. We do not access or store any Shopify customer data, including customer names, emails, order history, or payment information.

3. Meta (Facebook) Integration

When you connect your Meta account, we collect:

  • OAuth access token — encrypted at rest before storage. Used with read-only permissions (ads_read, read_insights).
  • Ad account details — account ID, name, currency, and status.
  • Campaign performance metrics — impressions, clicks, spend, conversions, and related metrics synced to display analytics alongside your advertorials.

We do not create, modify, or manage ads on your behalf. Access is read-only.

4. Advertorial Content

When you create advertorials, we store:

  • Product information you provide (name, description, price, URL).
  • AI-generated content (headlines, paragraphs, testimonials, and other text blocks).
  • Product images uploaded to our storage or generated by AI services.
  • Editor state and version history for your advertorial.

5. Custom Domains and Visitor Analytics

When you set up a custom domain and enable analytics tracking, we collect data about visitors who view your published advertorials:

  • IP address — used to identify unique visitors. Stored alongside each page view event.
  • User agent — browser and device information from the request.
  • Referrer URL — the page the visitor came from.
  • Visitor ID — a hashed identifier derived from IP address and user agent. Not personally identifiable on its own.

This data is aggregated into daily analytics (visits, unique visitors, page views, conversions). Visitor tracking is only active when you explicitly enable it for a domain.

6. AI Processing

To generate advertorial content and process product images, we send data to third-party AI providers:

  • Anthropic (Claude) — receives product details and user instructions to generate advertorial text and provide editing assistance.
  • Google (Gemini) — receives product images for analysis and generates formatted product images.

Data sent to AI providers is processed under their respective API terms, which typically prohibit using API inputs for model training. We do not send customer data or personally identifiable information to AI providers.

7. Cookies

We use the following cookies:

  • Authentication session — managed by our authentication provider. Secure, httpOnly.
  • CSRF token — protects against cross-site request forgery. 30-day duration.
  • OAuth state — temporary cookies used during Shopify and Meta login flows. Automatically expire after 10 minutes.

We do not use third-party tracking cookies, advertising cookies, or any form of cross-site tracking.

8. Data Storage and Security

  • All data is stored in a PostgreSQL database with row-level security policies ensuring users can only access their own data.
  • OAuth tokens (Shopify and Meta) are encrypted at rest using AES-256-GCM with dedicated encryption keys.
  • Product images are stored in cloud storage with public CDN URLs for display in published advertorials.
  • All communication uses HTTPS/TLS encryption in transit.
  • CSRF protection, Content Security Policy headers, and rate limiting are applied across the application.

9. Data Retention and Deletion

  • Shopify connection — deleted when you disconnect your store from settings, uninstall AutoPage from your Shopify admin, or request deletion.
  • Meta connection — deleted when you disconnect your account from settings or request deletion.
  • Advertorials and images — deleted when you remove the advertorial from your dashboard.
  • Domain analytics — deleted when you remove the custom domain.
  • Account data — fully deleted upon request.

10. Third-Party Services

We use the following third-party services to operate AutoPage:

  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting and SSL provisioning for custom domains.
  • Anthropic — AI content generation (Claude API).
  • Google — AI image processing (Gemini API) and OAuth sign-in.
  • Shopify — e-commerce product catalog integration.
  • Meta — advertising analytics integration.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

11. Your Rights

You may at any time:

  • Disconnect your Shopify or Meta accounts to revoke access and delete stored connection data.
  • Delete your advertorials and associated images.
  • Remove custom domains and their analytics data.
  • Request a copy of the data we store about you.
  • Request complete deletion of your account and all associated data.

12. Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. Continued use of AutoPage after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data requests, or to exercise any of your rights described above, contact us at support@autopage.io.