Privacy Policy
Last updated: December 2024
Introduction
Shotsy ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at shotsy.app.
This policy applies to users worldwide, including those in the European Economic Area (EEA) under GDPR and California residents under CCPA/CPRA.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name (via Clerk authentication)
- Payment Information: Processed securely by Polar. We do not store credit card numbers.
- Uploaded Content: Screenshots you upload for AI processing
1.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent
- Device Information: Browser type, operating system
- Log Data: IP address, access times (for security purposes)
2. How We Use Your Information
We use collected information for:
- Providing and maintaining our screenshot generation service
- Processing payments and managing subscriptions
- Sending transactional emails (receipts, account updates)
- Improving our service based on usage patterns
- Preventing fraud and ensuring security
We do NOT: Sell your personal data, use your screenshots to train AI models, or share your information with third parties for marketing purposes.
3. Legal Basis for Processing (GDPR)
For users in the EEA, we process your data based on:
- Contract: To provide the service you signed up for
- Legitimate Interest: To improve our service and prevent fraud
- Consent: For optional marketing communications (you can opt out anytime)
- Legal Obligation: To comply with applicable laws
4. Data Retention
- Account Data: Retained while your account is active, deleted within 30 days of account deletion request
- Uploaded Screenshots: Processed in real-time and NOT stored permanently. Deleted immediately after processing.
- Payment Records: Retained for 7 years for legal/tax compliance
- Log Data: Retained for 90 days for security purposes
5. Third-Party Services
We use the following services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, login data |
| Polar | Payments | Payment details, email |
| OpenRouter (AI) | Caption generation | Screenshot content (not stored) |
| Vercel | Hosting | Access logs, IP address |
| Vercel Analytics | Usage analytics | Anonymous usage data |
Each service has their own privacy policy. We recommend reviewing them.
6. Your Rights
For All Users:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Opt-out: Unsubscribe from marketing emails
Additional Rights for EEA Users (GDPR):
- Data Portability: Receive your data in a structured format
- Restriction: Limit how we process your data
- Object: Object to processing based on legitimate interest
- Withdraw Consent: Withdraw consent at any time
- Lodge Complaint: File a complaint with your local data protection authority
Additional Rights for California Residents (CCPA/CPRA):
- Know: What personal information we collect and how it's used
- Delete: Request deletion of your personal information
- Opt-Out of Sale: We do NOT sell your personal information
- Non-Discrimination: Equal service regardless of exercising your rights
7. Data Security
We protect your data using:
- SSL/TLS encryption for all data in transit
- Encrypted database storage
- PCI-compliant payment processing (via Polar)
- Regular security audits
- Access controls and authentication
8. International Data Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EEA data transfers.
9. Children's Privacy
Our service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.
11. How to Exercise Your Rights
To exercise any of your privacy rights, you can:
- Email us at ifytech77@gmail.com
- Delete your account through your account settings
- Use the unsubscribe link in any marketing email
We will respond to requests within 30 days (or sooner as required by law).
12. Contact Us
For privacy-related questions or concerns:
Email: ifytech77@gmail.com
Data Protection: For GDPR inquiries, contact our data protection representative at the same email address.