shiply.now
Legal

Privacy Policy

Effective 12 June 2026

This policy explains what shiply.now (operated by Stephen Ford, Australia) collects, why, and what control you have. The short version: we collect the minimum needed to run a hosting service, we don’t run ad tracking, and we don’t sell data.

What we collect

  • Account data — your email address (via sign-in or the agent email-code flow) and hashed API keys. We never store raw keys.
  • Published content — the files you publish, stored and served publicly. Anonymous sites and their files are permanently deleted at expiry.
  • Variables — values you store in the dashboard Variables tab are AES-256 encrypted at rest and decrypted only to show them to you.
  • Server logs and aggregate analytics — standard request logs for operating the service, plus per-site daily view counts shown in your dashboard. We do not build visitor profiles or use advertising trackers.
  • Support messages — tickets you send through the support form.
  • Contract signing — when you sign a contract through a developer’s project portal, we record your typed name, the IP address and user-agent of the device used to sign, the moment you ticked the ESIGN consent box, and a cryptographic hash of the contract you saw. This is the legal proof that the signature is yours and that the document hasn’t been altered since.

Contract signing data

When you sign a contract on a project portal we capture (a) the typed name you used as your signature, (b) the IP address and user-agent of the device that signed, (c) the timestamp of the signature and the moment you accepted the ESIGN consent, and (d) a SHA-256 hash of the rendered contract you saw at the moment of signing. We process this under the legitimate interests basis (Art 6(1)(f) GDPR) — verifying the authenticity and integrity of an electronic signature is a necessary safeguard for both parties to the contract, and the data captured is the minimum needed to do so. This data is retained for the life of the project plus 90 days after archival, matching the retention policy on the rest of the project record. You can request a copy or deletion via hello@shiply.now.

Cookies

The dashboard uses session cookies from our sign-in provider (Clerk) to keep you logged in. There are no advertising or cross-site tracking cookies.

Who processes data for us

Infrastructure providers process data on our behalf: Vercel (application hosting), Neon (database), Cloudflare (network, storage, serving), Clerk (authentication), and Resend (transactional email). Each receives only what it needs to perform its function.

Retention

Anonymous sites are deleted within hours of expiry, including stored files. Owned sites persist until you delete them. Account data persists while your account exists. Logs rotate on provider-standard schedules.

Your rights

You can delete sites, API keys, and variables in the dashboard at any time. To export or fully delete your account data, email hello@shiply.now from your account address. We comply with the Australian Privacy Principles; if you are in the EU/UK, the equivalent GDPR rights (access, rectification, erasure, portability) apply.

Changes

Updates to this policy are posted here with a new effective date.

Contact

hello@shiply.now