Privacy Policy - Autoflow

Privacy Policy

How we protect your data and respect your privacy

Last Updated: February 18, 2026

GDPR Compliant Shopify Approved Secure & Encrypted

Quick Summary: This privacy policy explains how Autoflow collects, uses, and protects your data when you use our Shopify email marketing app. We only collect data necessary to provide our service and never sell your information to third parties.

Last Updated: December 2025

What This Is About

Hi! This privacy policy explains how we (Autoflow) handle your information when you use our email marketing app for Shopify.

The Simple Version

  • We only collect data we need to make the app work
  • We never sell your information to anyone
  • You can ask us to delete your data anytime
  • We follow all privacy laws (GDPR, etc.)

What Information Do We Collect?

From Your Shopify Store

When you install our app, Shopify shares some information with us:

Store Details:

  • Your store name and website address
  • Your email address and phone number
  • Basic store information (currency, country code)

Customer Information:

  • Customer names and email addresses
  • Customer phone numbers (when provided)
  • Who has agreed to receive marketing emails

Product Information (Optional):

  • Product names and descriptions
  • Product data may be processed by AI (RAG - Retrieval Augmented Generation) to help generate more relevant email content
  • This is completely optional - the app works fully without accessing product data

Billing Information:

  • Access to Shopify's billing system to manage your app subscription
  • Used only for processing subscription payments and plan changes
  • No access to your customers' payment or financial details

Information You Give Us Directly

App Settings:

  • Your contact email for the app (with confirmation)
  • Custom email templates you create
  • Contact group configurations
  • Email template generation logs (for usage tracking)

Support Communications:

  • We don't currently collect support messages through the app
  • Any support communication happens via external email

How Do We Use This Information?

To Make the App Work

  • Sync your customer contact information
  • Send marketing emails to customers who have consented
  • Create customer contact groups for targeted campaigns
  • Track email campaign performance
  • Optionally generate AI-enhanced email content using your product information (falls back to general templates if no product data)
  • Provide customer support

To Improve Our Service

  • Fix bugs and improve features
  • Understand how people use the app
  • Develop new features you might like
  • Train and improve our AI content generation algorithms

Legal Stuff

  • Follow laws and regulations
  • Prevent fraud and abuse
  • Protect our service and users

How Long Do We Keep Your Data?

While You Use Our App:

  • We keep your data as long as you have an active subscription

After You Cancel:

  • Contact data is soft-deleted immediately (hidden but recoverable for 90 days in case of reinstall)
  • Most data is permanently deleted within 90 days
  • Support communications kept for 2 years for legal reasons
  • Unsubscribe records are kept permanently (required by law to prevent re-adding people)
  • Email campaign logs kept for up to 3 years for legal compliance

If You Want It Gone Sooner:

  • Just email us at privacy@celeris.id and we'll delete it faster

Where Is Your Data Stored?

  • Our main servers are in Europe (Contabo hosting)
  • File storage (like images) uses Amazon S3
  • All data is encrypted and secure
  • We follow industry-standard security practices
  • European hosting means faster service for EU customers and easier GDPR compliance

Who Do We Share Data With?

We DON'T sell your data to anyone. Period.

We DO share data with:

Service Providers (who help us run the app):

  • Email delivery service (to actually send your emails)
  • Server hosting (Contabo in Europe)
  • File storage (Amazon S3 for images and attachments)
  • Payment processing (handled by Shopify)

Legal Requirements:

  • If required by law or court order
  • To prevent fraud or protect our users

Business Changes:

  • If our company is sold, data might transfer to new owners
  • You'd be notified if this happens

Your Rights

You have the right to:

See Your Data:

  • Request a copy of all data we have about you

Fix Your Data:

  • Correct any wrong information
  • Update your preferences

Delete Your Data:

  • Ask us to delete some or all of your information
  • Stop using our service anytime

Control Marketing:

  • Your customers can unsubscribe from emails anytime
  • You can turn off marketing features

How to Exercise These Rights

Email us: privacy@celeris.id

What to include:

  • Your store name (mystore.myshopify.com)
  • What you want (see, fix, or delete data)
  • We'll respond within 30 days

Email Marketing Rules

Since we're an email marketing app, here's how we handle marketing consent:

We Only Email People Who Said Yes:

  • We track two separate types of marketing consent:
  • Shopify Store Consent: Original marketing consent given in your Shopify store
  • Our App Consent: Separate consent status specifically for emails from our app
  • Only customers with active app consent receive emails from our system
  • Every email includes a working unsubscribe link

How Consent Works:

  • New customers: If they have marketing consent in Shopify, they're automatically opted into our app emails
  • Existing customers: We preserve their current app subscription status without changing it
  • Consent separation: Shopify store consent and our app consent are tracked separately
  • Our app unsubscribes: Only affect emails from our app, don't change your Shopify store marketing settings

Customers Can Always Opt Out:

  • Unsubscribe links work immediately and permanently for our app emails
  • Once someone unsubscribes from our app, they won't receive emails even if they remain subscribed to your Shopify store marketing
  • We maintain separate records of both consent types for compliance
  • Customers can update their Shopify store marketing preferences independently

Cookies and Tracking

We use minimal tracking:

Essential Cookies:

  • Keep you logged into the app
  • Remember your preferences
  • Basic security features

Analytics:

  • See how the app is used (anonymized)
  • Find and fix problems
  • No personal information in analytics

Data Security

We take security seriously:

Encryption:

  • All data is encrypted in storage and transit
  • We use industry-standard security

Access Control:

  • Only authorized team members can access data
  • All access is logged and monitored

Regular Security:

  • Security audits and updates
  • Backup systems in place

For International Users

European Union (GDPR):

  • You have extra rights under GDPR
  • We follow all GDPR requirements
  • You can contact our Data Protection Officer

California (CCPA):

  • California residents have additional privacy rights
  • You can opt-out of data sales (though we don't sell data anyway)

Other Countries:

  • We follow local privacy laws where applicable

Kids' Privacy

Our app is not designed for children under 13. We don't knowingly collect information from kids. If you think we accidentally collected a child's information, please contact us immediately.

Changes to This Policy

If We Update This Policy:

  • We'll email you about important changes
  • Changes take effect 30 days after we notify you
  • You can always see the current version here

Questions?

Privacy Questions: privacy@celeris.id
General Support: support@celeris.id

Contact Shopify

Since we're a Shopify app, you can also contact Shopify directly about privacy concerns:

  • Shopify Privacy Team: privacy@shopify.com
  • Shopify's Privacy Policy: https://www.shopify.com/legal/privacy

---

Remember: We're here to help! If you have any questions about your privacy or how we handle data, just email us. We'll explain everything in simple terms.

Questions About Your Privacy?

We're here to help! Contact our privacy team anytime at privacy@celeris.id