Privacy Policy

Last updated: May 5, 2026

1. Introduction

ShadeFile (“we”, “us”, “our”) respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Data

• Name, email address
• Authentication credentials (password hash or OAuth tokens)
• Profile image (if provided via OAuth)
• Billing information (processed by Stripe; we do not store card numbers)

Client Data (entered by you)

• Client names, phone numbers
• Allergy and sensitivity information
• Color formulas and appointment records
• Before/after photos
• Patch test records
• Visit notes

Usage Data

• Pages visited, features used
• Device type, browser, operating system
• IP address (for security and abuse prevention)

3. How We Use Your Data

• To provide and maintain the Service
• To authenticate your identity
• To process payments
• To send service-related communications (account confirmations, security alerts)
• To improve the Service based on usage patterns
• To detect and prevent fraud or abuse

We do not:

• Sell your data to third parties
• Use your client data for advertising
• Share your data with other ShadeFile users (unless you explicitly share via team features)
• Train AI models on your data

4. Data Storage & Security

• Data is stored on secure servers with encryption at rest and in transit
• Passwords are hashed using bcrypt (never stored in plain text)
• Photos are stored in encrypted object storage
• We perform regular backups
• Access to production systems is restricted to authorized personnel

5. Third-Party Services

We use the following third-party services:

• Stripe — payment processing (Stripe Privacy Policy)
• Google OAuth — authentication (Google Privacy Policy)
• Facebook OAuth — authentication (Meta Privacy Policy)

6. Your Rights

You have the right to:

• Access — export all your data via CSV at any time
• Rectification — edit any of your data within the app
• Deletion — delete your account and all associated data
• Portability — download your data in a standard format (CSV)
• Objection — contact us to object to specific data processing

To exercise these rights, contact support@shadefile.com or use the in-app tools.

7. Health-Related Data

ShadeFile stores allergy and sensitivity information that may be considered health data in some jurisdictions. This data is entered by you (the stylist) and is used solely to help you provide safe services to your clients. We apply the same security protections to this data as all other data in the system.

8. Data Retention

• Active accounts: data retained as long as your account is active
• Cancelled subscriptions: data retained for 90 days, then deleted (you can export before deletion)
• Deleted accounts: all data permanently removed within 30 days
• Backups: purged within 90 days of account deletion

9. Cookies

We use essential cookies for authentication (session tokens). We do not use tracking cookies or third-party advertising cookies.

10. Children's Privacy

ShadeFile is not intended for use by individuals under 18. We do not knowingly collect data from minors.

11. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. The “Last updated” date at the top indicates the most recent revision.

13. Contact

For privacy-related questions or requests, contact us at support@shadefile.com.