Back

Privacy Policy

This policy explains how Shiny handles personal data across the mobile app, website, and API for account access, shared-home collaboration, notifications, diagnostics, analytics, support, and subscription management.

Last updated: 13 April 2026

Controller, scope, and audience

Shiny is operated by Alexandru Ciprian Craciun. Privacy requests and general legal questions can be sent to goshinyapp@gmail.com.

This policy applies to the Shiny mobile app, the related website, and the API that powers account access, shared-home features, notifications, and support workflows.

Shiny is intended for a general audience aged 16 and older and is not directed to children under 16.

Data Shiny collects

Shiny collects the data needed to create and run your account, synchronize your homes and chores, protect the service, and support the mobile experience.

  • Account and profile data such as your name, email address, password hash, locale, avatar URL, account identifiers, linked sign-in providers, and onboarding or subscription state.
  • Shared-home content such as homes, rooms, devices, chores, assignments, schedules, completions, activity history, invitation codes, and other content you create or join inside the service.
  • Authentication and security records such as session tokens, session timestamps, password reset or email verification records, IP addresses, user agents, and abuse-prevention metadata handled by the backend.
  • Social sign-in data received from Apple or Google, such as provider subject identifiers, email address, and the display-name fields they return for sign-in or account linking.
  • Notification and device data such as notification preferences, notification time, installation ID, Expo push token, permission status, platform, and device name used for mobile push registration.
  • Subscription and billing data such as store platform, product ID, RevenueCat app user ID, RevenueCat customer identifier, purchase token, transaction ID, access status, and renewal state. Shiny does not directly receive your full payment card details from Apple or Google.
  • Support and bug-report data such as report text, optional image or video attachments, and contextual technical metadata about the app version, build version, device, locale, route, and navigation path when you submit a report.
  • Diagnostics and product-analytics data such as app version, screen names, event metadata, route context, device metadata, and crash information generated while the app is being used.

How Shiny uses personal data and legal bases

Shiny uses personal data to provide the service, secure accounts, operate shared homes, support notifications, verify subscriptions, review support issues, understand product usage, and comply with legal obligations.

Depending on your location, the main legal bases are performance of a contract, legitimate interests, consent where a device or platform permission is required, and compliance with legal obligations.

  • Contract: create and manage accounts, sign you in, synchronize homes and chores, apply subscription access, and provide core product functionality.
  • Legitimate interests: protect the service from abuse, prevent fraud, investigate bugs, monitor reliability, improve product quality, and maintain audit or security logs.
  • Consent or device permission: send push notifications, access your photo library for avatar changes or bug-report attachments, and use optional Apple or Google sign-in instead of email/password.
  • Legal obligation: retain limited data when needed for tax, accounting, consumer-protection, fraud-prevention, or legal-response purposes.

Shared homes and account visibility

Shiny is designed for shared-home collaboration. If you create or join a home, other members of that home may see the data needed for the shared workflow, including your display name, avatar, task assignments, completion history, and the home content you add or edit.

If you invite other people into a home, you are responsible for deciding what information you share there.

Mobile permissions and data stored on your device

The mobile app stores some data locally so it can keep you signed in and remember notification state on your device.

  • Secure device storage: session token, session expiry, locale, cached user snapshot, and related session timestamps are stored locally using secure storage where available.
  • Local app storage: notification installation IDs and prompt-handled flags are stored locally so the app can manage mobile push registration consistently.
  • Photo library access: the mobile app requests media-library access when you choose an existing image or video for your avatar or for a bug report.
  • Shiny does not use App Tracking Transparency for cross-app advertising tracking in the current mobile implementation.

Notifications, analytics, and diagnostics

If you allow notifications, Shiny registers your device with the backend and uses Expo's push service together with Apple Push Notification service or Firebase Cloud Messaging to deliver reminders, assignments, and recap updates.

Shiny uses Aptabase Cloud for event-based product analytics on mobile. The current implementation is intended to stay anonymous and does not intentionally send your name or email in analytics event payloads.

Shiny uses Sentry for crash reporting and diagnostics. Because mobile diagnostics are configured with default personally identifiable information enabled, crash reports may include identifiers such as your user ID, name, email, locale, route, app version, device information, and technical traces or breadcrumbs related to the failure.

Processors, partners, and recipients

Shiny does not sell personal data. Personal data is shared only when needed to operate the service, process your requests, protect the platform, or comply with law.

  • Hosting, database, and infrastructure providers chosen by Shiny to run the website, API, and related systems.
  • Apple and Google for sign-in, app-store billing, and core mobile platform services.
  • RevenueCat for mobile subscription status, customer management, and webhook delivery.
  • Expo and the relevant mobile push providers for notification token handling and push delivery.
  • Aptabase Cloud for mobile product analytics.
  • Sentry for mobile crash reporting, error monitoring, and diagnostic review.
  • Backblaze B2-compatible object storage used for avatar uploads and delivery.
  • Linear for mobile bug-report intake and any attachments you choose to upload with a report.
  • The configured email-delivery provider, if account-verification, password-reset, or email-change messages are enabled.
  • Authorities, courts, advisors, or counterparties where disclosure is required by law or reasonably necessary to establish, exercise, or defend legal claims.

International transfers and retention

Some providers used by Shiny may process data outside your country or outside the EEA. Where required, Shiny relies on contractual, technical, and organizational safeguards that are intended to support lawful international transfers.

Shiny keeps personal data for as long as needed to provide the service, maintain shared-home records, verify subscriptions, investigate incidents, resolve disputes, and meet legal obligations.

  • Account and shared-home data are generally kept until you or another authorized user deletes them, or until the account is deleted.
  • Local mobile session data remain on your device until you sign out, remove the app, or the stored session is cleared or expires.
  • Push-device records may be removed when you sign out, disable permission, delete the device registration, or after stale-device cleanup.
  • Security, diagnostic, analytics, billing, and support records may remain for a limited period after deletion where reasonably required for fraud prevention, audit, troubleshooting, or legal compliance.

Your rights and choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or port certain personal data. You may also have the right to withdraw permissions you previously granted on your device.

  • Access and correction: update profile details, avatar, locale, password, and connected sign-in methods from the app where those controls are available.
  • Account deletion: use the in-app delete-account flow or contact goshinyapp@gmail.com. Some limited records may still be retained where legally permitted or required.
  • Notifications: change notification preferences in the app and revoke push permission in your device settings at any time.
  • Subscriptions: manage cancellation, renewal, or refunds through Apple or Google according to the store you used for the purchase.
  • Support data: avoid uploading sensitive personal data in bug reports unless it is necessary to explain the issue you want reviewed.

Controller details, complaints, updates, and contact

Controller details: Alexandru Ciprian Craciun, Via Genova 7, 52100 Arezzo, Italy. Privacy requests and general legal questions can be sent to goshinyapp@gmail.com.

If you have a privacy concern, contact goshinyapp@gmail.com first so Shiny can try to resolve it. If you are in the EEA or another region that provides this right, you may also complain to your local supervisory authority.

Shiny may update this policy when features, legal requirements, or processors change. The latest version date is shown at the top of the document, and material changes may also be highlighted inside the product or on the website.