Privacy Policy — Shoe Who?

Effective date: January 2, 2026

Last updated: January 2, 2026

Operator: Shoe Who? (personal project by an individual developer) ("we", "us")

Operator location: Aarhus, Denmark

Contact: info@domain.com

Primary regions: European Union (EU)

Shoe Who? is a social compatibility / match game platform where users create games, invite players, answer questions, and view results.

1) Scope

This policy explains what information we collect, how we use it, and your choices when using Shoe Who?.

2) User Types

Shoe Who? supports:

  • Registered users (email/password account)
  • Guest users (no registration)

Guests may later create an account and claim/link games (where supported).

3) Information We Collect

A) Information you provide

Registered users

  • Email address
  • Password (stored in hashed form by our authentication provider)
  • Name / display name
  • User ID (UUID)

Guest users

  • Name / display name (typically stored locally on your device)
  • Game participation data

Game data (for all users)

  • Player names
  • Answers / responses
  • Game results and match scores
  • Game settings and preferences
  • Invite tokens and host tokens (used to join games)

B) Information collected automatically

  • Authentication session tokens (cookies)
  • IP address (processed by our service provider for security/operations)
  • Error logs and debugging information
  • Performance metrics
  • Session replay data (via Sentry, with masking enabled)

Note: Session replay masking helps reduce collection of sensitive information, but no masking system can guarantee that sensitive data is never captured (for example, if you enter it into non-standard fields or custom inputs).

4) Where We Store Data

Supabase (PostgreSQL database, EU region)

  • User accounts (registered users)
  • Game data, answers, results
  • Authentication-related identifiers/tokens needed to run sessions

Local storage on your device (browser localStorage)

  • Guest host identities (30-day expiration)
  • Guest player identities (30-day expiration)
  • Host tokens and invite tokens (to continue games/invitations)

Cookies

  • Authentication session cookies managed by Supabase (secure, httpOnly where applicable)

5) How We Use Your Information

We use the information to:

  • Provide gameplay features (create games, invite players, collect answers, calculate results)
  • Authenticate users and manage accounts
  • Send account emails (verification if enabled, password reset)
  • Maintain security and prevent abuse
  • Monitor reliability and fix bugs (error tracking and performance monitoring)

6) Legal Bases (EEA/EU)

If you are in the EEA/EU, we process personal data based on:

  • Contract (to provide the service you request)
  • Legitimate interests (security, preventing abuse, debugging, improving performance)
  • Consent where required by law (e.g., certain cookies/technologies)

7) Third-Party Services

We do not sell personal information.

We use the following providers to operate the service:

Supabase

  • Authentication (email/password, session management)
  • Database hosting and processing (PostgreSQL)
  • Email services for verification and password resets

Sentry

  • Error tracking and diagnostics
  • Session replay (masking enabled)
  • Performance monitoring

Vercel

  • Hosting for the web app and server-side/API execution

We may also disclose information if required by law or to protect the security and integrity of the service.

8) Data Retention

We keep data only as long as necessary for the purposes in this policy:

  • Guest identities/tokens in localStorage: expire after 30 days (or sooner if you clear browser data).
  • Registered account data: retained until you delete your account.
  • Game data (registered users): retained until deleted by the host/account owner, or automatically deleted after 12 months with no activity on that game.
  • Guest games not claimed: automatically deleted after 90 days.
  • Diagnostics/logs (e.g., Sentry): retained for up to 30 days.

We may retain limited information longer if required for security, fraud prevention, or legal compliance.

9) Security

We use reasonable safeguards including:

  • Password hashing (handled by Supabase)
  • Secure session cookies (httpOnly/secure where applicable)
  • Database access controls and row-level security (RLS)
  • Token-based authentication for invitations/hosts
  • Sensitive data filtering and replay masking in diagnostics tools

No method of transmission or storage is 100% secure, but we work to protect your information.

10) Your Rights & Choices

You can:

  • Access or correct your account information (where available)
  • Request deletion of your account and associated data by contacting info@domain.com
  • Reset your password via email
  • Clear guest data by clearing site/app storage in your browser settings

If you are in the EU/EEA, you may also have rights to access, delete, restrict, object, and request portability of your personal data, and to lodge a complaint with a data protection authority.

11) Age Requirement

Shoe Who? is intended for users 18 years or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact info@domain.com and we will take appropriate steps to delete it.

12) International Transfers

Our providers may process data in other countries depending on their infrastructure. Where required, we rely on appropriate safeguards for international transfers.

13) Changes to This Policy

We may update this policy from time to time. The effective date will change when updates are posted. If changes are material, we will provide notice within the app or on the website.

14) Contact

For privacy questions or requests: info@domain.com

← Back to Home