Privacy Policy

We keep this simple: SHOTT collects what it needs to run the app, never sells your data, and gives you control to delete everything.

1. Who we are

SHOTT ("we", "us", "our") is a photography challenge platform. When you use the SHOTT app or website, you trust us with your information. This policy explains what we collect, why, and how we protect it.

2. Information we collect

Account information — When you register, we collect your name, email address, and the password you create (stored as a secure hash, never in plain text).

Profile information — Username, profile photo, and any bio you choose to add. All optional except username.

Photos you submit — Challenge submissions are uploaded to our secure storage and, if marked public, shown on the in-app feed.

Usage data — Pages visited, challenges attempted, streaks, points, and interactions (likes, comments, follows) inside the app.

Device information — Device model, iOS version, timezone, and a device identifier used solely to send push notifications.

Location — We do not collect precise GPS location. If you choose to geotag a photo, that metadata is embedded by your device and you can remove it before uploading.

3. How we use your information

To operate the app and provide challenge, leaderboard, and social features
To send push notifications about new challenges and activity on your posts
To calculate points, streaks, and rankings
To prevent abuse, spam, and violations of our Community Standards
To improve the app based on aggregate, anonymised usage patterns
To respond to support requests you send us

We do not use your data for advertising. We do not build advertising profiles. We do not sell your data to third parties.

4. Sharing your information

We share data only in the following limited circumstances:

Service providers — We use Supabase (database and auth), Apple (push notifications and App Store), and a CDN provider to store and serve photos. Each is bound by a data processing agreement.
Other users — Your username, avatar, public submissions, and public activity (likes, comments, follows) are visible to other SHOTT users when your account is set to public.
Legal requirements — We may disclose information if required by law, court order, or to protect the safety of our users.

5. Data retention

We keep your data as long as your account is active. When you delete your account, your profile, submissions, and personal data are permanently removed within 30 days. Aggregate analytics that cannot be traced back to you may be retained.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. You can:

Edit or delete your profile and photos directly in the app
Delete your account in Settings → Account → Delete Account
Request a copy of your data by emailing privacy@getshott.app

EU and UK users have additional rights under GDPR. California residents have rights under CCPA. Contact us and we will respond within 30 days.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed using bcrypt. We perform regular security reviews and do not store payment information — all purchases go through Apple's App Store.

8. Children

SHOTT is not directed to anyone under 13. If we become aware that a child under 13 has created an account, we will delete it promptly. Users between 13 and 17 require parental consent where applicable by local law.

9. Changes to this policy

If we make material changes, we will notify you in the app and update the "Last updated" date above. Continued use after changes are posted means you accept the revised policy.

10. Contact

Questions or requests: privacy@getshott.app