Privacy Policy

Last updated: June 2025

1. What We Collect

We collect information you provide directly:

• Account data: username, email address, display name, bio
• Payment data: PayPal email address (for payouts). We do not store full payment card details — payments are handled by PayPal.
• Content: files, product descriptions, and images you upload
• Communications: emails you send us

We also collect automatically:

• Log data: IP address, browser type, pages visited, timestamps
• Usage data: actions taken on the Platform (downloads, purchases, uploads)
• Cookies: session token (httpOnly, required for login) and CSRF token (required for security)

2. How We Use Your Data

• To operate and improve the Platform
• To process transactions and send receipts
• To send product/account notifications (you can unsubscribe from marketing)
• To detect fraud, abuse, and security threats
• To comply with legal obligations

3. How We Share Your Data

We do not sell your personal data. We share data only:

• With PayPal: to process payments. Subject to PayPal's Privacy Policy.
• With Sellers: when you purchase a product, the seller sees your email for receipt purposes.
• Legal requirements: if required by law or to protect rights and safety.

4. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain anonymized transaction records for accounting and legal compliance for up to 7 years. Audit logs are retained for 90 days. You may request deletion of your personal data at any time (see Section 6).

5. Cookies

We use only essential cookies:

• sn_sid — session token (httpOnly, expires 30 days)
• sn_csrf — CSRF protection token (expires 24h)

We do not use advertising or analytics cookies. No third-party tracking.

6. Your Rights

You have the right to:

• Access your data — export available from your account settings
• Delete your account and associated data — available from account settings
• Correct inaccurate data — update in account settings
• Object to processing — contact us at privacy@sharenova.io

7. Security

We use industry-standard security practices: HTTPS everywhere, hashed passwords (bcrypt), secure httpOnly cookies, CSRF protection, rate limiting, and audit logging. No security system is perfect; we will notify affected users promptly in the event of a breach.

8. Children

ShareNova is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be notified via email or a prominent notice on the Platform.

10. Contact

Privacy questions: privacy@sharenova.io