Privacy Policy

1. Introduction

Shottly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("Shottly" or the "App") and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

2. Information We Collect

2.1 Information You Provide

• Display Name: When you create or join a connection, we collect the display name you provide. This name is shared with other members of your connection.
• Connection Names: Names you assign to connections for identification purposes.
• Photos and Videos: Media content you voluntarily capture and share through the App. This content is uploaded to our servers and made available to other members of your connection.
• Captions: Text captions you attach to shared media.
• Reactions and Comments: Your interactions with shared content, including likes, dislikes, and comments.

2.2 Information Collected Automatically

• Device Identifier: We generate and store a unique device identifier locally on your device to distinguish members within a connection. This identifier is not linked to your personal identity and is not shared with third parties.
• Connection Codes: Unique alphanumeric codes generated for each connection group.
• Timestamps: Date and time of content uploads and interactions.

2.3 Information We Do NOT Collect

• We do not collect your real name, email address, phone number, or any government-issued identification.
• We do not require account registration or login credentials.
• We do not collect location data, GPS coordinates, or IP-based geolocation.
• We do not use cookies, tracking pixels, or advertising identifiers.
• We do not access your device contacts, call logs, SMS, or browsing history.
• We do not collect analytics data or usage statistics.

3. How We Use Your Information

We use the information we collect solely for the following purposes:

• Service Delivery: To operate and maintain the core functionality of the App, including media sharing, connection management, and home screen widget updates.
• Content Distribution: To deliver shared photos and videos to all members within a connection.
• Notification Delivery: To send push notifications about new shared content and reactions to relevant connection members.
• Service Improvement: To identify and fix technical issues and improve the reliability of our Services.

We do not use your information for advertising, profiling, marketing, or any purpose unrelated to providing the Services.

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored on Cloudflare's global edge network using Cloudflare Workers KV, a distributed key-value storage system. Cloudflare maintains SOC 2 Type II compliance and employs industry-standard security measures including encryption at rest and in transit.

4.2 Data Encryption

• All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Data stored on our servers is encrypted at rest using AES-256 encryption.
• Connection passwords (when set) are used for access control but are stored in hashed form.

4.3 Local Storage

The App stores minimal data locally on your device, including your device identifier, connection codes, and user preferences (theme, language). This data is stored using the device's secure storage mechanisms and is not accessible to other applications.

4.4 Security Measures

While we implement commercially reasonable security measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

5. Data Sharing and Disclosure

5.1 Within Connections

Media content you share is visible to all members of the connection in which it was shared. Your display name is visible to other members of your connections.

5.2 Third-Party Service Providers

We use the following third-party service providers:

• Cloudflare: Infrastructure hosting, content delivery, and data storage. Cloudflare processes data as a data processor under their Privacy Policy.
• Cloudinary: Image and video processing, storage, and delivery. Cloudinary processes media data under their Privacy Policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to:

• Comply with a legal obligation or lawful government request.
• Protect and defend our rights or property.
• Prevent or investigate possible wrongdoing in connection with the Services.
• Protect the personal safety of users of the Services or the public.

5.4 No Sale of Data

We do not sell, trade, rent, or otherwise transfer your personal information to third parties for commercial purposes, and we never will.

6. Data Retention

We retain your data as follows:

• Media Content: Photos and videos are stored for the duration of the connection's existence. When a connection is deleted, all associated media content is permanently removed.
• Connection Data: Connection metadata (member list, settings) is retained while the connection is active.
• Reactions and Comments: Stored alongside the associated media content and deleted when the media is removed.

We do not retain data longer than necessary to provide the Services.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You can view all content shared within your connections through the App.
• Deletion: You can delete specific media you have shared. Connection administrators can delete entire connections, which removes all associated data.
• Data Portability: You can save shared media to your device directly from the App.
• Withdrawal of Consent: You may stop using the Services at any time. Uninstalling the App removes all locally stored data.

7.1 GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, and data portability. Our legal basis for processing is your consent (provided by using the Services) and legitimate interest (providing and improving the Services).

7.2 CCPA Rights (California)

If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information. As stated above, we do not sell your personal information.

8. Children's Privacy

Our Services are not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at the email address below.

9. International Data Transfers

Our Services are hosted on Cloudflare's global edge network, which means your data may be processed in data centers located outside your country of residence. Cloudflare participates in and has certified compliance with the EU-U.S. Data Privacy Framework and maintains Standard Contractual Clauses (SCCs) for international data transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: contact@shottly.app

We will respond to your inquiry within 30 days.