Privacy Policy

Effective Date: May 20, 2026

This Privacy Policy explains how Shaker ("we", "us", "our"), operating at shakerapp.ai, collects, uses, stores, and protects your personal data when you use our Platform. We are committed to protecting your privacy and handling your data transparently and lawfully.

1. Data We Collect

1.1 Account Data

When you register, we collect:

  • Full name and email address
  • Password (stored as a bcrypt hash — never in plain text)
  • Account creation date and last login timestamp

1.2 Payment Data

All payment processing is handled by Paddle.com as our Merchant of Record. We do not store full card numbers, CVVs, or bank account details. We receive from Paddle only:

  • Paddle customer ID and subscription ID
  • Subscription status, plan, and billing dates
  • Country of billing (for tax purposes)

Paddle's privacy practices are governed by the Paddle Privacy Policy.

1.3 Usage and Technical Data

  • IP address and approximate geolocation (country/city level)
  • Browser type, OS, device type
  • Pages visited, features used, AI generation requests
  • Token usage and credit consumption per action
  • Project files and AI-generated content you create
  • Chat history with the AI assistant

1.4 Communication Data

  • Emails you send to our support team
  • Feedback and bug reports submitted through the Platform

1.5 Third-Party Authentication

If you sign in with Google OAuth, we receive your name, email address, and profile picture URL from Google. We do not receive your Google password. Google's use of data is governed by the Google Privacy Policy.

2. How We Use Your Data

We process your personal data for the following purposes:

PurposeLegal Basis
Provide the Platform and AI generation servicesContract performance
Process payments and manage subscriptionsContract performance
Send transactional emails (receipts, password reset)Contract performance
Prevent fraud and abuseLegitimate interest
Improve AI models and Platform quality (anonymised)Legitimate interest
Comply with legal obligations (tax, KYC)Legal obligation
Send marketing emails about Platform updatesConsent (opt-out available)
Detect security threats and monitor uptimeLegitimate interest

3. AI Processing and Third-Party AI Providers

To provide AI generation features, your prompts, project context, and uploaded files are sent to third-party AI providers. These providers process your input to generate responses. The following AI providers may receive your data:

We do not share your name, email, or payment data with AI providers. Only the content of your AI requests and project context is transmitted for the purpose of generating responses.

By using AI features, you acknowledge and accept that your prompts may be processed by the above providers subject to their respective privacy policies and data retention practices.

4. Cookies and Tracking

We use the following types of cookies and local storage:

  • Authentication: JWT token stored in localStorage to keep you signed in
  • Session: Session management for OAuth flows
  • Analytics: Anonymised usage data to improve the Platform
  • reCAPTCHA: Google reCAPTCHA v3 is used to prevent bot abuse

We do not use advertising cookies or sell your data to advertisers. You can clear browser storage at any time to remove all local tokens.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Paddle — payment processing and tax compliance
  • AI Providers — as described in Section 3
  • Coolify / Cloud Infrastructure — hosting and deployment operations
  • Law enforcement — only when required by valid legal process

6. Data Retention

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Project files and generated codeUntil deletion by user or account termination
Payment records7 years (legal/tax obligation)
AI usage logs (anonymised)12 months
Chat historyUntil project deletion
Server access logs90 days
Trial credits30 days from registration

7. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right of Rectification: Correct inaccurate or incomplete data
  • Right of Erasure: Request deletion of your data ("right to be forgotten")
  • Right of Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Restrict: Restrict processing of your data in certain circumstances
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time

To exercise these rights, email us at privacy@shakerapp.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are a resident of California (CCPA), you have additional rights including the right to know what personal information is sold or disclosed and to opt-out of such sale. We do not sell personal information.

8. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our infrastructure and some AI providers are located. When we transfer data from the EU/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions).

9. Data Security

We implement industry-standard security measures including:

  • TLS 1.2+ encryption for all data in transit
  • Bcrypt hashing for all passwords
  • JWT tokens with expiry for session management
  • PostgreSQL with restricted access credentials
  • Regular security updates to server infrastructure

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

10. Children's Privacy

The Platform is not intended for use by persons under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice on the Platform. Continued use of the Platform after the effective date of changes constitutes acceptance of the updated Policy.

12. Contact and Data Protection Officer

Shaker

Privacy inquiries: privacy@shakerapp.ai

General support: support@shakerapp.ai

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.