Privacy Policy

1. What We Collect

autoGOM collects the following personal information to operate the service:

• Google account info (name, email, profile picture) — collected via Google OAuth when you sign in.
• Display name & SNS handle (e.g., Twitter, Instagram, Discord) — provided by GOM in their profile settings.
• Order details — name, email, SNS handle, shipping address (street, city, state, ZIP, country), and optional notes — submitted by Joiners when placing an order.
• PayPal connection details (for GOMs who enable Auto-match) — your PayPal merchant Client ID and Secret are encrypted at rest and used only to send invoices on your behalf. We never have access to your PayPal balance or the ability to withdraw funds.

2. How We Use Your Data

• Process and display orders to the GOM who manages the group order.
• Send order confirmation emails to Joiners.
• Allow Joiners to track their order status.
• Display GOM public profiles (display name, handle, and group order stats).

3. Third-Party Sharing

We do not sell your personal data. Your information is shared only in these cases:

• GOM access: When you place an order, the GOM running that group order can see your name, email, SNS handle, and shipping address to fulfill your order.
• Infrastructure providers:We use Supabase (database & authentication), Vercel (hosting), and Resend (transactional email). These providers process data on our behalf under their own privacy policies.
• PayPal:When you place an order on a paid group order, your email and order details (group order title and item options) are shared with PayPal to issue the invoice and send you a payment request email under PayPal's privacy policy. Your name is not shared with PayPal.

4. Data Retention

Your data is retained as long as your account exists or as long as the group order you participated in remains active. When a GOM deletes a group order, all associated order data (including Joiner information) is permanently removed.

5. Your Rights

You have the right to:

• Access — see the data we have about you (most of it is in your account; email us if you want a full copy)
• Update — change your profile info in Settings anytime
• Delete — request full deletion of your account and all associated data
• Export — download your GO and order data as CSV from the dashboard

In the EU (GDPR) and California (CCPA), you also have the right to:

• Restrict processing — temporarily pause how we use your data while a dispute is resolved
• Withdraw consent — for processing that relies on your consent (you can also delete your account at any time)
• Object to processing — let us know if you want us to stop a specific use of your data
• Lodge a complaint — with your local data protection authority

To exercise any of these, email autogom.app@gmail.com.

6. Cookies & Local Storage

autoGOM uses essential cookies for authentication (session management via Supabase Auth). We do not use advertising or analytics cookies.

7. Trust & Safety Commitments

How autoGOM protects payments, credentials, and dispute rights:

• G&S preferred — F&F discouraged

  Paid plans send every payment through PayPal Goods & Services. Friends & Family is discouraged because it violates PayPal's TOS and can result in account locks.

• Purchase Protection preserved

  Joiners keep PayPal's dispute and chargeback rights on every order — the processing fee shown at checkout is what funds that coverage.

• PayPal credentials never stored

  autoGOM uses OAuth + webhooks. We never see your PayPal password, balance, or transaction history — and you can revoke access in one click.

• Refunds routed through PayPal

  If a GO is cancelled or can't be fulfilled, joiners get a full refund routed back through PayPal — no manual chase, no waiting in DMs.

• We never hold your money

  Payments go directly from joiner to GOM. autoGOM is a tool, not a middleman — the funds never touch our balance.

8. Contact

Questions about this policy? Reach out at autogom.app@gmail.com.