Privacy Policy

AutomailLast updated: May 2026

1. Introduction

Automail (“we”, “our”, “the App”) is a Shopify embedded application that helps e-commerce merchants draft customer support replies. This Privacy Policy explains what data we access, why we access it, and how we protect it.

2. Data we access

When you install and use Automail, we access the following data:

  • Shopify order data — order number, customer name, email address, fulfillment status, financial status, and tracking information. This is retrieved via the Shopify Admin API solely to identify the order related to a customer inquiry.
  • Email content — if you connect a Gmail, Zoho Mail or Microsoft 365 (Outlook) account, we read incoming emails to detect customer support inquiries. Email body, subject, sender address, and thread context are processed to generate draft replies.
  • App settings — your signature name, brand name, tone preferences, language, and refund policy text, as configured in the App settings page.

3. Subscription and usage data

To operate the paid plans (Starter, Pro), we store the following data per shop:

  • Subscription state — read on demand from Shopify's Billing API (active plan name, billing period end). We do not store this; Shopify is the source of truth.
  • Monthly draft counter — an integer per shop per calendar month, incremented each time the AI generates a reply draft. Used to enforce plan quotas. Retained for billing audit purposes.
  • Install date — to compute trial expiry. Stored once when the app is first installed.
  • Scheduled plan changes — when a merchant requests a downgrade, we record the target plan and effective date until the change is applied.

No payment card details ever transit through our servers. All charges are processed by Shopify's Billing API directly between the merchant and Shopify.

4. How we use your data

We use the data described above exclusively to:

  • Identify the Shopify order related to a customer email.
  • Retrieve live parcel tracking status (via the 17track API).
  • Generate a draft customer support reply using OpenAI’s language models.
  • Display the analysis and draft within the App interface for your review.

We do not use your data for advertising, profiling, or any purpose unrelated to the App’s core function.

5. Third-party services

To operate, Automail sends data to the following third parties:

  • OpenAI — email content and order facts are sent to OpenAI’s API to classify intent and generate draft replies. OpenAI’s data handling is governed by their Privacy Policy. Data submitted via the API is not used to train OpenAI models by default.
  • 17track — parcel tracking numbers are sent to the 17track API to retrieve live delivery status. See their Privacy Policy.
  • Google (Gmail API) — if you connect a Gmail account, we use Google’s OAuth 2.0 and Gmail API with read-only scopes. Tokens are encrypted at rest. See Google’s Privacy Policy.
  • Zoho Mail API — if you connect a Zoho Mail account, we use Zoho’s OAuth 2.0 with read-only scopes. Tokens are encrypted at rest. See Zoho’s Privacy Policy.
  • Microsoft Graph (Outlook / Microsoft 365) — if you connect a Microsoft account, we use Microsoft’s OAuth 2.0 and the Microsoft Graph API with mailbox read scopes. Tokens are encrypted at rest. See Microsoft’s Privacy Statement.

6. Data storage and security

  • App data is stored in a PostgreSQL database hosted on Neon (EU region, encrypted at rest).
  • Gmail and Zoho OAuth tokens are encrypted before storage using AES-256-GCM. They are never logged or exposed in API responses.
  • Incoming email bodies are stored temporarily to allow re-analysis and draft refinement. They are associated with your shop and are never shared with other merchants.
  • All data in transit is protected by TLS 1.2 or higher.

7. Data retention

Processed emails and generated drafts are retained as long as your Automail account is active. When you uninstall the App, your session data is deleted immediately via Shopify’s uninstall webhook. You may request deletion of all remaining data by contacting us (see section 10).

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you or your customers. To exercise these rights, please contact us using the information below.

9. Shopify merchant responsibilities

As a Shopify merchant using Automail, you are responsible for ensuring that your customers are informed about how their data is processed in connection with your customer support operations, including the use of AI tools to generate draft replies.

10. Contact

For any questions or data requests related to this Privacy Policy, please contact us at: blmcontactpro1@gmail.com