Back to Home

Privacy Policy

Last Updated: October 11, 2025

Welcome to Shoebox! We're committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your phone number for authentication purposes.
Profile Information: You may optionally provide your name and profile picture.
Photos: Photos you capture and share through Shoebox, along with basic metadata (capture date, destination groups/parties).
Groups and Parties: Information about groups you create or join, including group names and member lists.

1.2 Information We Collect Automatically

Device Information: Device type, operating system version, and app version.
Usage Information: How you interact with the app, such as photos captured, photos uploaded, groups created, and app sessions.
Analytics Data: We use PostHog to collect anonymous usage analytics to improve the app. This includes events like "App Opened," "Photo Captured," and "Photos Uploaded," along with basic properties (e.g., number of destinations, flash usage).

1.3 Information We Do NOT Collect

We want to be clear about what we don't collect:

Photo Content Analysis: We do not scan, analyze, or process the content of your photos.
Location Data: We do not collect or store photo location data (EXIF GPS coordinates).
Contacts: While we may request contact access for inviting family members, we do not upload or store your contact list on our servers.
Browsing History: We do not track your activity outside of Shoebox.

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Store and share photos with your selected groups and parties.
Account Management: Authenticate you and maintain your account.
Communication: Send you important updates about the service (account-related notifications only, no marketing).
Improve the App: Analyze usage patterns to fix bugs, improve performance, and develop new features.
Security: Detect and prevent fraud, abuse, and security incidents.

3. How We Share Your Information

3.1 With Other Users

Photos you share are visible to members of the groups or parties you selected when capturing them. This is the core functionality of Shoebox.

3.2 With Service Providers

We use trusted third-party services to operate Shoebox:

Supabase: Cloud infrastructure for storing photos, user data, and managing authentication. Data is encrypted in transit and at rest.
PostHog: Anonymous analytics to understand how the app is used and identify areas for improvement. We do not share personally identifiable information with PostHog.

3.3 We Do NOT Sell Your Data

We will never sell, rent, or trade your personal information or photos to third parties for marketing purposes.

3.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (e.g., court orders, subpoenas).

4. Data Security

We take security seriously and implement industry-standard measures to protect your data:

Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest.
Access Controls: We use Row-Level Security (RLS) policies to ensure users can only access their own data and photos shared with their groups.
Authentication: Secure phone number authentication via Supabase Auth.
Regular Security Reviews: We monitor for vulnerabilities and apply security patches promptly.

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Your Privacy Rights

You have the following rights regarding your data:

5.1 Access Your Data

You can view all photos you've captured and shared within the app.

5.2 Delete Your Data

Delete Individual Photos: Delete photos from your outbox before sharing, or delete shared photos from albums.
Delete Your Account: You can delete your entire account and all associated data from Settings → Delete Account. This action is permanent and cannot be undone.

5.3 Opt Out of Analytics

You can disable anonymous usage analytics at any time from Settings → Privacy → Analytics toggle.

5.4 Export Your Data

All photos you capture are automatically saved to your device's Camera Roll (if you grant permission). You can export photos from albums at any time.

6. Children's Privacy (COPPA Compliance)

Shoebox is a family photo-sharing app, and we understand that photos may include children. However:

Users must be at least 13 years old to create an account.
If you are under 18, you should have parental permission to use Shoebox.
We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will delete it promptly.
Parents/guardians are responsible for managing photos of their children shared through family groups.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the service:

Photos: Stored until you or a group admin deletes them.
Account Data: Retained until you delete your account.
Analytics Data: Anonymous usage data is retained for up to 2 years for product improvement purposes.

After account deletion, we will delete your data within 30 days, except where required by law to retain it longer.

8. International Data Transfers

Your data is stored on Supabase servers located in the United States. If you are accessing Shoebox from outside the U.S., your data will be transferred to, stored, and processed in the United States. By using Shoebox, you consent to this transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the updated policy in the app and on our website
Updating the "Last Updated" date at the top of this policy
Sending an in-app notification for material changes

Your continued use of Shoebox after changes take effect constitutes acceptance of the updated Privacy Policy.

10. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we've collected about you.
Right to Delete: You can request deletion of your personal information (subject to certain exceptions).
Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at benfromshoebox@gmail.com.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right to Access: Request a copy of your personal data.
Right to Rectification: Correct inaccurate data.
Right to Erasure: Request deletion of your data.
Right to Data Portability: Receive your data in a machine-readable format.
Right to Object: Object to certain processing of your data.
Right to Withdraw Consent: Withdraw consent for data processing at any time.

To exercise these rights, contact us at benfromshoebox@gmail.com.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: benfromshoebox@gmail.com

Feedback & Support:

We typically respond within 48 hours.

13. Summary

What we collect: Phone number, photos you share, group/party info, basic usage analytics

What we DON'T collect: Photo content analysis, location data, contacts, browsing history

How we use it: To provide the photo-sharing service and improve the app

Who we share with: Only group members (for shared photos) and trusted service providers (Supabase, PostHog)

Your rights: Access, delete, export, and opt-out of analytics

We NEVER sell your data.