Privacy Policy
Plain-English summary. We collect the minimum amount of data needed to run the app. We don't sell it, and we don't share it with advertising networks. Your habit data is visible to the crews you join — that's the whole point of the app — and otherwise stays private. You can delete your account from inside the app at any time, and your data is removed within minutes.
If you'd rather not read the rest, that's most of it.
What we collect
When you use Shiki, we collect the following:
Account information
- A unique user identifier from Sign in with Apple.
- Your display name (chosen during onboarding; editable).
- An optional avatar image (chosen during onboarding; editable).
- Your time zone (used to set the daily reset time correctly).
Habit and activity data
- The non-negotiables (habits) you create, including their labels and any target notes you add.
- When you check off a habit each day (timestamp).
- Photo proofs you choose to attach to a check-off (image data + optional caption, up to 140 characters).
- Sessions you start or schedule, including duration, timing, and which habit they're for.
- Joins you make on crewmates' sessions.
Crew data
- Crews you create or join.
- Your participation in those crews (when you joined, when you left).
- "Pulse" reactions you send or receive on crewmate activity.
Device data
- A device push-notification token, used to deliver reminders and crew invites.
We do not collect:
- Your email address as a separate field. (Sign in with Apple may or may not share your email with us depending on your choice in the Apple sheet. If you choose "Hide My Email," Apple gives us a relay address; we never see your real one.)
- Analytics events, screen views, or session durations beyond what's needed for the app itself to work.
- Your contacts, photos library, or location.
- Any data from third-party tracking SDKs. The app contains none.
- Advertising identifiers.
How we use what we collect
- To run the app. Storing your habits, drawing your check-offs, computing your streak, and showing your crewmates' activity all require keeping your data on a server we control.
- To make crews work. When you join a crew, the crewmates in that crew can see your display name, avatar, your shared check-offs, your photo proofs (if you add them), and your participation in sessions you make public to them. This is the core mechanism of the app; opting out of it means leaving the crew.
- To send you the notifications you've opted into. Daily reminders, crew digests, session invites, and streak-intervention prompts use your push token.
- To respond to support requests. If you email us, we'll see your email address and whatever you tell us.
We do not use your information for advertising, profiling, or sale to third parties.
Who can see your data
- You can see all of your own data.
- Crewmates in any crew you've joined can see your display name, avatar, shared habit check-offs, photo proofs you attach (during the 24-hour window before they auto-delete), session activity you broadcast to them, and pulse reactions exchanged with them.
- People outside your crews cannot see any of the above.
- We (the operator of Shiki) technically have access to your data because it's stored on our servers; in practice we only look at individual user data to respond to a specific support request or to investigate a reported abuse issue.
- No third-party advertising networks, data brokers, or analytics vendors see your data, because we don't share it with any.
How long we keep your data
| Data type | Retention |
|---|---|
| Account record (Apple ID, display name, avatar) | Until you delete your account |
| Habit labels, check-offs, streaks | Until you delete your account |
| Photo proofs (image data) | 24 hours after upload, then auto-deleted by a scheduled cleanup job |
| Crew memberships and history | Until you delete your account; crews you hosted may retain their records (with you de-listed as host) so other members aren't disrupted |
| Push notification token | Until you sign out, delete the app, or revoke notifications |
| Notification history (in-app tray) | Until you delete your account |
When you delete your account, everything in this table is removed within a few minutes via database cascades.
How to delete your account
Open the app → Settings → Delete account. You'll be asked to confirm. Once confirmed:
- Your account is removed immediately.
- Your habits, check-offs, photo proofs, sessions, crew memberships, notifications, and push token cascade-delete within a few minutes.
- Crews you hosted remain visible to their other members, but your name is no longer associated with them.
You don't need to email us or fill out a form. The deletion is final and cannot be undone.
If you can't use the in-app flow (e.g., you lost access to your Apple ID), email support@shiki.studio from any address and we'll process the deletion manually.
Your rights
Depending on where you live, you may have additional rights regarding your personal data:
- Access: You can see most of your data inside the app at any time. For a full export, email support@shiki.studio.
- Correction: Edit your display name and avatar in Settings. For anything else, email us.
- Deletion: Use the in-app deletion flow described above.
- Objection / restriction: Email us and we'll stop processing the specific data you object to, to the extent possible while keeping the app functional for you.
- Portability: A data export in JSON format is available on request via email.
To exercise any of these rights, email support@shiki.studio. We aim to respond within 30 days. We don't ask for proof of identity beyond the email address tied to your Apple ID for the account.
California residents (CCPA/CPRA)
The rights above apply to you. We do not "sell" or "share" your personal information as those terms are defined under California law. You have the right to opt out of any future sale/share — we'll comply, but currently there's nothing to opt out of.
EU/EEA/UK residents (GDPR/UK GDPR)
The rights above apply to you. Our legal basis for processing is your consent (you agreed to these terms by creating an account) and the performance of the contract (running the app you signed up for). You have the right to lodge a complaint with your local data protection authority.
Children
Shiki is rated 4+ in the App Store, but it's designed for users 13 and older who can meaningfully use the social features. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, email support@shiki.studio and we'll remove it.
Where your data is stored
Shiki's backend runs on Supabase, a hosted database and authentication service. Your data is stored in their infrastructure, specifically in the West US (Northern California) region of the United States. By using Shiki, you consent to your data being processed in the United States, which may have different data protection laws than your home jurisdiction.
We do not transfer your data to any other third party for storage or processing.
Security
We protect your data with standard industry practices: encrypted connections (HTTPS/TLS) between the app and the server, encrypted storage at rest, row-level security policies that prevent users from reading each other's private data, and signed time-limited URLs for photo access. No system is perfectly secure; if we become aware of a breach affecting your data, we'll notify you promptly.
Changes to this policy
If we change this policy in a way that materially affects how we collect or use your data, we'll update the "Last updated" date above and notify you inside the app before the change takes effect. Continued use of the app after a change means you accept the updated policy.
Contact
Questions, requests, or concerns about this policy:
Email: support@shiki.studio
We're a small operation and we read everything that comes in.