Privacy Policy — Tone Shopping Assistant

Last updated: 02/17/2026

1. Introduction

Episodic Corp. ("Episodic", "we", "our", or "us") operates the Tone Shopping Assistant, a Shopify application that adds a voice-powered AI shopping assistant to online stores (the "App"). This Privacy Policy explains how we collect, use, and protect information when merchants install and use the App, and when their customers interact with the voice assistant on their storefronts.

2. Information We Collect

Merchant Data (collected when you install and use the App):

  • Shopify store domain, store name, and store email (provided via Shopify OAuth)
  • Shopify plan information
  • Product catalog data (titles, descriptions, prices, images, variants, tags) synced from your Shopify store

Agent Configuration Data (set by the merchant):

  • Agent name, greeting message, and voice settings
  • Custom product notes and selling points
  • Knowledge base content (URLs and PDFs uploaded by the merchant)
  • Speech recognition key terms

Visitor Interaction Data (collected when storefront customers use the assistant):

  • Voice conversation transcripts and audio data
  • Text messages sent to the assistant
  • Cart actions taken during a conversation (products viewed, added to cart, removed)
  • Session metadata (duration, timestamps)

We do not collect visitor email addresses, names, payment information, or any personally identifiable information from storefront customers unless voluntarily shared during a conversation.

3. How We Use Information

We use the collected information to:

  • Provide the voice shopping assistant on your storefront
  • Sync and display your product catalog within conversations
  • Process knowledge base content to give the assistant context about your brand
  • Track conversation history for your review in the merchant dashboard
  • Maintain and improve the App

We do not use conversation data or merchant data to train our own or any third-party AI models, except as may be explicitly and separately agreed upon in writing.

4. How We Share Information

We do not sell any data. We share information only with the following service providers necessary to operate the App:

  • Cloud Hosting: Google Cloud Platform
  • AI Language Models: OpenAI (for conversation processing)
  • Speech-to-Text: Deepgram (for voice recognition)
  • Text-to-Speech: Google (for agent voice)
  • Content Processing: Google Gemini (for knowledge base extraction)
  • Database: Supabase
  • Real-time Communication: LiveKit (for voice sessions)

These providers process data solely to deliver their services and are bound by their own privacy policies and data processing agreements.

We may also disclose information if required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

5. Shopify Permissions

The App requests the following Shopify access scopes:

  • read_products: to sync your product catalog for the assistant
  • unauthenticated_read_product_listings: to display product information on the storefront widget

We request only the minimum permissions necessary for the App to function.

6. Data Retention

  • Merchant data and agent configuration are retained for as long as the App is installed.
  • Conversation data is retained for as long as the merchant's account is active to allow review in the dashboard.
  • Knowledge base content is retained until deleted by the merchant or the App is uninstalled.

7. Data Deletion

When a merchant uninstalls the App:

  • We receive a webhook notification from Shopify and mark the store as inactive.
  • Upon receiving a shop/redact compliance webhook from Shopify, we permanently delete all associated data including products, agent configuration, knowledge base content, and conversation history.

Merchants can also delete individual knowledge base items at any time from the dashboard.

8. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information. All data is transmitted over TLS/SSL encrypted connections. Access tokens from Shopify are stored securely and used only to sync product data.

9. International Data Transfers

Data is processed and stored on servers located in the United States (Google Cloud Platform, us-central1 region). If you are located outside the United States, your data will be transferred there for processing.

10. Your Rights

Merchants can:

  • View, edit, or delete their agent configuration and knowledge base at any time
  • Toggle which products the assistant has access to
  • Request a full data export or deletion by contacting us at hello@trytone.io

If a storefront visitor's personal information was captured during a conversation, the merchant (as the data controller) is responsible for handling any data subject requests. We will assist merchants in fulfilling such requests.

11. Children's Privacy

The App is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Episodic Corp.

221 W 9TH ST, WILMINGTON, DELAWARE 19801

Email:hello@trytone.io