ShoKomu
Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how ShoKomu ("we", "us", or "our") collects, uses, and protects your information when you use the ShoKomu web application (the "Service"). We are committed to keeping your data safe and being transparent about how it is used.

1. Information We Collect

We collect only the information necessary to provide the Service. Here is what we collect and how:

Account information (via Google OAuth)

When you sign in with Google, we receive your name and email address from Google. We use this to create and identify your ShoKomu account. We do not receive your Google password or any other Google account data beyond what is explicitly authorized.

Expense and group data

All expense records, group names, member lists, balances, and settlement records that you or your group members create within ShoKomu are stored and associated with your account. This is the core data needed to provide the Service.

Usage data

We may collect basic, anonymous usage information such as page views and feature interactions to help us understand how the Service is used and where we can improve it. This data does not identify you personally.

Technical data

Standard technical information such as your browser type, device type, and IP address may be logged by our hosting infrastructure as part of normal operations. This information is used for security monitoring and is not used to profile individual users.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate you and maintain your account (via Google OAuth)
  • Store and display your group expense data to you and your group members
  • Calculate balances and track settlements within groups
  • Send you transactional notifications related to your groups (e.g., new expenses added)
  • Improve and develop the Service based on how it is used
  • Investigate and respond to security incidents or abuse reports

We do not use your data to build advertising profiles, and we do not serve you third-party advertisements based on your usage of ShoKomu.

3. How We Store Your Data

Your data is stored in Supabase, a managed database and authentication platform. Supabase stores data in secure, encrypted databases hosted on cloud infrastructure. Data at rest is encrypted, and all data in transit between your browser and our servers is protected by TLS/HTTPS encryption.

Authentication is handled via Supabase Auth with Google OAuth. We do not store passwords. Your session is maintained via secure, HTTP-only cookies.

4. Data Sharing

We do not sell your personal data to third parties. We do not share your personal information with advertisers, data brokers, or any other third party for commercial purposes.

Your expense and group data is shared with other members of your groups, as that is the core function of the Service. Other group members can see expenses you log, balances, and settlements within shared groups.

We may share information with third-party service providers who help us operate the Service (such as Supabase for database hosting, and Google for authentication). These providers are contractually bound to use your data only as necessary to provide services to us.

We may disclose information if required by law, regulation, or valid legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ShoKomu, our users, or the public.

5. Data Retention

We retain your account and expense data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data and expense records within 30 days, except where retention is required by applicable law.

Group data may be retained in anonymized or aggregated form after account deletion for the purpose of maintaining consistent records for other group members who have not requested deletion.

Inactive accounts (no login for more than 2 years) may be subject to data cleanup. We will attempt to notify you via email before deleting an inactive account.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal data. These may include:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that inaccurate or incomplete data be corrected
  • Deletion: Request that your account and personal data be deleted
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain types of data processing

To exercise any of these rights, contact us at maxim.synyava@gmail.com. We will respond to all requests within 30 days. We may need to verify your identity before processing a request.

7. Cookies and Local Storage

ShoKomu uses cookies to maintain your authentication session. These are secure, HTTP-only session cookies and are not used for tracking or advertising purposes.

We may use browser local storage to cache minor UI state (such as your last-viewed group) to improve the experience. This data never leaves your browser and is not transmitted to our servers.

8. Children's Privacy

ShoKomu is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users via email or a prominent notice within the Service. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

ShoKomu Support

Email: maxim.synyava@gmail.com

We aim to respond within 5 business days.