AutoShot ("AutoShot", "we", "us", "our") is operated by Hristo Lilkin, an individual based in Bulgaria, currently operating as a sole trader (not yet incorporated as a company). This Privacy Policy explains what personal data we collect when you use the AutoShot website, web application, and Telegram bot (together, the "Service"), why we collect it, and what rights you have under the EU General Data Protection Regulation (GDPR) and Bulgarian law.
AutoShot is operated by Hristo Lilkin, sole trader, based in Bulgaria. For data protection purposes, Hristo Lilkin is the "controller" of your personal data.
Contact: hristo.lilkin@gmail.com
If AutoShot is later incorporated as a company, this policy will be updated and the new entity will become the data controller; you will be notified of any such change.
Account data: your email address, password (stored as a salted hash by our authentication provider, Supabase — we never see or store your plain-text password), and your chosen interface language.
Uploaded images:
Payment data: if you purchase credits or a subscription, payment is handled entirely by Stripe. We receive only confirmation that a payment succeeded and a Stripe customer/subscription reference — we never see or store your card details.
Telegram bot data: if you link your Telegram account, we store your Telegram chat ID and username so the bot can identify you and apply your credit balance, background, and language preferences. Photos and messages sent to the bot are processed the same way as uploads through the web app.
Technical & usage data: your IP address and basic diagnostic information collected automatically by our error-tracking tool (Sentry) when something goes wrong, and anonymous, aggregated usage statistics collected by Vercel Analytics, which does not use cookies and cannot identify you individually.
We use the following service providers ("processors") to operate AutoShot. Each receives only the data needed for its specific function, under its own terms and privacy policy:
We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.
Some of our providers (for example, our AI image-processing provider, Vercel, and Sentry) are based in or process data in the United States. Where this happens, the provider relies on appropriate safeguards required by GDPR, such as Standard Contractual Clauses or participation in the EU-U.S. Data Privacy Framework.
Under GDPR, you have the right to:
To exercise any of these rights, email hristo.lilkin@gmail.com. You can also manage your account details, custom background, and Telegram link directly from your account page, and delete your account at any time.
We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), database access controls and row-level security, and secure authentication through Supabase. No system is 100% secure, but we work to protect your data appropriately for the risk involved.
The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children, and accounts must not be created by anyone under 18.
We use only the essential cookies set by Supabase to keep you signed in. Our analytics tool (Vercel Analytics) does not use cookies and cannot identify you individually.
We may update this policy from time to time. If we make material changes, we will update the "last updated" date above and, where appropriate, notify you (for example, by email or in-app).
If you have any questions about this Privacy Policy or how we handle your data, email hristo.lilkin@gmail.com.