Privacy Policy

Your privacy

This policy explains how Shono collects, uses, and protects your personal data when you use the app.

Last updated: February 8, 2026

Who is responsible?

Shono (“we”) is the data controller for the processing described in this policy.

Contact: hello@shono.app (Paris, France)

What Shono does

Shono is a digital guestbook. Hosts create events and invite guests to submit photos, videos, audio, and text so hosts can revisit them later.

Data we collect

Hosts (accounts)

  • Account data (e.g., login email)
  • Profile (display name, optional avatar)
  • Events (title, description, date, settings, slug)

Guests (submissions)

  • Guest name (optional) and message/caption
  • Submitted media (photos, videos, audio, text)
  • Technical data (file type, size, duration, dimensions, filename)
  • Security data (IP hash, user-agent, device identifier if provided)

Payments

Payments are processed by Stripe. We do not store your full card details; Stripe handles payment information under its own policies.

Cookies & analytics

We use essential cookies/storage for the service to work (authentication, security). We may later add analytics (e.g., PostHog) or support chat (e.g., Crisp); we will update this policy if we do.

How we use your data

  • Provide and maintain the service (events, collecting and displaying memories)
  • Moderation and abuse prevention (e.g., prohibited content, spam)
  • Security, fraud prevention, and incident troubleshooting
  • Billing and purchase management
  • Customer support and service communications

Legal bases (GDPR)

  • Contract performance: to provide the service to hosts.
  • Legitimate interests: to secure the platform and prevent abuse.
  • Consent: when required for certain cookies/analytics.
  • Legal obligations: accounting, compliance, and lawful requests.

Sharing of data

Guests submit content for an event: that content is accessible to the event host. Depending on event settings, it may also be visible to other guests (e.g., gallery).

We use service providers (processors) to operate the service, for example: Supabase (authentication), Cloudflare R2 (media storage), Stripe (payments), and our hosting provider.

We do not sell your personal data.

Retention

We keep data for as long as necessary to provide the service, comply with legal obligations, and resolve disputes. Hosts can delete events and content; certain technical logs may remain for a limited period for security and compliance.

International transfers

Some service providers may process data outside the European Economic Area. Where applicable, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) when required.

Your rights

You can request access, rectification, deletion, restriction, portability, or object to certain processing. You can also withdraw consent at any time when processing is based on consent.

To exercise your rights: hello@shono.app

You can also lodge a complaint with the CNIL (France) or your local supervisory authority.

Changes

We may update this policy. The “Last updated” date at the top indicates the current version.

This document is provided for informational purposes and is not legal advice. Please have it reviewed by a qualified professional if needed.