Privacy Policy — Amazon Advertising Management Platform
Owner / Operator: AUTONOOMI LABS LLC
Registration No.: A limited liability company registered in the State of Delaware, United States
Address: 8 The Green, STE B, Dover, DE 19901, USA
Email for Privacy and Rights Inquiries: support@autonoomi.com
Platform Address / Domain: www.autonoomi.com
Effective Date: July 8, 2026
1. General
The Platform Operator respects the privacy of users and publishes this Privacy Policy to explain, in clear language, what information is collected during the use of the Platform, for what purposes it is used, to whom it is disclosed, how it is retained, and how we can be contacted regarding privacy rights.
This Policy applies to the use of the Platform and its related services. The Policy does not replace any privacy notice, privacy policy, disclosure, or consent that the user is required to provide to their customers, employees, suppliers, business partners, or any other party about whom information is collected as part of their Amazon store operations.
There is no legal obligation to provide personal information to the Platform. However, providing certain information is a condition for opening an account, managing permissions, using the smart chat, building strategies, managing campaigns, receiving support, receiving operational notifications, billing and payment, and the proper operation of the service.
The Platform Operator may provide the services and process information through affiliates and subcontractors on its behalf, who are subject to parallel data protection obligations.
This Policy is phrased in the masculine singular for convenience only, but is intended for all genders.
2. Information Collected via the Platform and Purposes of Use
The following types of information are collected and processed during the use of the Platform:
2.1 Customer, Business, and Authorized User Details
This information includes full name, business or brand name, contact information, email address, phone number, role, authorization details, login credentials, account status, authorized user details, and data on actions performed in the account.
The purposes of using this information are account opening, identifying authorized users, managing permissions, managing the onboarding process, operating the Platform, providing service and support, data security, auditing, preventing misuse, logging activity, and managing the commercial relationship with the customer.
2.2 Amazon Store, Brand, and Commercial Activity Information
This information includes details about the user's Amazon store, field of business, product categories, products, brands, business and marketing goals, advertising budgets, market data, campaign data, keywords, ad performance, sales data, operational and commercial information, files, content, documents, and other data entered or made available to the Platform by the user.
The purposes of using this information are brand familiarity, analyzing store activity, building marketing and advertising strategies, suggesting goals and budgets, managing campaigns, optimization, keyword research, displaying information on the dashboard, generating insights, logging activity, and improving the service.
Some of the commercial and operational information is confidential or commercially sensitive business information, even when it is not personal information. It is the user's responsibility to ensure that the information they enter or provide to the Platform is accurate, current, permitted for use, and does not violate third-party rights.
2.3 Access and Management Permissions Information for the Amazon Advertising Account
For the purpose of providing the service, the user grants access and management permissions to the relevant parts of their Amazon advertising activity. As of the publication date of this Policy, during the beta phase, the connection is made via appropriate user permission and not through an API.
This information includes account identifiers, authorization details, connection status, activity logs, campaign data, advertising settings, keywords, budgets, performance results, and other data required for advertising management.
The purposes of using this information are providing access to the service, managing and optimizing campaigns, performing actions approved by the user, tracking performance, troubleshooting, auditing, logging activity, and protecting against unauthorized use.
2.4 Smart Chat Conversations, Strategies, and AI Outputs
This information includes questions, answers, instructions, goals, objectives, preferences, product descriptions, market data, campaign data, conversations with the smart chat, outputs, strategies, recommendations, and deliverables generated during the use of the Platform's artificial intelligence components.
The purposes of using this information are formulating a personalized marketing and advertising strategy, suggesting goals and budgets, assisting in decision-making, generating insights, documenting the workflow, improving the user experience, quality control, and reviewing system outputs by the team during the beta phase.
The Platform Operator may use usage data, management decisions, and their results to operate, improve, and train its own systems; external publication of such data will be done solely in an aggregated and anonymous form. The Platform Operator's external AI providers (such as Anthropic) do not train their models on customer data.
2.5 Introductory Meetings, Zoom Meetings, and Onboarding Services
During the onboarding phase, an introductory meeting is held with the user to get to know the brand, understand activity goals, explain the service, and evaluate the user's fit for the Platform.
This information includes name, contact details, business details, information provided during the introductory call, meeting summaries, task tracking, decision logging, professional notes, correspondence, and follow-up inquiries. When a meeting is recorded, the recording will be saved and processed for documentation, service, quality control, and workflow improvement purposes, following appropriate disclosure to the participants.
The purposes of using this information are managing the onboarding process, alignment of expectations, strategy building, providing service and guidance, handling inquiries, documenting decisions, quality control, and improving the service.
2.6 Payments, Billing, and Invoices
This information includes service package details, payment status, amounts, billing dates, invoice details, contact information for collection purposes, and transaction records. During the beta phase, payment is made via a Stripe payment link.
Full credit card details are not stored on the Platform. Payment details are processed by the clearing provider, in accordance with its privacy policy and terms of service.
The purposes of using this information are processing charges, generating invoices, managing the engagement, collection, handling refunds, complying with legal accounting and commercial requirements, and resolving disputes.
2.7 Inquiries, Support, and Customer Service
This information includes name, contact details, inquiry content, correspondence, messages, screenshots, files, call logs, inquiry resolution logs, and any other information provided as part of a support or service request.
The purposes of using this information are handling inquiries, providing responses and support, troubleshooting errors, improving service, documenting inquiries, managing the relationship with the user, fulfilling obligations to the user, and protecting the rights of the Platform Operator.
2.8 Technical Information, Usage Data, Logs, and Cookies
This information includes IP address, browser type, device type, operating system, login times, session identifiers, actions performed within the system, usage data, performance data, error data, technical logs, audit logs, cookies, and similar technologies.
The purposes of using this information are the proper operation of the Platform, data security, error identification, technical support, error monitoring, performance improvement, usage analysis, auditing, preventing unauthorized use, logging activity, and improving the service.
2.9 Information on the User's End Customers
The Platform is intended for the management of advertising and marketing for an Amazon store and is not intended for uploading personal information about the user's end customers. The user is requested not to enter personal information about end customers into the Platform unless required for the service, permitted by law, and backed by appropriate authorization.
When the user enters or provides personal information about third parties, the user is responsible for ensuring that the collection, use, transfer to the Platform, and processing of the information are done lawfully, in accordance with the required privacy notices, consents, and permissions to be obtained.
3. Information Displayed on the Platform and Access Permissions
3.1 Authorized Users on Behalf of the Customer
Access to information on the Platform is granted to the user and parties on their behalf who have been designated as authorized, in accordance with the service features and the agreement between the parties.
The user is responsible for defining permissions strictly on a need-to-know basis, removing unnecessary permissions, ensuring that access details are not transferred to third parties, and monitoring the activity of users on their behalf.
3.2 Access on Behalf of the Platform Operator
The Platform Operator, its employees, consultants, and suppliers on its behalf shall have access to information when required for the operation of the Platform, service management, maintenance, data security, support, troubleshooting, performing campaign actions, handling inquiries, preserving rights, or complying with legal requirements.
The Platform Operator's team, operating inter alia from Israel, accesses data remotely under access controls, permission management, and activity logging.
The Platform Operator may review, block, remove, or restrict access to content or use that violates the law, infringes third-party rights, violates privacy, compromises system security, or breaches the terms of engagement.
4. Role of the Parties with Respect to Information
With respect to information that the user enters about their store, business activity, employees, suppliers, customers, or third parties on their behalf, the user is the entity that determines what details will be collected, for what purposes, and how they will be used. The Platform processes the information for the purpose of providing the service to the user, in accordance with the agreement between the parties, system settings, and applicable legal provisions.
With respect to information collected for the purpose of managing the user's account, platform security, support, relationship management, billing, activity logging, and service improvement, the Platform Operator processes the information for its legitimate operational and business needs, subject to legal provisions.
5. Use of Artificial Intelligence Tools
The Platform includes artificial intelligence components and a smart chat to assist in formulating advertising and marketing strategies, analyzing product and market data, suggesting goals, suggesting budgets, generating insights, and providing responses to the user as part of the service.
As of the publication date of this Policy, the Platform utilizes third-party artificial intelligence services, including Anthropic, and the Platform Operator may replace or add AI providers in accordance with service, security, and improvement needs.
Information that the user enters into the smart chat or that is processed through AI components is sent to external AI providers and processed by them to operate functions, generate outputs, analyze data, and provide the service to the user.
The Platform Operator's external AI providers (such as Anthropic) do not train their models on customer data. The Platform Operator may use usage data, management decisions, and their results to operate, improve, and train its own systems; external publication of such data will be done solely in an aggregated and anonymous form.
AI outputs may contain errors, incomplete information, outdated information, or conclusions that are not suitable for all circumstances. During the beta phase, the Platform Operator monitors the strategies built through the system, but the responsibility for approving the strategy, budget, and use of the deliverables rests with the user.
6. Cookies and Measurement Technologies
The Platform uses cookies, session identifiers, and similar technologies for logging in, maintaining sessions, data security, preventing unauthorized use, saving preferences, proper system operation, error monitoring, measuring usage, and improving the service.
The Platform deploys cookies necessary for the operation of the service and analytics tools to measure usage, understand the scope of use, identify errors, and improve the Platform. The Platform does not use cookies for targeted advertising unless separate disclosure is provided and consent is obtained in accordance with the law.
Do Not Track Signals: As of this date, the Platform does not alter its practices in response to "Do Not Track" signals sent from browsers, as a uniform standard for their interpretation has not yet been established.
Cookies can be blocked or deleted through browser settings. Such blocking or deletion may impair the ability to log into the system, maintain sessions, secure the service, or properly use certain functions.
7. Links, External Services, and Integrated Components
The Platform includes links, components, interfaces, and external services, including infrastructure, storage, clearing, video conferencing, email delivery, error monitoring, analytics, artificial intelligence, development tools, backup, support, Amazon services, and similar services.
Use of external services is also subject to the privacy policies and terms of use of those providers. When information is transferred or accessible to an external provider, it is done for the purpose of providing the service, operating the Platform, its security, support, maintenance, fulfilling obligations, or complying with legal requirements.
8. Disclosure of Information to Third Parties and International Transfer
Personal information is disclosed or accessible to third parties only when required for the operation of the Platform, providing the services, managing permissions, data security, error monitoring, using AI components, sending operational notifications, support, maintenance, backup, relationship management, billing and payment, investigating violations, handling inquiries, or complying with legal requirements.
Information on the Platform is stored and processed on AWS cloud infrastructure, on servers located in the United States, and on additional third-party services operating in the United States and other countries. Additionally, the Platform Operator's team in Israel accesses the data remotely under access controls. Use of the Platform constitutes consent to such transfer and processing of information, in accordance with the agreement between the parties and applicable legal provisions.
8.1 Storage, Cloud, and Infrastructure Providers
Personal information, commercial information, operational information, and logs are stored or processed by storage, cloud, server, database, backup, data security, and technical infrastructure providers — primarily AWS (storage and processing on servers in the United States).
8.2 Artificial Intelligence Providers
Information entered into the smart chat or required for strategy building, data analysis, and insight generation is processed by relevant AI providers and processing infrastructures, including Anthropic, in accordance with service settings and the agreement between the parties.
8.3 Amazon and External Advertising Services
Information required for campaign management, access permissions, advertising activity data, budgets, keywords, and performance results is accessible or transferred to Amazon services and relevant external services for the purpose of providing the service and managing advertising.
8.4 Clearing and Payment Providers
Billing and payment details are processed by Stripe or other clearing and payment providers. Full credit card details are not stored on the Platform.
8.5 Video Conferencing, Email, and Operational Messaging Providers
Contact details, meeting details, and operational message content are processed by video conferencing providers (including Zoom), email, and system notification providers, for introductory meetings, login links, system updates, security notices, service announcements, and troubleshooting.
8.6 Error Monitoring, Logs, Analytics, and Data Security Providers
Technical information, logs, error data, usage data, performance data, and statistical data are processed by monitoring, analytics, data security, and technical operations providers, including email and analytics tools, for the purpose of locating errors, improving performance, protecting the Platform, and logging activity.
8.7 Development, Backup, and Code Management Tool Providers
Code, technical documentation, files, backups, or required data are accessible to development, maintenance, code management, backup, and technological tool providers used by the Platform Operator, as required for development, maintenance, and proper operation.
8.8 Professional Consultants, Authorities, and Authorized Entities
The Platform Operator may disclose information to legal, accounting, technological, or other professional consultants, as well as to competent authorities, courts, or other entities, when disclosure is required by law, a judicial order, a competent demand, the need to protect rights, resolve a dispute, handle a complaint, or handle a data security incident.
We do not sell personal information. There is no transfer of information to third parties for independent commercial purposes unrelated to the operation of the Platform, the provision of services, or the purposes detailed in this Policy.
9. Operational Notifications and Mailing
The Platform Operator may send service and operational notices to users, including notices related to the account, permissions, connection to the service, payment, campaigns, process changes, maintenance, malfunctions, data security, service updates, or handling inquiries.
In addition, the Platform Operator may send updates and marketing content to its customers via email, managed in accordance with the provisions of the US CAN-SPAM Act. Every marketing mailer will include: an active unsubscribe link available for at least 30 days; the physical mailing address of the Platform Operator; a sender identity and subject line that are not misleading. An opt-out request will be honored within 10 business days.
Unsubscribing from marketing mailers does not prevent the sending of service and operational messages required for account operation, including notices regarding billing, security, and changes to the service.
The Platform Operator does not send marketing mailers via SMS at all. Future activation of such mailings will require an update to this Policy and obtaining prior written consent, as required under TCPA provisions.
10. Information Retention, Export, and Deletion
10.1 Retention of Information During Use of the Platform
Information is retained for as long as required for the purposes for which it was collected, including platform operation, account management, permission management, strategy building, campaign management, support, data security, activity logging, payment and invoice management, dispute resolution, fulfillment of obligations, and compliance with legal requirements.
Business, commercial, operational, and technical information is retained in accordance with service needs, the agreement between the parties, backup periods, data security requirements, accounting requirements, and the need to protect the rights of the Platform Operator or the user.
10.2 Data Export
An option to export information will be provided in accordance with the service features, the technical capabilities of the Platform, and the agreement between the parties. Exportable information includes raw data, campaign data, activity data, files, documentation, and content that the user entered or made available to the Platform.
10.3 Termination of Engagement and Deletion
Upon termination of the engagement or cancellation of the subscription, access to the service will end in accordance with the regulations and the agreement between the parties. According to the regulations, upon termination of the engagement, the user will choose between pausing campaigns or an orderly handover period of up to 7 days, and account reports and data will be available for viewing for 7 days from the termination date. There is no freeze period unless otherwise agreed in writing.
After termination of the engagement, the Platform Operator will delete or anonymize information within a reasonable period of time, except for information required to be retained for temporary backups, data security, invoices, transaction records, protection of rights, dispute resolution, or compliance with legal requirements.
The user is requested to export or save information required by them prior to the termination of the engagement, to the extent that an export capability exists on the Platform or has been agreed upon between the parties.
11. Data Security and Notification of Security Incidents
The Platform Operator acts to implement reasonable measures for data security, permission management, infrastructure protection, access monitoring, activity logging, fault detection, and prevention of platform misuse.
The user is responsible for securing the use of the system by users on their behalf, including setting appropriate permissions, maintaining login credentials, removing unnecessary users, restricting access as needed, training employees, and avoiding entering unrequired information.
It is impossible to guarantee absolute immunity from penetration, malfunction, unauthorized use, data loss, or a security incident. In case of concern over a security incident, malfunction, or unauthorized use, the Platform Operator must be contacted as soon as possible using the contact details provided at the top of this document.
Notification of a Security Incident: In the event of a data security incident affecting customers' personal information, the Platform Operator will notify the affected customers in accordance with the data breach notification obligations set forth under the US state laws applicable to the incident and within the timeframes specified therein.
Users are requested not to enter information into the system that is not required for the use of the Platform, and in particular, not to enter information they are not authorized to process, information irrelevant to the service, information unnecessary for advertising activity, or information whose transfer is prohibited by law or contractual obligation.
12. User Rights and Data Subjects
Insofar as the Protection of Privacy Law, 5741-1981 applies to the processing, any person is entitled to inspect, either themselves or by a lawfully authorized representative, information about them held in a database; and a person who inspected information about them and found it to be incorrect, incomplete, unclear, or outdated, may apply to have the information corrected or deleted, in accordance with the provisions of the law.
Insofar as additional laws granting rights regarding personal information apply to the user (including US state laws), requests to exercise rights will be handled in accordance with those laws.
Requests to exercise rights should be directed to support@autonoomi.com. For the purpose of handling the request, the applicant will be asked to provide details that will enable their identification and the location of the relevant information.
When the information was entered into the Platform by a user, store, or authorized party on their behalf, handling the request will require clarification with that user or referring the applicant to the user, depending on the circumstances, the agreement between the parties, and the user's status relative to the information.
13. Changes to the Privacy Policy
The Platform Operator may update this Privacy Policy from time to time, inter alia due to changes in the Platform, services, providers, data processing procedures, user permissions, artificial intelligence components, data security measures, or legal requirements.
An effective date will be determined for each version of the Policy, which will be indicated at the top of the document. When material changes are made to the Policy, a notification will be sent to users via email to the address registered in their account 30 days in advance, and additionally, the updated version will be published on the Platform.
Continued use of the Platform after the updated Policy comes into effect will constitute consent to it, subject to legal provisions and the agreement between the parties.
Last Updated and Effective Date: July 8, 2026.
