Privacy Policy

Last Updated: April 1, 2026

Our Privacy-First Philosophy

At Shatuga, we believe privacy is a fundamental right. We are committed to data minimization, transparency, and putting you in control of your information. This Privacy Policy explains our practices in clear, straightforward language.

Cookies and Tracking

We do not use cookies for tracking visitors.

Our website only uses essential cookies that are strictly necessary for the site to function properly. These cookies do not collect any personal information and cannot be used to identify you.

What cookies do we use?

  • Essential Cookies Only: Required for basic site functionality, such as maintaining your session state and ensuring secure connections. Cookies used for device recognition may persist for a defined retention period, even after you close your browser. Session cookies expire immediately upon closing your browser and are not stored beyond your active visit.
  • No Analytics or Tracking: We do not use Google Analytics, Facebook Pixel, or any other visitor tracking technologies.
  • No Advertising Cookies: We do not serve advertisements or use cookies for marketing purposes.
  • No Third-Party Tracking: We do not allow third-party services to set cookies on our site for tracking purposes.

Note: While essential cookies don't require consent under GDPR and CCPA, we believe in transparency and want you to know exactly what's happening on our site.

Data Collection Principles

We follow strict data minimization principles:

For Website Visitors (No Account)

We do not actively collect personal information from visitors to our website. Any technical data that may be logged by our hosting provider (Cloudflare Pages) is used solely for:

  • Security and abuse prevention
  • Technical troubleshooting and performance optimization
  • Compliance with legal obligations

When You Sign Up for Our Services

We only collect and store information that is necessary to provide you with the service you requested.

This may include:

  • Account Information: Name, email address, and authentication credentials
  • Service Data: Information you provide while using our services (e.g., emails in Shatuga Mailer, time blocks in Shatuga Timefinder)
  • Technical Data: IP address, browser type, and device information for security and service delivery

Purpose Limitation: We only use your data for the specific purpose you provided it for. We never sell, rent, or share your personal information with third parties for marketing purposes.

Your Data Rights

You are in complete control of your data. Under GDPR, CCPA, and other privacy laws, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Data Portability

Download all your data at any time in a portable, machine-readable format (JSON/CSV). No questions asked.

Right to Erasure

Delete your account and all associated data at any time. This is permanent and cannot be undone.

Right to Correction

Update or correct any inaccurate personal information.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

Right to Object

Object to certain types of data processing.

How to Exercise Your Rights

For services you've signed up for, you can exercise these rights directly through your account settings:

  • Download Your Data: Available in your account dashboard - export all your data with one click
  • Delete Your Account: Permanently delete your account and all data from your account settings
  • Update Information: Edit your profile and account information at any time

For additional assistance or questions, contact us at [email protected]

Data Retention

We retain your data only as long as necessary to provide you with the service:

  • Active Accounts: Data is retained while your account is active
  • Inactive Accounts: After 12 months of inactivity, we will notify you and may delete your account
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law (e.g., financial records)

Data Security

We take security seriously and implement industry-standard measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure data centers and infrastructure

Third-Party Services

Our website is hosted on Cloudflare Pages. Cloudflare may collect certain technical information for security and performance purposes. You can review Cloudflare's privacy policy at cloudflare.com/privacypolicy.

We carefully vet any third-party services we use and ensure they meet our privacy standards.

Google User Data

Some Shatuga services (such as Shatuga Mailer and Shatuga Timefinder) allow you to connect your Google account via OAuth 2.0. This section explains exactly how we handle any Google user data we access.

What Google Data We Access

Depending on the Shatuga service you use, we may request access to the following Google data:

  • Shatuga Mailer: Read and send Gmail messages, manage email labels and threads — solely to provide the email management features you request within the app.
  • Shatuga Timefinder: Read and write Google Calendar events and availability — solely to schedule and coordinate time blocks on your behalf.

We only request the minimum OAuth scopes necessary to provide the specific feature you are using. We do not request access to Google data we do not need.

How We Use Google User Data

Google user data is used exclusively to operate the specific Shatuga service you connected your Google account to. We do not:

  • Use your Google data to train AI or machine learning models
  • Use your Google data for advertising or marketing purposes
  • Analyze your Google data for any purpose beyond delivering the service you requested
  • Combine your Google data with data from other sources for profiling

How We Store Google User Data

Any Google user data we access or cache is:

  • Encrypted in transit (HTTPS/TLS) and at rest
  • Retained only as long as necessary to provide the service (see Data Retention above)
  • Deleted promptly when you disconnect your Google account or delete your Shatuga account
  • Stored with strict access controls — only the systems and personnel necessary to operate the service can access it

How We Share Google User Data

We do not sell, rent, or share your Google user data with any third parties. Your Google data is never disclosed to other companies or individuals except in the following limited circumstances:

  • Service Providers: Sub-processors who assist in operating our infrastructure (e.g., hosting, databases) under strict confidentiality and data protection agreements, and only to the extent necessary to perform their services
  • Legal Requirements: If required by law, court order, or to protect the rights and safety of our users or the public

Any sub-processors who may handle Google user data are bound by data processing agreements that prohibit them from using the data for any purpose other than providing services to Shatuga.

Revoking Google Access

You can revoke Shatuga's access to your Google account at any time by:

  • Disconnecting the integration in your Shatuga account settings
  • Visiting Google Account Permissions and removing Shatuga from the list of connected apps

Upon revocation, we will stop accessing your Google account and delete any cached Google data within 30 days.

Google API Services User Data Policy

Shatuga's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR and other applicable laws.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification if you have an account with us
  • Displaying a prominent notice on our website

Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have privacy concerns, please contact us:

Email: [email protected]
Response Time: We aim to respond to all privacy requests within 30 days

Regulatory Compliance

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) - European Union
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Google API Services User Data Policy (including Limited Use requirements)
  • Other applicable state and international privacy laws
← Back to Home