AutoShot

Privacy Policy

Last updated: 15 June 2026

AutoShot ("AutoShot", "we", "us", "our") is operated by Hristo Lilkin, an individual based in Bulgaria, currently operating as a sole trader (not yet incorporated as a company). This Privacy Policy explains what personal data we collect when you use the AutoShot website, web application, and Telegram bot (together, the "Service"), why we collect it, and what rights you have under the EU General Data Protection Regulation (GDPR) and Bulgarian law.

1. Who we are

AutoShot is operated by Hristo Lilkin, sole trader, based in Bulgaria. For data protection purposes, Hristo Lilkin is the "controller" of your personal data.

Contact: hristo.lilkin@gmail.com

If AutoShot is later incorporated as a company, this policy will be updated and the new entity will become the data controller; you will be notified of any such change.

2. What personal data we collect

Account data: your email address, password (stored as a salted hash by our authentication provider, Supabase — we never see or store your plain-text password), and your chosen interface language.

Uploaded images:

  • Car photos you submit for background replacement are sent directly to our AI image-processing provider and are not stored on our servers or in our database. We only keep a record that a job ran (status, timestamp, processing time, success/failure) — never the image itself.
  • If you upload a custom studio background, that image is stored in our database/storage (Supabase) and used only to process your future photos, until you remove it or delete your account.

Payment data: if you purchase credits or a subscription, payment is handled entirely by Stripe. We receive only confirmation that a payment succeeded and a Stripe customer/subscription reference — we never see or store your card details.

Telegram bot data: if you link your Telegram account, we store your Telegram chat ID and username so the bot can identify you and apply your credit balance, background, and language preferences. Photos and messages sent to the bot are processed the same way as uploads through the web app.

Technical & usage data: your IP address and basic diagnostic information collected automatically by our error-tracking tool (Sentry) when something goes wrong, and anonymous, aggregated usage statistics collected by Vercel Analytics, which does not use cookies and cannot identify you individually.

3. Why we use your data and our legal basis

  • To create and manage your account, process your images, and operate the credit and billing system — necessary to perform our contract with you (Art. 6(1)(b) GDPR).
  • To detect, prevent, and fix errors and abuse, and to keep the Service secure and working — our legitimate interest (Art. 6(1)(f) GDPR).
  • To comply with legal obligations, such as keeping records of payments for tax purposes (Art. 6(1)(c) GDPR).

4. Who we share your data with

We use the following service providers ("processors") to operate AutoShot. Each receives only the data needed for its specific function, under its own terms and privacy policy:

  • Supabase — database, authentication, and file storage
  • AI image-processing provider — processes the car photos you submit, to generate the edited image. This provider may temporarily retain processing data for a limited period for abuse-monitoring purposes, as described in its data usage policy
  • Stripe — payment processing for credit purchases and subscriptions
  • Telegram — delivery of bot messages, if you choose to use the Telegram bot
  • Vercel — website hosting and cookieless, aggregated analytics
  • Sentry — error tracking and diagnostics
  • Upstash (Redis) — short-lived technical data used to avoid double-processing Telegram messages

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

5. International data transfers

Some of our providers (for example, our AI image-processing provider, Vercel, and Sentry) are based in or process data in the United States. Where this happens, the provider relies on appropriate safeguards required by GDPR, such as Standard Contractual Clauses or participation in the EU-U.S. Data Privacy Framework.

6. How long we keep your data

  • Account data: for as long as your account is active, and deleted or anonymized within 30 days of you requesting account deletion.
  • Car photos sent for processing: not retained by us (see Section 2).
  • Custom background images: until you remove them or delete your account.
  • Job/usage records (status and timing only, no image content): kept for service operation and basic analytics.
  • Payment records: kept for as long as required by applicable Bulgarian tax and accounting law.

7. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Receive your data in a portable, machine-readable format
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP, cpdp.bg) or your local supervisory authority

To exercise any of these rights, email hristo.lilkin@gmail.com. You can also manage your account details, custom background, and Telegram link directly from your account page, and delete your account at any time.

8. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), database access controls and row-level security, and secure authentication through Supabase. No system is 100% secure, but we work to protect your data appropriately for the risk involved.

9. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children, and accounts must not be created by anyone under 18.

10. Cookies

We use only the essential cookies set by Supabase to keep you signed in. Our analytics tool (Vercel Analytics) does not use cookies and cannot identify you individually.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the "last updated" date above and, where appropriate, notify you (for example, by email or in-app).

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, email hristo.lilkin@gmail.com.

AutoShot
Privacy·Terms·Contact
© 2026 AutoShot. All rights reserved.