Privacy Policy_

Tono collects the minimum data needed to authenticate you, generate replies that sound like you, and enforce your monthly plan limit.

• +Email address — you provide this at Stripe checkout. We use it for account access, transactional email (welcome, billing notifications), and support replies.
• +Authentication tokens — Supabase issues a JWT access token and a refresh token when you sign in. The browser extension stores these in `chrome.storage.local` (sandboxed per-extension); the web app stores them in your browser's session storage. They're never sent to third parties.
• +Profile data you choose to enter — display name, role, goals, projects, free-text "voice direction" notes, and example replies you paste in. All optional, all editable, all visible to you at any time on your account profile page.
• +The text of the post you're replying to — captured only when you explicitly click the Tono button on a reply composer. Never your feed, never your DMs, never other tabs. The text is sent to OpenAI for the suggestion request and is not stored on our servers afterwards.
• +Monthly usage count — a single integer per user per calendar month, used to enforce the 100/500 reply limit on your plan.
• +Subscription metadata — Stripe customer ID, subscription ID, plan tier, period, and status. We do not see or store your payment card details — Stripe handles all card data.

Each piece of data has a single, narrow purpose. We do not profile, sell, or repurpose anything.

• +Email — sign you in, send the welcome email, billing notifications, support replies.
• +Tokens — keep you authenticated on the web app and the extension without making you type a password on every request.
• +Profile + post text — sent to OpenAI's chat completion API to generate three reply suggestions that match your writing style.
• +Usage count — enforce your plan's monthly cap (Starter 100, Pro 500). When you hit the cap, Tono returns an error instead of generating more.
• +Subscription metadata — grant access to paid features and let you self-manage billing via Stripe Customer Portal.

We use a small set of trusted infrastructure providers. We do not sell data to brokers, advertisers, or analytics platforms.

• +Supabase (database, authentication; EU region) — stores your account, profile, subscription, and usage data.
• +OpenAI (model inference, US) — receives your profile context and the post text you're replying to each time you generate suggestions. OpenAI's enterprise data terms state that API inputs are not used to train their models.
• +Stripe (payment processing) — handles all card data and PCI compliance. We never see card numbers.
• +Resend (transactional email delivery) — sends the welcome email and any future account notifications.
• +Vercel (web hosting) — runs the Tono web app. Vercel logs HTTP request metadata (URL, timestamp, response code) for operational purposes; this does not include request body content.

No third-party advertising, analytics tracking, or behavioral profiling is loaded on the Tono website or the extension.

• +Profile and subscription data — kept for as long as your account is active. After you cancel and request deletion (see "Your rights" below), we erase everything within 30 days.
• +Authentication tokens — rotated regularly. Access tokens expire in about an hour; refresh tokens roll forward up to 30 days.
• +Post text — passed to OpenAI for the suggestion request and discarded. Not written to our database.
• +Generated suggestions — returned to your browser only. Never written to our database.
• +Monthly usage count — kept indefinitely as a row per (user, month). Used for billing history and quota enforcement.

Tono is built to be reversible. You can edit, export, or delete your data at any time.

• +Access and edit — visit your account profile page to see and edit every field we store about you.
• +Cancel subscription — open Stripe Customer Portal from the Billing tab in your account. You keep access until the end of the period you've already paid for.
• +Delete account — email raffaelefrancesco.damato@gmail.com from the address tied to your account. We confirm and erase your profile, subscription, and usage rows from our database within 30 days, and instruct Supabase and Stripe to do the same.
• +Data export — email raffaelefrancesco.damato@gmail.com and we'll send a JSON dump of your profile and subscription metadata.

The Tono website uses only essential session cookies set by Supabase Auth. The browser extension does not use cookies. We do not load advertising trackers, fingerprinting scripts, or third-party analytics. Vercel records standard server logs that include request URL and response code (no body, no IP-level tracking shipped to a third party).

For privacy questions, data requests, or anything else about this policy, write to raffaelefrancesco.damato@gmail.com. Tono is built and operated by Kekko D'Amato — an indie developer publishing under his own name. There is no parent company, no board, no investor.

We'll post any material changes here with a new "Last updated" date. If a change is significant (a new data category, a new processor, etc.) we'll notify subscribers by email at least 30 days in advance of the effective date.