Privacy Policy

The Service is provided by Optify AI (“we,” “us,” or “our”). We are based in Konya, Türkiye.

For privacy requests and data protection inquiries, contact us at privacy@optify.one. If you use the Service on behalf of an organization, that organization may be responsible for the account and certain admin controls; this policy still applies to how we process personal information in connection with the Service.

This policy applies to information we process when you visit our website, create or use an account, connect or authorize third-party platforms (for example marketplaces, e-commerce stores, or social networks), use AI-powered listing and content optimization features (including image uploads you choose to submit), contact support, or otherwise interact with the Service. It does not replace the privacy policies or terms of platforms you connect—we describe how we handle data once you choose to use those connections through the Service.

3.1 You provide directly

• Account and profile: email address, name (if you provide it), password or authentication credentials managed by our auth provider, and profile or workspace fields you submit in the product.
• Subscription and billing (where enabled): plan selection, billing contact details, and payment information processed by our payment processor (we generally do not store full card numbers on our servers).
• Support communications: messages you send us (for example via email or in-product channels), including any attachments you include.
• Content you upload for AI features: product images, listing text, tags, and related inputs you choose to submit so we can generate or refine titles, descriptions, categories, tags, and similar outputs.

3.2 Collected automatically

• Device and technical data: IP address, browser type, device identifiers, general location derived from IP, dates/times of requests, and similar diagnostics needed to operate and secure the Service.
• Usage and logs: feature usage, API activity where applicable, error logs, and security signals (for example to detect abuse or fraud).
• Cookies and similar technologies: strictly necessary cookies or local storage for authentication and session continuity. If we use optional analytics or marketing cookies, we will describe them and, where required, request your consent.
• Microphone (if you allow it): Some features—such as optional voice between users in workspaces or speech-to-text dictation in chat—may request access to your device microphone through your browser. We use it only for the feature you activate (for example WebRTC audio between agents, or your browser’s speech recognition where used). We do not sell microphone data; you can revoke permission in your browser or OS settings at any time.

3.3 Connected platform data (when you connect accounts)

If you connect or authorize third-party platforms through the Service, we receive and process information made available to us under your permissions and each platform’s developer rules. That may include:

• Identifiers and profile data: account or shop IDs, display names, usernames, avatars, email or business contact fields returned by the platform, and similar profile attributes.
• Authorization data: OAuth tokens, refresh tokens, API keys, or other credentials needed to maintain the connection (stored using appropriate technical safeguards).
• Commercial and catalog content: listings, products, collections, inventory or catalog fields, images, pricing where exposed by the API, categories, tags, and related merchant content you choose to sync or optimize.
• Social and distribution content (where supported): pins, boards, posts, media metadata, captions, and—only where permitted—limited performance or engagement metrics needed to provide features you enable (for example content preparation or publishing workflows).
• Technical and operational data from integrations: API responses, sync timestamps, error logs, and webhook delivery metadata needed to operate connected features.

3.4 Information from other third-party vendors

We may receive limited information from authentication, payment, analytics, or security vendors we use to deliver the Service, consistent with their terms and this policy.

The Service is designed so you can optionally link external platforms to streamline listing optimization, content preparation, publishing, or analytics. Examples of categories we may support over time include online marketplaces (such as Etsy), e-commerce platforms (such as Shopify), social and discovery platforms (such as Pinterest, Instagram, Facebook, TikTok, X/Twitter), and other channels we add and disclose in-product. Not every integration may be available in all regions or at all times; we will request only the permissions needed for the features you turn on.

4.1 Pinterest API

When you connect your Pinterest account, we use Pinterest’s APIs in accordance with Pinterest’s developer and platform rules and the permissions you grant. Depending on the features you enable, we may access, store, and process information such as your Pins, boards, board metadata, and related profile or content data solely as needed to provide the Service (for example preparing or publishing content, syncing assets, or supporting analytics features you turn on). We do not use the Pinterest connection for purposes beyond what we describe in this policy and in-product permission screens, unless we obtain any additional consent required by law or by Pinterest.

4.2 Independence and third-party terms

Those platforms are independent of Optify AI. When you connect an account, you remain subject to each platform’s Terms of Service, Community Standards, API / developer policies, and Privacy Policy. We are not responsible for their practices. If a platform revokes access or changes its API rules, certain features may stop working until you reconnect or we update the integration.

4.3 How we use connected data

We use information from connected platforms only to:

• Provide features you explicitly enable (for example importing listings, optimizing content, preparing posts, or syncing updates);
• Authenticate and maintain authorized connections on your behalf until you disconnect;
• Improve reliability, security, and performance of integrations (for example error handling and abuse prevention);
• Comply with law and platform requirements applicable to developers.

Unless we tell you otherwise in-product and obtain any consent required by law, we do not sell platform credentials or use connected social data to run unrelated third-party advertising on your behalf.

4.4 Publishing and actions on third-party platforms

Where the Service supports posting, updating, or other actions on a connected platform, those actions occur based on your instructions (or your organization’s administrators). You are responsible for ensuring content complies with each platform’s rules. We may log operational metadata (success/failure, timestamps) as needed to support the feature and troubleshooting.

4.5 Disconnecting and data after you revoke access

You can typically disconnect a platform in your account or integration settings in the Service, and you may also revoke access from the third party’s app or security settings. After disconnection, we stop syncing new data from that platform; we may retain cached or derived data for a limited period where needed for backups, billing disputes, security, or legal obligations, then delete or anonymize it consistent with Section 9.

4.6 Developer and API compliance

We implement integrations in line with applicable platform developer documentation. If a platform requires a public privacy policy URL, this document is intended to satisfy that requirement together with any supplemental notices we show at connection time (for example permission screens describing scopes). Platform-specific addenda may be published if a provider requires additional disclosures.

We process personal information to:

• Provide, maintain, and improve the Service, including AI-assisted content generation you request;
• Operate connected integrations you enable—such as reading or syncing listings, catalogs, or social content, preparing assets for distribution, and performing publishes or updates you initiate on external platforms;
• Create and manage accounts, authenticate users, and enforce limits (for example credits entitlements);
• Process subscriptions and payments where available;
• Provide customer support and respond to inquiries;
• Monitor and enhance security, prevent fraud and misuse, and comply with legal obligations;
• Send service-related notices (for example security alerts or account updates);
• Where permitted by law, send product updates or marketing communications (you can opt out as described in those messages);
• Comply with law, enforce our terms, and protect rights, safety, and property.

We do not sell your personal information as “sale” is defined under applicable U.S. state privacy laws. We do not use your content to train third-party foundation models unless we clearly disclose otherwise and, where required, obtain your consent. AI outputs are generated for your use in the Service; automated processing may occur without human review except as needed for support, safety, or legal compliance.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following bases:

• Contract: processing necessary to provide the Service you request.
• Legitimate interests: securing the Service, improving features, preventing abuse, and internal analytics that are not overridden by your rights (where applicable).
• Legal obligation: compliance with law, regulation, or court process.
• Consent: where we ask for it for optional processing (for example certain marketing or non-essential cookies, or optional scopes when connecting a third-party account where the platform or law requires explicit consent).

We share personal information only as described in this policy, with service providers who process data on our instructions (“processors”), when required by law, or to protect rights and safety. Categories of recipients may include:

• Third-party platforms at your direction: when you use the Service to post, update, or sync content, we transmit the data required to complete that action to the relevant platform’s systems under their terms and your authorization;
• Cloud hosting and infrastructure (for example serverless or edge providers operating our application);
• Authentication and database services (account storage, access control);
• AI model providers (to generate requested outputs from inputs you submit—subject to their API terms and safeguards);
• Email and communications (transactional email and inbound support delivery);
• Payment processors (when checkout is enabled);
• Professional advisors (lawyers, accountants) under confidentiality obligations;
• Authorities when we believe disclosure is required by law or necessary to protect users or the public.

We may disclose or transfer information in connection with a merger, acquisition, financing, or sale of assets, subject to safeguards.

We may process and store information in countries other than where you live, including the United States. Where required, we implement appropriate safeguards (for example Standard Contractual Clauses approved by the European Commission) for transfers from the EEA, UK, or Switzerland. You may contact us for more information about such safeguards.

We retain personal information only as long as needed for the purposes above, including to provide the Service, resolve disputes, enforce agreements, and comply with law. Retention periods vary: account data is kept while your account is active and for a reasonable period afterward; security logs may be kept for a shorter or longer window depending on operational and legal needs. Content you upload for analysis may be processed ephemerally or stored according to product configuration; we work to limit retention to what is necessary.

Integrations: credentials and synced copies of third-party content are retained while a connection remains active and for a limited period after you disconnect, as described in Section 4.4 and as required for backups, audits, or legal holds.

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security. Please use a strong password and protect your credentials.

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete certain personal information;
• Object to or restrict certain processing;
• Port information you provided in a structured, machine-readable format (where applicable);
• Withdraw consent where processing is based on consent;
• Lodge a complaint with a data protection authority.

Deletion requests: you may request deletion of your personal information and associated account or integration data held by Optify AI at any time by emailing privacy@optify.one. We will process verified requests within a reasonable timeframe, consistent with applicable law (where feasible, we aim to complete verification and deletion within thirty (30) days, unless a longer period is permitted and we explain why). Some information may be retained where the law requires or where we have a legitimate need (for example security logs or billing records), as described in Section 9.

To exercise other rights (access, correction, portability, objection, restriction), contact privacy@optify.one. We may need to verify your request. If we deny a request, we will explain why where the law requires.

U.S. state privacy rights: Residents of certain U.S. states may have additional rights (for example opt-out of “sale,” profiling, or certain sharing). We describe our practices above; contact us for requests specific to your state.

Connected accounts: you can disconnect integrations in the Service (and revoke our app from each platform’s account settings where available). That stops future syncing; deletion of data we already hold may still require a separate privacy request where applicable.

The Service is not directed to children under 13 (or the minimum age required in your region), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

Beyond the connected integrations covered in Section 4, the Service may reference or link to other websites or tools. Their privacy practices are governed solely by their own policies. We do not control how they collect or use data when you leave our Service.

We use automated systems (including machine learning) to generate suggestions and scores. These outputs are intended to assist you and may be inaccurate; you remain responsible for your listings and compliance with marketplace rules. You can usually revise or disregard AI outputs within the Service.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Effective date” above. If changes are material, we will provide additional notice as required by law (for example by email or in-product banner).

Optify AI
Based in Konya, Türkiye

Questions about this policy or our privacy practices: privacy@optify.one