Privacy Policy — Tone Shopping Assistant

Last updated: 03/29/2026

1. Introduction

Episodic Corp. ("Episodic", "we", "our", or "us") operates the Tone Shopping Assistant, a Shopify application that adds a voice-powered AI shopping assistant to online stores (the "App"). This Privacy Policy explains how we collect, use, and protect information when merchants install and use the App, and when their customers interact with the voice assistant on their storefronts.

2. Information We Collect

Merchant Data (collected when you install and use the App):

  • Shopify store domain, store name, and store email (provided via Shopify OAuth)
  • Shopify plan information
  • Product catalog data (titles, descriptions, prices, images, variants, tags) synced from your Shopify store

Agent Configuration Data (set by the merchant):

  • Agent name, greeting message, and voice settings
  • Custom product notes and selling points
  • Knowledge base content (URLs and PDFs uploaded by the merchant)
  • Speech recognition key terms

Visitor Interaction Data (collected when storefront customers use the assistant):

  • Voice conversation transcripts and audio data
  • Text messages sent to the assistant
  • Cart actions taken during a conversation (products viewed, added to cart, removed)
  • Session metadata (duration, timestamps)

We do not collect visitor email addresses, names, payment information, or any personally identifiable information from storefront customers unless voluntarily shared during a conversation.

3. How We Use Information

We use the collected information to:

  • Provide the voice shopping assistant on your storefront
  • Sync and display your product catalog within conversations
  • Process knowledge base content to give the assistant context about your brand
  • Track conversation history for your review in the merchant dashboard
  • Maintain and improve the App

We do not use conversation data or merchant data to train our own or any third-party AI models, except as may be explicitly and separately agreed upon in writing.

4. How We Share Information

We do not sell any data. We share information only with the following service providers necessary to operate the App:

  • Cloud Hosting: Google Cloud Platform
  • AI Language Models: OpenAI (for conversation processing)
  • Speech-to-Text: Deepgram (for voice recognition)
  • Text-to-Speech: Google (for agent voice)
  • Content Processing: Google Gemini (for knowledge base extraction)
  • Database: Supabase
  • Real-time Communication: LiveKit (for voice sessions)

These providers process data solely to deliver their services and are bound by their own privacy policies and data processing agreements.

We may also disclose information if required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

5. Shopify Permissions

The App requests the following Shopify access scopes:

  • read_products: to sync your product catalog for the assistant
  • unauthenticated_read_product_listings: to display product information on the storefront widget

We request only the minimum permissions necessary for the App to function.

6. Meta (Facebook/Instagram) Integration

Merchants may optionally connect their Meta (Facebook/Instagram) ad account to personalize the voice assistant based on which ad brought each visitor to the store. When connected, we access the following data through the Meta Marketing API:

Data we collect from Meta:

  • Ad account name and ID
  • Ad creative content: headlines, body text, descriptions, calls to action
  • Ad creative media: images (described using AI vision) and videos (transcribed using speech-to-text)
  • Ad campaign names and IDs
  • Ad URL parameters (to identify which ad a visitor clicked)
  • Boosted post content from connected Facebook Pages

How we use Meta data:

  • To identify which ad a store visitor clicked before arriving on the merchant's website
  • To provide the voice assistant with context about the ad's messaging, so it can naturally continue the conversation from where the ad left off
  • To display ad sync status and tracking information in the merchant dashboard

What we do NOT do with Meta data:

  • We do not modify, create, or delete ads or campaigns in the merchant's ad account
  • We do not access ad performance metrics, spending data, or audience targeting information
  • We do not share Meta data with third parties beyond the service providers listed in Section 4
  • We do not use Meta data to train AI models

Meta permissions we request:

  • ads_read: to read ad creative content (text, images, videos) for personalization
  • business_management: to list the merchant's available ad accounts for selection
  • pages_read_engagement: to read boosted post content from connected Facebook Pages

Disconnection and data deletion:

Merchants can disconnect the Meta integration at any time from the Tone dashboard. Upon disconnection, all synced ad data (ad content, media descriptions, video transcripts) is permanently deleted from our systems. If a merchant removes the Tone app from their Facebook settings, we receive a data deletion callback from Meta and delete all associated Meta data within 30 days.

To request deletion of your Meta data, disconnect the integration from the Tone dashboard or contact us at hello@trytone.io.

7. Data Retention

  • Merchant data and agent configuration are retained for as long as the App is installed.
  • Conversation data is retained for as long as the merchant's account is active to allow review in the dashboard.
  • Knowledge base content is retained until deleted by the merchant or the App is uninstalled.

8. Data Deletion

When a merchant uninstalls the App:

  • We receive a webhook notification from Shopify and mark the store as inactive.
  • Upon receiving a shop/redact compliance webhook from Shopify, we permanently delete all associated data including products, agent configuration, knowledge base content, and conversation history.

Merchants can also delete individual knowledge base items at any time from the dashboard.

9. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information. All data is transmitted over TLS/SSL encrypted connections. Access tokens from Shopify are stored securely and used only to sync product data.

10. International Data Transfers

Data is processed and stored on servers located in the United States (Google Cloud Platform, us-central1 region). If you are located outside the United States, your data will be transferred there for processing.

11. Your Rights

Merchants can:

  • View, edit, or delete their agent configuration and knowledge base at any time
  • Toggle which products the assistant has access to
  • Request a full data export or deletion by contacting us at hello@trytone.io

If a storefront visitor's personal information was captured during a conversation, the merchant (as the data controller) is responsible for handling any data subject requests. We will assist merchants in fulfilling such requests.

12. Children's Privacy

The App is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Episodic Corp.

221 W 9TH ST, WILMINGTON, DELAWARE 19801

Email:hello@trytone.io