Privacy Policy

Get to know how we handle your data and privacy.

TLDR We deeply value your privacy. We collect only the minimum personal data necessary to provide our services. We do not track you unnecessarily, nor do we sell your information. Payments are securely handled by third-party processors, and we don't store your full payment details. We may share very limited information with essential third-party services strictly to make our services work. While we implement strong security measures, no online transmission is 100% secure. By using our site, you acknowledge this policy. We may update it, so please check back periodically.

Introduction

Shadowself (We) is committed to protecting and respecting the privacy of our users ("You"). This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information when you visit our website shadowself.io (the "Website") and use our services.

Information We Collect

We adhere to the principle of data minimization, meaning we only collect personal data that is essential for the specified purposes.

• Account Credentials: When you create an account, we collect a username and a password. Your password is stored in a cryptographically hashed format (meaning it's not human-readable and we cannot see your actual password).
• Payment Information: If you choose to make payments for our services, these are processed by a secure third-party payment processor (e.g., Stripe). We do not directly collect, store, or process your full credit card numbers or bank account details. The payment processor may provide us with limited information such as a transaction ID, the last four digits of your card, and your billing country for record-keeping and service provision.
• Contact Information: If you choose to contact us via our contact page or directly, you may provide your email address and any other information you include in your message. We collect this solely for the purpose of responding to your inquiries and providing support.

How We Use Your Information

We process your personal data only for specified, explicit, and legitimate purposes. The lawful bases for our processing under GDPR are as follows:

• To Provide and Manage Your Account and Our Services:
  • Creating and maintaining your user account.
  • Authenticating you when you log in.
  • Delivering the services you have requested.
  • Processing your payments through our third-party payment processor.
• To Communicate With You:
  • Responding to your inquiries, comments, or support requests submitted via our contact page or email.
  • Sending you essential service-related updates. You cannot opt-out of essential service communications.
• To Ensure Security and Maintain Our Website:
  • Monitoring for and preventing fraudulent or malicious activity.
  • Troubleshooting and improving the performance and security of our Website.
• To Comply with Legal Obligations:
  • We may process your data if required by law, such as in response to a court order, subpoena, or other legal process from a competent authority.

Absence of Spyware and Analytics

We prioritize user privacy by refraining from the use of any spyware or analytics tools for behavioral tracking on the Website. We collect only the explicitly mentioned data and refrain from tracking user activity beyond what is strictly necessary for the core functionality of our services (e.g., session management for logged-in users).

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We only share your data with third parties in the following limited circumstances:

• Third-Party Payment Processors: To facilitate payments, we share necessary information with secure third-party payment processors like Stripe. They are responsible for securely processing your payment details. We encourage you to review their privacy policies (Stripe's Privacy Policy).
• Essential Third-Party Service Providers: We may use other third-party service providers who perform functions on our behalf, such as Twilio. These providers only have access to the personal information needed to perform their functions and are contractually obligated to protect your data and use it only for the purposes for which it was disclosed and in accordance with GDPR.
• Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.

International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located in the European Economic Area (EEA), please note that some of our third-party service providers (like Stripe) may be based outside the EEA.

When we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• The country to which the data is transferred has been deemed to provide an adequate level of protection for personal data by the European Commission (an "adequacy decision").
• We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (e.g., Standard Contractual Clauses - SCCs).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. This includes measures like using HTTPS for data transmission, hashing passwords, and restricting access to personal data. However, it is crucial to acknowledge that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws, like financial record-keeping), resolve disputes, and enforce our legal agreements and policies.

• Account Information: Retained for as long as your account is active and for a reasonable period thereafter (for re-activation or audit purposes), or as necessary for our legitimate business purposes or legal compliance.
• Contact Information (from inquiries): Retained for as long as necessary to resolve your inquiry and for a short period thereafter for follow-up or record-keeping.

Upon expiry of the applicable retention period, your personal data will be securely deleted or anonymized, unless a longer retention period is required or permitted by law.

Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

• Right to Access: You have the right to request copies of your personal data that we hold.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions (e.g., if the data is no longer necessary for the purpose it was collected).
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data based on our legitimate interests, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Please note that we may ask you to verify your identity before responding to such requests. There may be legal reasons why we cannot fulfill your request, or can only do so in a limited way.

How to Exercise Your Rights

If you wish to exercise any of the rights set out above, please contact us at via our contact page.

We will respond to your request within mere days. This period may be extended by more than one week where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within the period of receipt of the request, together with the reasons for the delay.

Data Protection Law Compliance

We strive to maintain complete compliance with all applicable data protection laws, including the General Data Protection Regulation (GDPR), and other relevant regulations such as the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and California Online Privacy Protection Act (CalOPPA) to the extent they apply to our operations and users.

Children's Privacy

Our Service is not directed to individuals under the age of 16 (or a lower age if permitted by the laws of your EU member state for consent to information society services, but not below 13). We do not knowingly collect personally identifiable information from children under this age. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without your consent, please contact us immediately. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our systems.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy periodically. We will notify you of any changes by posting the revised Privacy Policy on the Website and updating the "Last updated" date. We may also inform you via email or a prominent notice on our Service, prior to the change becoming effective, if the changes are material. We encourage you to periodically review this Privacy Policy for any updates.

Right to Lodge a Complaint

If you have any concerns about our use of your personal information, you have the right to lodge a complaint with a supervisory authority. If you are in the EEA, you can complain to your local data protection authority. A list of Data Protection Authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

However, we would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us through our contact page.

---

By using our Website, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting Shadowself with your privacy.

Last updated: May 13, 2025