Privacy Policy

1. Who We Are

Signalshoot is operated by Yuki Oga, located in Japan. This policy describes how we collect, use, and protect information in connection with our Service.

2. Information We Collect

Account Information

When you sign up, we collect:

• Name and email address (from your GitHub account)
• Profile picture URL
• OAuth provider ID

Feedback Data

When your app sends feedback through our API, we receive:

• Feedback message content
• Feedback type, channel, and metadata you choose to send
• Optional end-user identifiers (user_id) if you include them
• Device and app version information if included in metadata

Important: Feedback data may contain personally identifiable information (PII) from your end users. As the data controller, you are responsible for ensuring appropriate consent and legal basis for collecting this data. We process it solely on your behalf as a data processor.

Usage Data

We automatically collect:

• API request logs (IP address, timestamp, endpoint)
• Dashboard usage patterns (pages visited, features used)
• Error logs via Cloudflare analytics

3. How We Use Information

• To provide and maintain the Service
• To authenticate your identity
• To process feedback data on your behalf
• To send service-related communications
• To monitor and improve service reliability
• To enforce our Terms of Service

We do not sell your data. We do not use feedback data for advertising or profiling.

4. Data Storage and Security

• Data is stored on Cloudflare's global infrastructure (D1 database).
• All data is encrypted in transit (TLS) and at rest.
• API keys are hashed before storage.
• Sessions use cryptographically secure tokens.
• Data is stored on Cloudflare D1 with platform-managed backups.

5. Data Retention

• Free plan: Feedback data retained for 6 months.
• Pro plan: Feedback data retained indefinitely.
• Infinite plan: Feedback data retained indefinitely.
• Account data: Retained while your account is active.
• Deleted accounts: All data permanently deleted within 30 days.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your data.
• Rectification: Correct inaccurate data.
• Deletion: Request deletion of your data.
• Portability: Export your data in a machine-readable format (JSON/CSV).
• Objection: Object to certain processing activities.

To exercise these rights, contact us at yu.development.vtoz+signalshoot@gmail.com.

GDPR (European Union)

If you are in the EU/EEA, our lawful basis for processing is contract performance (providing the Service you signed up for) and legitimate interest (improving our Service). For feedback data containing end-user PII, you as the data controller must ensure appropriate legal basis.

CCPA (California)

We do not sell personal information. California residents may request disclosure of what information we collect and request its deletion.

APPI (Japan)

We comply with Japan's Act on the Protection of Personal Information. Personal data may be processed on servers outside Japan (Cloudflare's global network). We handle personal information with appropriate security measures as required by APPI.

7. Third-Party Services

We use the following third-party services that may process your data:

• Cloudflare: Hosting, database, CDN, and AI translation
• Stripe: Payment processing (for paid plans)
• GitHub: OAuth authentication

8. Cookies

We use essential cookies only:

• fh_session: Authentication session token. HttpOnly, Secure. 30 days.
• fh-locale, fh-theme, fh-app-id: UI preferences. LocalStorage. No expiry.

We do not use advertising or tracking cookies.

9. Children

The Service is not intended for use by anyone under 18 years of age.

10. Changes

We may update this policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect.

11. Contact

For privacy-related questions, contact us at yu.development.vtoz+signalshoot@gmail.com.