Privacy Policy
Last updated: 9 June 2026
We collect only what we need to run Sha, and we try to be transparent about how it moves. Here is exactly what we gather, why, and the rights you have over it.
01 Introduction
This Privacy Policy describes what personal data we collect when you use Sha, how we use it, who we share it with, and the rights you have over it. We aim to collect only what we need to run the App and to be transparent about how it moves.
02 Data You Provide Directly
When you create an account we collect your first name, surname (optional), and the identifier you signed up with: a phone number (verified by a one-time SMS code), an email address with a password (stored only as a salted hash by Supabase Auth), or the credential returned by Sign in with Google or Sign in with Apple. You can optionally add a profile picture, a country, optional social-media handles for platforms such as Instagram, TikTok, X, Facebook, YouTube and LinkedIn, and choose whether those handles are visible to "Friends" or to "Everyone". When you create plans, ideas, comments, to-dos and RSVPs you provide the text, dates, times, locations, URLs, vote selections and other content of those items. When you ask Ask Sha a question (by typing, or by speaking in voice mode), the text of your question is sent on to our AI provider — Google's Gemini API, or Anthropic's Claude API when Gemini is unavailable — along with the specific Sha data needed to answer it; see Section 10 below. When you report content or a user, you provide the reason you select and any optional details you type; this is sent to our support inbox so we can review and act on it.
03 Data Generated By Use
When you use the App we record information needed to operate it: your friend relationships, any users you suppress or block, group memberships, weekly availability you choose to share, attendance check-ins after plans pass, read receipts on comments, your subscription tier and billing status, and your timezone and quiet-hours window (used to time notifications to your local clock). When you use Ask Sha we store the back-and-forth conversation history against your account so you can pick the thread up later, and a rolling count of how many questions you have asked in the past 7 days for rate-limit enforcement. On native apps we store a push device token (FCM on Android and web, APNs on iOS) and a stable device identifier so push notifications reach the right device. We also collect pseudonymous product-analytics events through Google Analytics for Firebase — for example which screens you open and which features you use (such as creating a plan, casting a vote, or asking Ask Sha) — keyed to your Sha account identifier (never your email or other contact details) so we can understand how the App is used and improve it. These analytics are first-party and are never used for advertising or sold to anyone.
04 Calendar & Location Data
If you connect a Google Calendar we receive a read-only OAuth refresh token that we use to fetch the calendar events you explicitly choose to import. We do not store events you do not import. When you type into the location field on a plan or idea, your in-progress text is sent to the Google Places API along with a country bias so suggestions are relevant to where you are. We do not collect background GPS location at any point.
05 Payment Data
Subscription payments are processed by Stripe (web) and Apple / Google (in-app purchases routed through RevenueCat). We never see or store your full card or banking details. We do store a Stripe Customer ID and a RevenueCat App User ID against your account so we can read subscription status, expose the Customer Portal link, and apply Sha Pro entitlements.
06 Friend Code & Wallet Passes
Every account is issued a 6-character Friend Code. The code is essentially public — anyone with it can request to add you. Apple Wallet and Google Wallet passes contain only your Friend Code and a deep link back to the App. We do not include your name, photo, location or anything else on the pass beyond what you choose to display.
07 How We Use Your Data
We use your data to authenticate you, deliver the App and its features (showing your plans and friends' plans, fanning out invites, recording RSVPs and votes), enforce the limits between Free and Sha Pro, send notifications you have opted into, render friend suggestions based on mutual connections (shown only once you have at least three friends), route attendance check-ins after a plan passes, enforce blocks between users, secure the service against abuse, and respond to your support requests and review and act on reports of objectionable content.
08 Legal Bases (UK GDPR)
We process your personal data on the following bases: performance of our contract with you (operating the App), our legitimate interests (security, abuse prevention, improving the App), your consent (for optional permissions such as push notifications, calendar access, marketing emails, and using social-media handles), and compliance with legal obligations.
09 Who We Share Data With
We do not sell your data and we do not show you behavioural advertising. We share the minimum necessary data with the third-party processors below to run the App. We may also disclose data when legally compelled to do so.
10 Ask Sha and AI Providers
Ask Sha is an in-App AI assistant that answers natural-language questions about your own Sha data — your plans, ideas, friends, groups, to-dos, RSVPs, comments, availability, and the App's own how-to documentation. Each question you ask is sent to a large-language-model provider along with the specific data the assistant needs to answer it: typically plan or idea titles and dates, friend first names, RSVP statuses, vote tallies, to-do titles, and comment text on the plan or idea the assistant is reading from. By default questions are handled by Google's Gemini API. If Gemini is temporarily unavailable, the same question and data are sent instead to Anthropic's Claude API as a fallback so the assistant still works; and for a limited share of the most complex questions asked by Sha Pro subscribers we use a more capable Gemini model. Google and Anthropic have each confirmed that data sent through these paid API integrations is not used to train their models. If you ask by voice, your speech is transcribed to text by your device's own operating-system speech recognition (Apple's on iOS, Google's on Android) before that text is sent to the provider — we do not receive or store the raw audio. The assistant's written answer is then sent to Google's Cloud Text-to-Speech API, which returns the spoken audio that is read back to you; Google processes that answer text only to generate the audio and does not use it to train its models. We log each question against your account so we can enforce a weekly rate limit (currently 10 questions per rolling 7 days on the Free tier and 200 on Sha Pro; figures subject to change and surfaced in-App), record which model answered it and its token usage for cost monitoring, and keep your back-and-forth conversation history available the next time you open the assistant. You can clear the conversation at any time using the trash icon in the chat sheet, which archives it server-side. Ask Sha is scoped to your own account: it can only read another user's availability when that user is your accepted friend AND they have not turned off "Availability visibility" in their privacy settings, and it never exposes another user's notifications, account-level data or private content.
11 Third-Party Processors
Sha relies on: Supabase (Postgres, Auth, Storage, Edge Functions, Realtime broadcast) — primary backend and database; Stripe — web subscription billing; RevenueCat — iOS/Android subscription routing; Twilio — SMS one-time-code delivery for phone-based signup, login and account recovery; Resend — delivery of our transactional and notification emails (e.g. email verification, plan and idea notifications, and support and content-report emails), which means Resend processes the recipient email address and the contents of those messages; Google — Sign in with Google, Google Calendar API (only when connected), Google Places API (when typing location), Google Wallet (when adding a pass), Google Gemini API (when you use Ask Sha), Google Cloud Text-to-Speech API (which receives the assistant's answer text to synthesize the spoken audio in voice mode), and Android device speech recognition for Ask Sha's voice mode; Anthropic — the Claude API, used as the fallback model for Ask Sha when Gemini is unavailable; Apple — Sign in with Apple, Apple Push Notification Service on iOS, Apple Wallet (when adding a pass), and iOS device speech recognition for Ask Sha's voice mode; Firebase — Cloud Messaging for push routing on Android and web, and Google Analytics for Firebase for pseudonymous product-usage analytics; Capacitor and its native plugins on iOS / Android, including the Contacts plugin used by the "Find friends from contacts" flow and the speech-recognition plugin behind Ask Sha's voice input. Each provider has its own privacy policy that applies to data they receive.
12 Visibility to Other Users
Information shared inside the App is visible to people in the relevant context: friends see your name, surname, profile picture, social-media handles (if you chose "Friends" or "Everyone") and the availability you have explicitly shared (unless you have turned "Availability visibility" off in your privacy settings); plan and idea participants see your name, picture, RSVP or vote status, comments and to-do activity in that plan or idea; group members can see who else is in the same group. Your Friend Code is visible to anyone you give it to. When you share a Plan or Idea invite link with someone who is not yet on Sha, the preview they open shows limited details of that Plan or Idea (such as its title, date, time and location) and the first names and profile pictures of a few of its invitees, so they can see what they are being invited to before signing up. Someone you have blocked, or who has blocked you, cannot see your profile or content anywhere in the App, and you cannot see theirs.
13 Realtime Broadcasts
When something changes inside the App (an RSVP, a new comment, a vote, a to-do, an attendance check-in) the server publishes a small "something changed" broadcast on a per-user, per-plan or per-idea channel so the clients viewing the affected screen refresh. These broadcasts carry the minimum identifying information needed — typically just IDs — and never include comment text, message bodies or other sensitive content.
14 Cookies & Local Storage
We use first-party local storage on the web to remember your session, theme, view settings and an offline cache of recent data so the App opens quickly, plus first-party identifiers set by Google Analytics for Firebase to measure product usage (see Section 3). We do not use third-party advertising cookies or behavioural ad-tracking, and we do not sell your data. On native apps the equivalent data lives in the platform's secure preferences store.
15 Device Permissions
The App will ask your operating system for the following permissions, all of which are optional: push notifications (to send you in-App alerts you have opted into), camera (to scan a friend's QR-code for their Friend Code), microphone (only when you use Ask Sha's voice mode — your speech is transcribed to text by your device's operating-system speech recognition and only that text is sent to us; we do not record or store the audio), calendar access via Google's OAuth screen (if you choose to import from Google Calendar), and contacts access (only when you use the "Find friends from contacts" flow — phone numbers are read locally on your device, normalised, and sent to our server to match against existing Sha accounts; we do not retain your contact list after the match completes). You can revoke any of these at any time from your device settings and from in-App.
16 International Transfers
Our backend infrastructure (Supabase) is currently hosted in the EU (eu-west-1). Some of our processors (such as Stripe, Twilio, Google, Anthropic and Apple) may transfer data to the United States or elsewhere under their own approved transfer mechanisms (Standard Contractual Clauses or equivalent). Where we transfer data outside the UK / EEA we rely on those safeguards.
17 Data Retention
We keep your account data for as long as your account is open. When you delete your account from Settings, your profile and the content you created (plans, ideas, comments, to-dos, votes, RSVPs, groups you own, friendships, and Ask Sha conversation history) are deleted from the live database via cascading Postgres relationships. One-time verification codes, push device tokens and other ephemeral records expire on their own timers. Encrypted backups may retain copies briefly for disaster recovery, on a rolling window of no longer than 30 days. Support emails and content reports you send us are kept for so long as we need to resolve and audit the request.
18 Security
All traffic is encrypted in transit over HTTPS. Passwords are stored hashed and salted by Supabase Auth and never seen by us in plain text. JWTs from the auth provider are verified by signature locally on the edge function so requests cannot be forged. We rate-limit sensitive endpoints (sign-in, OTP verification, billing, AI questions) and gate administrative operations behind a server-side secret. We follow industry-standard practices but cannot guarantee absolute security; if a breach affects your data we will notify you and the ICO without undue delay as required by law.
19 Your Rights
Under UK / EU data-protection law you have the right to access the personal data we hold about you, to ask us to correct it, to ask us to delete it (the in-App "Delete account" flow exercises this for you), to receive an export of it, to restrict or object to processing, and to withdraw consent at any time for processing based on consent. To exercise any of these rights, contact us at the address below. You can also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local data-protection authority.
20 Children
Sha is not directed at children under 13 and we do not knowingly collect data from anyone under that age. If you believe we hold data about a child please contact us and we will delete it.
21 Marketing
We may occasionally send product-update emails to users who have opted in. You can opt out at any time from Settings or via the unsubscribe link in any such email. We never sell your email address.
22 Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date above reflects the latest version. Material changes will be announced in-App. Continued use after a change means you accept the new policy.
23 Contact
For privacy questions, data-subject requests or any other matter under this policy, contact support@shasocial.com.