Privacy Policy

Last updated: 19 May 2026

Tonepost ("we", "us", "our") provides an AI-powered content generation app for Shopify stores. This policy explains what information we collect, how we use it, and the choices you have.

1. Who we are

Tonepost is operated by John Jarvis (sole trader), based in Tasmania, Australia. You can reach us at support@tonepost.online.

2. Information we collect

When you install Tonepost on your Shopify store we collect:

Shop information: your shop domain, store name, timezone, contact email and the OAuth access token Shopify issues us. We use this to make API calls back to your store on your behalf.
Content you create with Tonepost: RSS feed URLs you add, source articles you import, voice templates you configure, drafts the AI generates, and scheduling metadata. This content lives in our database so you can return to it later.
Usage and billing data: which plan your shop is on, posts generated per billing cycle, AI token counts and the cost of each generation. This lets us enforce plan limits and show you analytics.
Anonymous visitor analytics: when a published blog post is viewed, we record a one-way hash of the visitor's IP and user agent so we can show you unique-view counts. The hash cannot be reversed and we do not store IP addresses or user agents.

We do not collect or store information about your customers. Tonepost has no access to your customers, orders or payment data.

3. How we use information

To generate blog content using your voice templates.
To publish drafts and schedule posts to your Shopify store at your direction.
To enforce your plan's usage limits and bill you correctly.
To send transactional emails (sign-up confirmations, usage alerts, optional weekly digests). You can opt out of digests in Settings.
To diagnose errors and improve the service.

4. Third parties we share data with

We share the minimum data necessary with these processors:

Anthropic — your source text and voice template settings are sent to the Claude API to generate blog content. Anthropic does not train on API data.
Resend — your contact email and the email body are sent to Resend to deliver transactional emails.
Supabase — our PostgreSQL database provider.
Railway — our application hosting provider.

We do not sell, rent or otherwise share your data with third parties for marketing.

5. Data location and retention

Data is stored on servers operated by our hosting and database providers, which may be located outside Australia. We retain shop data for as long as you have Tonepost installed.

When you uninstall Tonepost, Shopify notifies us. Forty-eight hours later we permanently delete all data tied to your shop, including drafts, feeds, templates, analytics and billing records. This is automated via Shopify's shop/redact webhook.

6. Your rights

Under the Australian Privacy Principles and (where applicable) the GDPR, you can request access to, correction of, or deletion of your data at any time. Email us at support@tonepost.online and we will respond within 30 days.

You can also uninstall Tonepost from your Shopify admin at any time, which triggers automatic deletion as described above.

7. Security

We use HTTPS for all communications, encrypted database storage, and follow Shopify's recommended OAuth practices. No system is perfectly secure; if you believe your data has been compromised please contact us immediately.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to the shop owner and the "Last updated" date above will change.

9. Contact

Questions or concerns? Email support@tonepost.online.