Shotref IconShotrefBack to Home

Privacy Policy

Last updated: January 31, 2026

1. Introduction

This Privacy Policy explains how Shotref ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our service ("the Service").

We are committed to protecting your privacy and complying with the European General Data Protection Regulation (GDPR) and applicable French data protection laws.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

2. Data Controller

The data controller responsible for your personal information is:

Shotref
Email: contact@shotref.com

3. Information We Collect

3.1 Information You Provide

When you create an account and use the Service, we collect:

  • Account Information: Email address, first name, last name, username, profile picture
  • User Content: Images, board titles, descriptions, comments, and other content you upload or create
  • Billing Information: Payment information is processed by our payment provider Stripe. We do not store full credit card details
  • Communication Data: Messages you send to our support team

3.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Information: Pages visited, features used, time spent, actions taken
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Log Data: Server logs including timestamps, error messages, and technical diagnostics
  • Cookies and Similar Technologies: Session cookies for authentication and preference storage

3.3 Information from Third Parties

We receive information from third-party services:

  • Authentication Provider (Kinde): Email address, name, authentication tokens
  • Payment Provider (Stripe): Payment status, subscription details, billing information

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 To Provide the Service

  • Create and manage your account
  • Process and store your boards, images, and content
  • Enable sharing and collaboration features
  • Provide customer support

Legal basis (GDPR): Performance of a contract (Article 6(1)(b))

4.2 To Process Payments

  • Process subscription payments and invoices
  • Detect and prevent fraud
  • Manage billing and refunds

Legal basis (GDPR): Performance of a contract (Article 6(1)(b))

4.3 To Improve the Service

  • Analyze usage patterns and trends
  • Diagnose technical issues and bugs
  • Develop new features and improvements
  • Optimize performance and user experience

Legal basis (GDPR): Legitimate interests (Article 6(1)(f))

4.4 To Communicate with You

  • Send transactional emails (account confirmations, password resets, billing notices)
  • Respond to your inquiries and support requests
  • Send important service updates and security alerts
  • Send marketing communications (with your consent)

Legal basis (GDPR): Performance of a contract (Article 6(1)(b)) or Consent (Article 6(1)(a)) for marketing

4.5 To Ensure Security and Prevent Abuse

  • Detect and prevent fraud, spam, and abuse
  • Enforce our Terms of Service
  • Protect against security threats
  • Monitor for suspicious activity

Legal basis (GDPR): Legitimate interests (Article 6(1)(f))

4.6 To Comply with Legal Obligations

  • Respond to legal requests and court orders
  • Comply with tax and accounting requirements
  • Maintain records as required by law

Legal basis (GDPR): Legal obligation (Article 6(1)(c))

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

  • Kinde: Authentication and user management
  • Stripe: Payment processing and billing
  • Pirsch Analytics: Privacy-friendly web analytics (GDPR-compliant, cookieless)
  • Cloud Storage Providers: File storage and hosting
  • Email Service Providers: Transactional and marketing emails

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 When You Share Content

When you create a public sharing link, your boards and images are accessible to anyone with the link. You control what content is shared and with whom.

5.3 Legal Requirements

We may disclose your information if required by law, such as:

  • To comply with legal process (court orders, subpoenas)
  • To enforce our Terms of Service
  • To protect our rights, property, or safety
  • To protect the rights, property, or safety of our users or the public

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

  • Account Information: Retained while your account is active and for up to 90 days after deletion
  • User Content: Retained while your account is active. Deleted within 90 days of account deletion
  • Billing Records: Retained for 10 years to comply with French accounting requirements
  • Log Data: Retained for up to 12 months for security and diagnostic purposes

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit using HTTPS/TLS
  • Encryption of data at rest in our databases
  • Secure authentication with industry-standard OAuth 2.0
  • Regular security audits and vulnerability assessments
  • Access controls limiting who can access your data
  • Rate limiting to prevent abuse

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights Under GDPR

As a user in the European Union, you have the following rights:

8.1 Right to Access

You have the right to request a copy of the personal information we hold about you.

8.2 Right to Rectification

You can update your account information at any time through your profile settings. If you believe any information is inaccurate, you have the right to request corrections.

8.3 Right to Erasure ("Right to be Forgotten")

You can delete your account at any time. Upon deletion, we will erase your personal information within 90 days, except where retention is required by law.

8.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal information.

8.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used format, and to transfer it to another service provider.

8.6 Right to Object

You have the right to object to processing of your personal information based on legitimate interests.

8.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw consent at any time.

8.8 Right to Lodge a Complaint

If you believe we are not complying with data protection laws, you have the right to lodge a complaint with the French data protection authority (CNIL):

CNIL - Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Website: www.cnil.fr

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and basic functionality
  • Preference Cookies: Remember your settings (theme, language)

9.1 Web Analytics

We use Pirsch Analytics to understand how visitors use our Service. Pirsch is a privacy-focused, GDPR-compliant analytics service that:

  • Does not use cookies or persistent identifiers
  • Does not track users across websites
  • Does not create user profiles
  • Anonymizes IP addresses before processing
  • Stores data on servers in the European Union

Pirsch collects basic information about your visit, including:

  • Pages visited and referrer URL
  • Browser type and operating system
  • Device type (desktop, mobile, tablet)
  • Approximate geographic location (country/region level)
  • Session duration and page views

This information is used solely to improve our Service and understand usage patterns. No personal data is collected or stored.

Legal basis (GDPR): Legitimate interests (Article 6(1)(f)) - We have a legitimate interest in understanding how our Service is used to improve it for all users.

For more information about Pirsch Analytics and their privacy practices, visit pirsch.io/privacy.

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located.

When we transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers certified under the EU-U.S. Data Privacy Framework
  • Other legally approved transfer mechanisms

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service. Your continued use after such notification constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: contact@shotref.com

Terms of ServiceLegal InformationBack to Home