1. Who we are
Shotcraft Pte. Ltd. is the data controller. Contact: privacy@theshotcraft.com.
2. Data we collect
- Account data: name, email, password hash.
- Billing data: processed by our payment provider; we receive transaction metadata only.
- Content: photographs and notes you upload for critique.
- Usage data: pages viewed, features used, device and browser information.
- Communications: emails and support messages you send us.
3. Why we use it (lawful bases under GDPR)
- Contract: to provide the Service you subscribed to.
- Legitimate interests: to secure, maintain, and improve the Service.
- Consent: for marketing emails and non-essential cookies.
- Legal obligation: tax, accounting, and lawful requests.
4. How long we keep it
Account data: while your account is active and for 12 months after closure. Billing records: 7 years (tax). Uploaded photographs: until you delete them or 30 days after account closure.
5. Sharing & processors
We share data only with processors necessary to run the Service:
- Cloud hosting & database (Supabase / Cloudflare)
- Payment processing (Stripe)
- AI critique provider (Anthropic)
- Transactional email provider
- Product analytics (privacy-preserving, aggregated)
Each processor is bound by a data-processing agreement and appropriate safeguards (Standard Contractual Clauses where data leaves the EEA/UK).
6. International transfers
Data may be processed in Singapore, the EU, the UK, and the United States. Transfers outside the EEA/UK rely on Standard Contractual Clauses or adequacy decisions.
7. Your rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to or restrict certain processing
- Withdraw consent at any time
- Lodge a complaint with your supervisory authority (e.g. the PDPC in Singapore, or your EU/UK regulator)
To exercise any of these rights, email privacy@theshotcraft.com. We respond within 30 days.
8. Security
We use encryption in transit and at rest, role-based access controls, and routine security reviews. No system is perfectly secure; we will notify affected users and regulators of any material breach as required by law.
9. Children
The Service is not directed to children under 16.
10. Changes
We may update this Policy. Material changes will be notified by email or in-app at least 14 days in advance.
11. Contact
privacy@theshotcraft.com · Shotcraft Pte. Ltd., Singapore
This document is a template. Customise before publication. Questions: legal@theshotcraft.com