Privacy Policy

Last updated: February 25, 2026

1. Who We Are

ShipOrShame (“we”, “our”, “us”) is an accountability platform for software builders and indie hackers. We help you make public shipping commitments and hold you to them. This Privacy Policy explains what data we collect, why we collect it, and how we handle it.

2. Information We Collect

2.1 Account Information

  • Email address and hashed password (for credential sign-up)
  • Display name and profile picture (stored as a base64 image in our database, max 512 KB)

2.2 Twitter / X OAuth Data

When you connect your Twitter/X account we store your Twitter handle, user ID, OAuth 2.0 access token, refresh token, and token expiry. These tokens are used solely to post automated shame tweets on your behalf if you miss a deadline, and announcement tweets when you ship. We never post anything without your prior consent given during the OAuth flow.

2.3 Commitment Data

We store the commitment description you enter (up to 280 characters), your chosen deadline, whether the commitment is public or private, and its current status (pending / shipped / failed). Public commitments are visible on the leaderboard and featured projects section.

2.4 Featured Project Data

Pro subscribers may submit a project name, URL, and short description (up to 120 characters) for public display on our homepage and projects page. This information is intentionally public.

2.5 Payment Information

We do not store full credit card numbers. Payments are processed by Stripe or Freemius. We store only the customer ID, subscription ID, plan ID, and subscription status returned by those providers.

2.6 Usage & Technical Data

Standard server logs may include your IP address, browser user-agent, and pages visited. We use this information solely for security and debugging purposes and do not sell or share it.

2.7 Waitlist Email

If you join the waitlist before signing up, we store your email address to notify you of launch updates. You can request removal at any time.

3. How We Use Your Information

  • To operate your account, authenticate sessions, and display your commitments
  • To post shame tweets via your connected Twitter/X account when a public commitment expires unshipped
  • To send email reminders about upcoming commitment deadlines (only if you opt in)
  • To process subscription payments and manage your plan status
  • To display your shipped projects and handle publicly on the leaderboard (public commitments only)
  • To enforce free-tier limits (3 public commitments per rolling 30-day window)
  • To track your shipping streak and total shipped count for the leaderboard
  • To send transactional emails related to your account (e.g., subscription confirmation)

4. Public Information

Any commitment you mark as public, your Twitter/X handle, current streak, and total shipped count may appear on our public leaderboard. Featured project listings (Pro subscribers) are displayed publicly on the homepage and projects page including the project URL, which is an intentional backlink benefit of the Pro plan.

Shame tweets posted to your Twitter/X account are public on Twitter/X by nature. We are not responsible for the visibility or reach of those tweets once posted.

5. Data Sharing

We do not sell your personal data. We share data only with the following third-party service providers strictly to operate the platform:

  • MongoDB Atlas — database hosting
  • Vercel — application hosting and edge functions
  • Stripe — payment processing
  • Freemius — alternative payment processing
  • Resend — transactional email delivery
  • Twitter / X API — posting tweets on your behalf

Each provider has their own privacy policy and data processing agreement. We require that they handle your data in a manner consistent with applicable privacy laws.

6. Data Retention

  • Account data is retained as long as your account is active
  • Commitment records are retained indefinitely to maintain leaderboard accuracy
  • Featured project listings expire after 30 days and are removed from public display
  • OAuth tokens are refreshed automatically and overwritten when you re-authenticate
  • If you delete your account we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records)

7. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect your Twitter/X account (revokes our ability to post tweets)
  • Opt out of email reminders at any time from your dashboard settings
  • Request a copy of your data in a portable format

To exercise any of these rights, contact us at the email address below.

8. Cookies & Sessions

We use HTTP-only session cookies to maintain your authenticated session (managed by NextAuth.js). We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is shown because we use only strictly necessary cookies.

9. Children's Privacy

ShipOrShame is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or by email. Continued use of ShipOrShame after changes constitutes acceptance of the updated policy.

11. Contact

Questions or requests regarding this Privacy Policy can be sent to: thisisnahid78@gmail.com