← Auto-DS

Privacy Policy

Last updated: June 20, 2026

This Privacy Policy explains how Auto-DS ("Auto-DS," "we," "us") collects, uses, and protects information when you use our dropshipping automation platform (the "Service"). By using the Service you agree to the practices described here.

Operated by Nexora AI Consultancy FZ-LLC, Compass Building, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates. Questions: sinankartal231@gmail.com.

1. Information we collect

  • Account information. Your email address and a securely hashed password when you register. If you sign in with Google or GitHub, we receive your provider account identifier and email address.
  • Billing information. Subscriptions are processed by Stripe. We do not store your full card details; Stripe handles payment data. We retain a Stripe customer reference and your plan and subscription status.
  • Usage data. Products you research and import, settings, and activity needed to operate the Service.
  • Technical data. Limited logs (e.g. request metadata, errors) used to keep the Service reliable and secure.

2. How we use information

  • To provide, maintain, and improve the Service.
  • To process subscriptions and send transactional email (e.g. email verification, password reset) via Resend.
  • To secure accounts, prevent abuse, and debug issues.
  • To measure the performance of our own marketing (see "Advertising measurement" below).

3. Cookies

We use strictly necessary cookies only: a secure, HTTP-only session cookie to keep you signed in, and a short-lived referral-attribution cookie when you arrive via a referral link. We do not use third-party advertising cookies in the application.

4. Advertising measurement (hashed identifiers)

To measure the effectiveness of our own advertising, we send server-side conversion events (account signup and subscription start) to TikTok's Events API. Before any identifier leaves our servers it is hashed with SHA-256 — your email is normalized and hashed, and your user ID is sent as a hashed reference. We never transmit raw email addresses or other raw personal data to TikTok. These events are sent only for users who have created an account with us. We do not sell your personal data.

5. Service providers we share data with

We share limited data with vendors that operate the Service on our behalf, under their respective terms:

  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • TikTok — advertising conversion measurement (hashed identifiers only, as above).
  • Sentry — error monitoring (configured to scrub sensitive fields).
  • Neon — managed PostgreSQL database hosting (data stored in the European Union, Frankfurt, Germany).
  • Upstash — managed Redis cache and background-job queue (European Union, Ireland).
  • Railway — application and background-worker hosting (United States).
  • Vercel — web application hosting and edge delivery (United States / global edge network).

These providers act as our processors / sub-processors and may only handle data to operate the Service on our behalf, under their terms. We do not engage any third party to use your data for its own purposes, and we do not sell your personal information.

6. Data retention

We retain account and subscription data for as long as your account is active and as needed to comply with legal and accounting obligations. When you delete your account, we delete or anonymize associated personal data, except where retention is legally required.

7. Your rights

Depending on your location (e.g. under GDPR or CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at sinankartal231@gmail.com. We will respond within the period required by applicable law.

8. Security

Passwords are stored hashed, transport is encrypted with TLS, session cookies are HTTP-only and secure in production, and access to systems is restricted. No method of transmission or storage is perfectly secure, but we work to protect your information.

9. International transfers

We operate using managed cloud providers, so your information may be processed in countries other than your own. In particular, account and product data is stored in the European Union (Frankfurt, Germany and Ireland), and our application and background-processing services run in the United States. Where personal data is transferred across borders, we rely on appropriate safeguards (such as the providers' standard contractual clauses) and limit transfers to what is necessary to operate the Service.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to you.

12. Contact

Questions about this policy? Email sinankartal231@gmail.com.

See also our Terms of Service.