Privacy Policy for STONK AI GMV
1. Overview and Single Purpose
STONK AI GMV is a business tool for TikTok Shop sellers and operators. Its single purpose is to help authorized users manage TikTok Shop operations, advertising performance, LIVE operations, campaign workflows, video tools, reports, notifications, and optional synchronization from supported TikTok, TikTok Shop, TikTok Ads, and STONK pages that the user intentionally opens or configures.
This policy explains how the extension collects, processes, stores, protects, and shares user data. The extension does not sell user data and does not use user data for personalized advertising.
Before signing in, the extension presents a prominent privacy disclosure and requires the user to affirmatively accept the disclosure and Terms of Use. Optional integrations remain disabled unless the user configures or enables the related feature.
2. Data We Collect or Process
Depending on the features the user chooses to use, the extension may collect or process:
- Account and authentication data: STONK username; password submitted by the user for STONK login or password changes; STONK login session token; license or sync token; TikTok session cookies; CSRF tokens; seller identifiers; advertiser identifiers; and shop identifiers needed to perform user-requested actions. STONK passwords are transmitted to the STONK authentication server over HTTPS for login or password changes and are not saved by the extension in Chrome storage.
- Website content and resources: content visible on supported TikTok Shop, TikTok Ads, TikTok, and STONK pages, including campaign names, product names, product IDs, video IDs, creator names, live room IDs, promotion information, dashboard tables, and operational page state.
- Advertising, shop, and LIVE performance data: ad spend, budget, revenue, GMV, ROI, CPO, order count, clicks, views, CTR, account balance, credit information, LIVE metrics, product pin data, giveaway state, and reporting metrics.
- User settings and configuration: saved shop list, selected shops, feature toggles, theme preference, notification settings, report schedules, sync server URL, local relay URL, and automation settings.
- Optional integration credentials entered by the user: Telegram bot token and chat IDs, Zalo relay host and recipient IDs, Google Apps Script or Google Sheets webhook URLs, Gemini API key, and local relay secret if the user configures those integrations.
- Downloaded media metadata: TikTok video URLs or IDs, creator names, product labels, and download status when the user uses the video download feature.
- Diagnostics and logs: local activity logs, background scheduler logs, error messages, request status, and sync status used to operate and troubleshoot the extension.
STONK AI GMV does not intentionally collect government identification numbers, health information, credit card numbers, or bank account numbers. Users should not enter those types of data into the extension.
Data handling summary
| Data category | Collection and purpose | Storage and sharing |
|---|---|---|
| STONK login data | Username and password are submitted when the user signs in or changes a password. A session token is used to keep the user signed in. | Password is transmitted to the STONK authentication server over HTTPS and is not saved by the extension. The session token may be stored in Chrome local storage. |
| TikTok authentication data | TikTok session cookies and CSRF tokens are used to access the user's authorized TikTok Shop, TikTok Ads, and LIVE workflows. | May be stored locally and may be synchronized with STONK servers only when Cloud Sync, backup, multi-device access, or user-requested automation is enabled. |
| Shop, Ads, LIVE, promotion, and video data | Read from supported TikTok pages and APIs to display dashboards, operate campaigns, prepare reports, manage LIVE workflows, and process user-requested downloads. | Stored locally as operational state or cache. Relevant selected data may be synchronized with STONK servers or sent to an optional integration when the user enables that feature. |
| Optional notification and report configuration | Telegram bot token and recipient IDs, Zalo recipient IDs, Google Apps Script URLs, Gemini API key, relay URLs, schedules, and report settings are entered or enabled by the user. | Stored locally and transmitted only to the configured destination when the related optional feature is enabled or manually started. |
| Diagnostics | Local logs, error messages, request status, and sync status are used for reliability and troubleshooting. | Stored locally. Relevant diagnostics may be shared with STONK support only when needed for support, security, or abuse prevention. |
3. How Data Is Collected
- User input: data typed or pasted by the user into the extension, such as API keys, notification recipients, sync URLs, schedules, and configuration values.
- Supported pages: data read from TikTok Shop, TikTok Ads, TikTok, and STONK pages through content scripts, page APIs, DOM extraction, or captured page requests when needed for a visible feature.
- Chrome extension APIs: Chrome storage, tabs, cookies, downloads, alarms, scripting, context menus, offscreen documents, and declarative network request APIs are used only to provide the extension features described in the Chrome Web Store listing and user interface.
- Optional services: if the user enables integrations, the extension sends or receives data from Telegram, Zalo relay, Google Apps Script or Sheets, Gemini, Tikwm, STONK sync servers, or a user-configured local relay.
4. How Data Is Used and Processed
Data is used only to provide or improve user-facing STONK AI GMV features, including:
- displaying dashboards, performance reports, campaign summaries, account status, and LIVE metrics;
- creating, editing, pausing, resuming, syncing, or updating campaigns when requested or configured by the user;
- saving local preferences, selected shops, and operational configuration;
- synchronizing selected shop, campaign, cookie, and report data with STONK servers when Cloud Sync, server backup, account access, or automation features are enabled;
- sending optional alerts, reports, AI analysis, and LIVE summaries through Telegram, Zalo, Google Apps Script or Sheets, Gemini, or a local relay when configured by the user;
- downloading or organizing TikTok video content when the user starts that action;
- debugging, fraud prevention, abuse prevention, service reliability, and security.
5. Storage and Retention
- Local browser storage: extension settings, cached shop data, report data, operational logs, selected cookies, and recent state may be stored in Chrome storage on the user's device.
- STONK servers: account data, shop data, selected cookies, reports, and sync payloads may be stored on STONK servers only for login, license, Cloud Sync, backup, account access, user-requested automation, security, and support.
- Third-party services: when the user enables optional integrations, relevant message or report content may be transmitted to the configured service. Those services process data under their own policies and the user's account settings.
- Retention: data is retained only as long as needed to provide the service, maintain user accounts, support configured automation, resolve support issues, meet legal obligations, or prevent abuse.
- Deletion: users can delete local data by logging out, clearing extension storage, or uninstalling the extension. Users can request deletion of server-side data by contacting privacy@stonkagency.vn.
6. Sharing and Third Parties
STONK AI GMV does not sell, rent, or transfer user data for advertising, data broker, or credit-worthiness purposes.
User data may be shared only with the following parties and only as needed for the extension's user-facing features:
- TikTok, TikTok Shop, TikTok Ads, and related TikTok domains: to read or submit the seller, ads, LIVE, product, campaign, or promotion data requested by the user.
- STONK servers: for login, license validation, Cloud Sync, account management, backup, reporting, and user-requested synchronization.
- Telegram: only when the user configures Telegram notifications, confirmations, reports, or summaries.
- Zalo relay: only when the user configures Zalo notifications, reports, or LIVE summaries through the STONK or user-provided relay host.
- Google Apps Script or Google Sheets: only when the user configures report export or sheet integration.
- Google Gemini: only when the user enables AI analysis and provides or uses a Gemini API key.
- Tikwm: only when the user uses the TikTok video download feature.
- User-configured local relay servers: only when the user enters a local relay URL for automation or notifications.
- Infrastructure and security service providers: only as necessary to host, secure, monitor, and operate STONK services.
- Legal and safety recipients: when required by law or necessary to prevent fraud, abuse, malware, phishing, or security incidents.
7. Security
- Production data transmissions use HTTPS where supported by the destination service.
- Personal and sensitive data stored by STONK services is protected at rest through access-controlled storage and encryption at rest.
- Local relay URLs may use localhost or 127.0.0.1 only when configured by the user for local workflows.
- Access to server-side data is controlled through authentication, authorization, and operational safeguards.
- The extension requests Chrome permissions only for supported features and supported domains.
- No transmission or storage system is completely secure. Users should protect their browser profile, TikTok accounts, STONK account, and integration credentials.
8. Limited Use Commitment
STONK AI GMV uses user data only to provide and improve the extension's single purpose. User data is not sold, not transferred to advertising platforms or data brokers, and not used to determine credit worthiness. Human access to user data is limited to user-authorized support, security, abuse prevention, legal compliance, or aggregated and anonymized internal operations.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
9. User Choices and Rights
- Users can disable optional features such as Cloud Sync, Telegram, Zalo, Google integrations, Gemini, local relay, video download, and automation features.
- Users can remove integration credentials from extension settings.
- Users can clear local extension data by logging out, clearing Chrome extension storage, or uninstalling the extension.
- Users can request access, correction, export, or deletion of server-side data by contacting privacy@stonkagency.vn.
10. Children
STONK AI GMV is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this policy when the extension, legal requirements, or data practices change. The latest version will be published at the privacy policy URL provided in the Chrome Web Store listing.
12. Contact
For privacy questions, data access, correction, export, or deletion requests, contact: privacy@stonkagency.vn.