Privacy Policy

Who we are

The Service is operated by the team behind ShipREKT. For any privacy question or request, email us at hello@shiprekt.app. We act as the data controller for the personal data described here.

What we collect

We only collect what the Service needs to work:

• Your email address — login is passwordless, so we use your email to send sign-in codes and magic links, and for essential service and billing messages.
• Login & security events — sign-in timestamps, IP address and browser user-agent, used for authentication, rate-limiting and abuse prevention.
• Your public profile — display name, handle, headline, bio, skills, social links and your chosen shipping clock. You enter these and they are public by design.
• Your shipped products — product names, live URLs and descriptions you submit. These are public.
• Activity — streaks, REKT events, badges, follows, kudos you give, and reports you file.
• Payment data — membership payments are processed by Stripe. We never see or store your card details; we keep Stripe identifiers and subscription status (e.g. active, period end) to manage your membership.
• Technical data — server logs and a session cookie plus an optional "remember me" token so you stay signed in.

Cookies

We use a strictly necessary session cookie and an optional persistent "remember me" cookie to keep you logged in. We do not use advertising or third-party tracking cookies, and there is no cross-site ad tech.

How we use your data

To run your account and the challenge, authenticate you, take membership payments, prevent abuse, moderate reported content, and contact you about the Service. We do not sell your personal data, ever.

Legal bases (UK GDPR)

We rely on: performance of a contract (running your account and membership); legitimate interests (security, fraud and abuse prevention, moderation, and keeping the Service running); and consent where it applies, which you can withdraw at any time.

Who we share it with

We use a small set of trusted processors purely to deliver the Service:

• Amazon SES — to deliver login and service emails.
• Stripe — to process membership payments securely.
• Our hosting provider — to run the servers and store the database.
• We may also disclose data where required by law.

Public by design

Your profile, shipped products, streaks, REKT count, badges and kudos are public — that public accountability is the whole point of the Service. Do not put anything private in those fields.

Retention

We keep your account data while your account exists. Database backups rotate on a short cycle (around 14 days). If you delete your account, we remove your personal data within a reasonable period, except where we must keep limited records (for example, payment records for accounting and legal obligations).

Your rights

You can access, correct, export or delete your personal data, object to certain processing, and withdraw consent. Email hello@shiprekt.app and we'll action it. You also have the right to complain to the UK Information Commissioner's Office (ICO).

Security

We serve everything over HTTPS, store only hashed login and API tokens, and keep the database off the public web. No system is perfectly secure, but we take sensible measures to protect your data.

Children

The Service is not intended for anyone under 16. We do not knowingly collect data from children.

Changes

We may update this policy; we will change the "last updated" date above and, for material changes, let members know.

Written to be genuinely useful and provided in good faith — but this is not legal advice. Have it reviewed by a qualified solicitor before you rely on it, and confirm your operating entity and contact details.