ShiverbrandShiverbrand

Privacy Policy

Last updated: April 17, 2026

1. Information We Collect

When you use Shiverbrand, we collect the following information:

  • Account data: email address, name (when you sign up or use Google OAuth)
  • Project data: brand concepts, generated names, design systems, and exports you create
  • Usage data: pages visited, features used, generation counts
  • Device data: browser type, operating system, screen resolution (for analytics and fraud prevention)
  • Browser fingerprint: a hashed identifier derived from browser characteristics, used solely to prevent abuse and multi-account fraud — not for tracking or advertising

2. How We Use Your Information

  • Provide, maintain, and improve our services
  • Generate brand names, design systems, and export prompts
  • Prevent fraud, abuse, and multiple free account creation
  • Send service-related communications (password resets, security alerts)
  • Analyze usage patterns to improve features (aggregated, non-personal)

3. Third-Party Services

We use the following third-party services:

  • Supabase: authentication, database, and storage (hosted in AWS, US)
  • Vercel: hosting and deployment
  • Google OAuth: sign-in authentication
  • Stripe: payment processing (if subscribed to a paid plan)
  • Google Gemini / Groq / Mistral: AI model providers for name and content generation (no personal data is sent — only brand concepts)
  • Namecheap: domain availability checks and purchase links (affiliate)

4. Data Retention

We retain your account and project data for as long as your account is active. You can delete your account and all associated data at any time from your Settings page. Upon deletion, all data is permanently removed within 30 days.

5. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Row Level Security (RLS) on all database tables
  • HTTP-only secure cookies for authentication
  • Input sanitization and CSRF protection
  • Rate limiting on all API endpoints

6. Your Rights (GDPR / CCPA)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and all data
  • Export your data (available via the Export feature)
  • Object to processing (contact us)
  • Withdraw consent at any time

7. Cookies

We use only essential cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for details.

8. Children

Shiverbrand is not intended for users under 16 years of age. We do not knowingly collect data from children.

9. Changes

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

10. Contact

For privacy-related inquiries, contact us at privacy@shiverbrand.com.