Privacy Policy

1. Scope

This Privacy Policy applies to Alley AI websites, applications, and support channels controlled by Alley AI LLC. It does not govern third-party services such as TikTok, Google, or Stripe, which are subject to their own privacy notices.

2. Information We Collect

Account and profile information

• Name, email address, avatar, and account identifiers.
• Hashed password data for credential-based accounts.
• Customer support ID and subscription status information.

Authentication and security data

• Session and authentication tokens used to keep you signed in.
• Two-factor authentication secret data if you choose to enable 2FA.
• Abuse-prevention, rate-limit, and security event data associated with account access.

Billing and subscription data

• Stripe customer ID, subscription plan, billing status, renewal state, and invoice-related metadata.
• We do not store your full payment card number in Alley AI.

Connected platform data

• TikTok Shop connection details, shop identifiers, shop metadata, and authorized access tokens.
• TikTok Login information such as display name, open ID, allowed scopes, and disabled posting-capability metadata.
• Data returned from TikTok APIs that you request through the product, such as products, orders, creator information, analytics, and finance-related records.
• Google account information made available to Alley AI when you choose Google sign-in.

User-submitted content and operational records

• DM templates, support ticket messages, creator-outreach queue records, and generated scripts.
• Creator-outreach draft records, review queues, and manual-delivery confirmation metadata.
• Abuse reports and related follow-up correspondence.

Technical and request data

• IP-derived hints, browser or device information, timestamps, and user-agent strings used for operations, fraud prevention, debugging, and abuse review.
• Essential cookies or similar storage required for authentication and core product functionality.

3. How We Use Information

• Provide and secure your Alley AI account.
• Process subscriptions, trials, renewals, upgrades, cancellations, and billing support.
• Display data from connected TikTok services and execute TikTok Shop workflows you request.
• Store and process queued outreach drafts, generated scripts, and support requests.
• Detect fraud, prevent abuse, enforce limits, and investigate security issues.
• Maintain, troubleshoot, and improve the service.
• Comply with legal obligations and respond to lawful requests.

4. How We Share Information

We do not sell your personal information for money, and we do not rent account data lists to third parties.

• Payment processing: Stripe processes billing and customer-portal actions.
• Authentication providers: Google provides optional OAuth sign-in.
• Platform APIs: TikTok processes connection and TikTok Shop data requests you initiate through Alley AI.
• Hosting and infrastructure: we use managed hosting and network providers to serve the app, protect traffic, and store operational data.
• Legal or safety reasons: we may disclose data when required by law or reasonably necessary to protect Alley AI, users, or the public.
• Business transfers: data may transfer as part of a merger, financing, acquisition, or asset sale.

5. Storage and Retention

We retain data for as long as reasonably necessary to operate the service, satisfy billing and legal obligations, resolve disputes, prevent abuse, and preserve backups or logs.

• Account and subscription records are generally retained while your account remains active.
• TikTok connection tokens and related metadata are retained until you disconnect the integration or close the account, subject to backup and audit copies.
• Creator-outreach draft and template records are retained while needed for review, support, abuse prevention, and account history.
• Support requests and abuse reports may be retained as needed for enforcement, support quality, and legal compliance.

6. Security Measures

We use technical and organizational safeguards that are appropriate for a small SaaS product, including:

• Password hashing with bcrypt for credential-based accounts.
• Optional TOTP-based two-factor authentication.
• Signed session handling and access controls for protected routes.
• Rate limits on authentication and other abuse-sensitive endpoints.
• Encryption of selected sensitive third-party secrets before database storage.

No system is perfectly secure. We cannot guarantee absolute security, and you are responsible for keeping your own devices, accounts, and credentials secure.

7. Cookies and Similar Technologies

Alley AI uses essential cookies and similar storage primarily to keep users signed in, protect sessions, and support core functionality. We do not currently run third-party behavioral advertising or retargeting cookies in the app.

You can control cookies through your browser settings, but blocking essential authentication cookies may prevent the service from working properly.

8. Your Choices and Requests

• You can update certain account details and security settings from the dashboard.
• You can disconnect TikTok integrations from settings.
• You can manage certain billing details through the Stripe customer portal.
• You can contact us to request access, correction, deletion, or export of personal data we hold about you.

We may need to verify your identity before acting on a request, and some requests may be limited by legal, billing, fraud-prevention, security, or technical requirements.

9. Children

Alley AI is intended for business and professional users and is not directed to children under 18. If you believe a child has provided personal data to Alley AI, contact us so we can investigate and take appropriate action.

10. U.S. State Privacy Notes and International Transfers

We do not sell personal information for money and do not share personal information for cross-context behavioral advertising. If you live in a jurisdiction that grants specific privacy rights, contact us with a verifiable request and we will respond as required by applicable law.

Your data may be processed in the United States or other locations where our providers operate. By using the service, you understand that data may be transferred to jurisdictions with different privacy laws than your home jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will post the revised version on this page and update the effective date above.

12. Contact