Privacy Policy

Last updated: 25 May 2026

1. Who we are

AutoFlux is an AI automation agency operated as a sole proprietorship by Muneeb Rehman. Contact: muneeb@autoflux.co. References to "we," "us," and "our" mean AutoFlux.

2. What we collect

We collect personal data only when you give it to us, in three contexts:

  • Site chat & email: if you message the AI Concierge or email us, we receive whatever you send — typically your name, email, store URL, and the content of your message.
  • Free audit requests: when you email "audit" with a store URL, we view publicly accessible parts of your Shopify storefront to produce the Loom audit.
  • Active engagements: when you become a paying client, we are granted scoped access to your Shopify, n8n, OpenAI, Google, and email accounts. We never store credentials — we use the access tokens you provision and the systems you own.

3. How we use it

  • To respond to your enquiry or complete the audit you requested.
  • To deliver and operate the automation services you've engaged us for.
  • To send transactional communications about your project. We do not send marketing email to anyone who has not opted in.

4. Legal basis (UK / EU)

Under UK GDPR / EU GDPR, our lawful bases for processing are: (a) performance of a contract (operating your engagement), (b) legitimate interest (responding to inbound enquiries and prospecting in line with PECR), and (c) consent (where you've explicitly opted in to anything).

5. Sub-processors

The infrastructure we and our clients commonly rely on includes:

  • Netlify — hosting for this site.
  • n8n Cloud — workflow runtime (your account or ours).
  • OpenAI — model inference (API mode; not used for model training per OpenAI's API terms).
  • Google Workspace — email and Sheets logs (your account where possible).
  • Shopify — your store, accessed via Shopify's standard developer collaborator flow.
  • HubSpot, Smartlead, Apollo — used internally for our own sales operations, not for client data.

Each has its own privacy policy. We pass through only the minimum data needed for the workflow.

6. Retention

Inbound enquiry messages are retained for up to 24 months for follow-up. Audit notes are retained until the related opportunity closes or 12 months pass with no contact, whichever is sooner. Operational logs in client systems follow the retention you set on those systems — we hold no separate copy.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion ("right to be forgotten").
  • Object to processing or restrict it.
  • Withdraw consent at any time.
  • Lodge a complaint with a supervisory authority (e.g., the UK ICO).

California residents have the corresponding rights under the CCPA / CPRA (right to know, delete, correct, opt out of sale or sharing). We do not sell or share personal information for cross-context behavioural advertising.

To exercise any right, email muneeb@autoflux.co. We respond within 30 days.

8. International transfers

AutoFlux operates from Pakistan and uses sub-processors based primarily in the US and EU. Where personal data moves outside the UK/EEA, we rely on the recipient's appropriate safeguards (Standard Contractual Clauses or an adequacy decision where applicable).

9. Cookies

autoflux.co loads Google Fonts and the n8n chat widget. We do not set advertising cookies or use third-party analytics that profile visitors. The chat widget stores a session token in your browser so a conversation can resume on reload — this is cleared when you close the chat.

10. Security

Credentials and access tokens for client systems are held in n8n's encrypted credential store. Our own operational accounts use unique passwords and TOTP-based MFA. We will notify affected clients within 72 hours of becoming aware of any breach involving their data.

11. Changes

We may update this policy. Material changes will be noted at the top of the page with a new "Last updated" date. For substantive changes affecting active clients, we'll email you.

12. Contact

Questions, requests, or complaints: muneeb@autoflux.co.