three23 logo

Privacy Policy

Effective date: May 6, 2026

This Privacy Policy explains how three23(“we,” “us,” or “our”) collects, uses, and protects information when you use Auton4n(“the Service”). We take your privacy seriously and only collect what is necessary to provide the Service.

1. Information We Collect

Information you provide directly

  • Account information: Email address and password (stored as a bcrypt hash — we never store your plain-text password).
  • Profile information: Name and other optional profile fields you choose to provide.
  • Workflow configuration: Settings you configure for your automations (e.g., which Notion database to use, scheduling preferences).

Information collected automatically

  • Usage data: Workflow execution logs, including timestamps, number of tasks processed, and error information. This is used to display your execution history and diagnose problems.
  • IP addresses: Collected temporarily for rate limiting on authentication endpoints and discarded. We do not build IP-based profiles.
  • Analytics: Aggregate, anonymized page-view data via Vercel Analytics. No cookies are used for analytics; no personal data is collected.

Information from third parties

  • Notion: When you connect your Notion workspace, we receive an OAuth access token and refresh token, and a list of databases you authorize. We do not store the full content of your Notion pages — only the data necessary to process your configured workflows.
  • Stripe: When you subscribe, Stripe shares a customer ID and subscription status with us. We do not store payment card details — those remain with Stripe.

2. How We Use Your Information

  • To provide, operate, and improve the Service.
  • To authenticate you and secure your account.
  • To execute and log your configured workflows.
  • To process payments and manage your subscription.
  • To send transactional emails: account confirmation, password reset, workflow error notifications, subscription receipts, and low-credit warnings. You can opt out of non-essential notifications in your account settings.
  • To respond to support inquiries you initiate by contacting us.
  • To detect and prevent abuse, fraud, and unauthorized access.

We do not sell your personal data. We do not use your data for advertising.

3. Third-Party Services

We share data with the following third parties only to the extent necessary to operate the Service:

  • Stripe — payment processing. Governed by Stripe’s Privacy Policy.
  • Notion— your task data is read from and written to Notion’s API. Governed by Notion’s Privacy Policy.
  • Resend — transactional email delivery. Your email address is transmitted to Resend to deliver emails you request or that are triggered by your account activity.
  • Trigger.dev— background job execution. Workflow job payloads (containing workflow IDs and user IDs) are processed by Trigger.dev’s infrastructure.
  • Vercel — hosting and infrastructure. Vercel processes request data in accordance with their privacy policy.

4. Data Retention

  • Your account data is retained for as long as your account is active.
  • Workflow execution logs are retained for 90 days, then automatically deleted.
  • When you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., billing records, which we retain for 7 years per Canadian tax regulations).

5. Security

We use industry-standard measures to protect your data: HTTPS for all data in transit, bcrypt hashing for passwords, and short-lived JWT tokens for session management. Notion OAuth tokens are stored encrypted in our database. No security measure is 100% foolproof — if you suspect unauthorized access to your account, contact us immediately.

6. Your Rights

Depending on your location, you may have rights under GDPR, PIPEDA, or other applicable privacy laws, including:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing activities.

To exercise any of these rights, email us at contact@three23.ca. We will respond within 30 days.

7. Cookies

The Service uses a single, essential session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party cookies. Vercel Analytics uses a privacy-preserving approach that does not require cookies.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and by posting a notice in the app before material changes take effect. The effective date at the top of this page will always reflect the most recent revision.

10. Contact

Questions or concerns about this Privacy Policy? contact@three23.ca

three23
New Brunswick, Canada