Shtello Legacy
Sign inStart your legacy

Privacy Policy

Last updated: 6/9/2026

This is a working draft. The final version will be reviewed by counsel before public launch.

What we collect

  • Account data — name, email, phone, country/state, birthday, gender, optional social handles, and the messages and Taps you record.
  • Authentication data — login times, IP address at signup and at each login.
  • Approximate location — derived from your IP address each time you connect to the service (city / region / country level).
  • Precise location (optional) — if you turn on location consent in your profile, your device's GPS coordinates when you make a Tap. You can revoke this at any time.
  • Device and app activity — pages visited, features used, errors, browser and OS, for service improvement and abuse prevention.

Why we collect it

  • Operating the service — delivering Taps, sending Time Trigger reminders, processing membership payments, providing customer support.
  • Security and fraud prevention — detecting account takeovers, abuse, spam, and unusual login patterns. IP-based location helps us flag suspicious sign-ins.
  • Future location-based features — Shtello Places and similar features that let Taps surface in the places they were made.
  • Aggregate analytics — counts and trends across regions and tiers, to understand how the service is used.
  • Marketing — letting you know about new features, occasional offers, and (only with your consent) relevant communications.
  • Legal compliance — responding to lawful requests and complying with applicable law.

What we never do

  • We do not sell your personal information.
  • We do not use the contents of your Taps for advertising, model training, or any purpose other than delivering them to the recipients you have chosen.
  • We do not share your precise GPS coordinates with third parties.

Where it lives, how long, and your rights

Personal data is stored encrypted at rest on US-based servers (Supabase on AWS US regions). Access is restricted by per-user row-level security in our database. We retain account data for as long as the account is active, plus a reasonable period to satisfy legal and audit requirements. You can request export or deletion of your data at any time by emailing privacy@shtello.com.

Cookies & tracking

We use first-party cookies needed for authentication and session continuity. We do not currently use third-party advertising or tracking pixels.

Children

Shtello Legacy is not intended for children under 13. If you believe a minor has created an account, please email privacy@shtello.com and we will remove it.

Changes

We will publish material changes here and notify members by email at least 14 days before they take effect.