Privacy Policy

Your privacy matters. This policy explains what information we collect, how we use it, and the choices you have when using Shadow Reader.

Information We Collect

• Account information: Email address and authentication details via Supabase Auth. We also maintain a user profile (e.g., plan status) in our database.
• Documents: PDFs are opened locally in your browser by default. This means that your files don't leave your device unless you choose to upload them to your library. Document metadata such as file name, file size, and file type is stored in our database to enable organization, search, and syncing of your documents across devices. Where enabled, we process text from uploaded documents to generate semantic embeddings that power features such as search, deduplication, and improved reading experiences. Embeddings are numeric vector representations derived from text and are stored separately from the original files.
• Annotations and notes: Your highlights, notes, and annotations are stored in our database so they sync across sessions.
• Feedback: If you submit feedback, we store your feedback content which may include your email.
• Payments: When you purchase, we create a Stripe Checkout session using your email and update your plan after payment is confirmed. We do not store any payment information on our servers.
• Usage and analytics: We use PostHog, Vercel Analytics, and Umami to understand product usage and improve the experience. These tools may collect events like page views, feature usage, and performance metrics.
• Logs: Server and application logs may include IP address, request metadata, and error details for debugging and security.

How We Use Your Information

• Provide and improve Shadow Reader, including syncing your documents, annotations, settings, and other features.
• Detect duplicate uploads and generate embeddings to enable document search and reading features.
• Process payments and manage your subscription or one-time purchases.
• Monitor performance, analyze usage, and improve reliability and user experience.
• Respond to feedback and support requests.

Where Your Data Lives

• Authentication, database, and storage: Supabase. See their policy: Supabase Privacy.
• Payments: Stripe. See their policy: Stripe Privacy.
• Analytics: PostHog, Vercel Analytics, and Umami Cloud.
  • PostHog: Privacy
  • Vercel Analytics: Privacy
  • Umami: Privacy
• Embeddings: OpenAI API. Text chunks from your documents may be sent to OpenAI to generate embeddings. See: OpenAI Privacy and API Data Usage.

Cookies and Similar Technologies

We use cookies and similar technologies for authentication (Supabase session cookies) and analytics (PostHog, Vercel Analytics, Umami). You can control cookies through your browser settings. Disabling certain cookies may affect your ability to sign in or use some features.

Payment Processing

Payments are processed by Stripe. We share the minimum necessary information (e.g., email, plan) to facilitate checkout and plan activation. We do not store full payment card details on our servers.

Data Retention

• Account data is retained while your account is active.
• Uploaded documents, embeddings, and annotations are retained until you delete them or delete your account.
• Logs and analytics may be retained for a reasonable period to ensure performance, security, and product improvement.

Your Rights and Choices

• Access and update: You can access or update account details within the app (e.g., email, password) through Supabase Auth flows.
• Delete account: You can request deletion. When processed, we will delete your account from Supabase Auth and remove associated data we control.
• Delete content: You may delete documents and notes from within the product. This removes associated records and storage objects we control.

Data Sharing

We do not sell your personal information. We share data with service providers listed above to operate the product (authentication, storage, payments, analytics, embeddings). We may disclose information if required by law or to protect our rights and users.

Security

We use industry-standard measures and trusted providers (Supabase, Stripe, PostHog, Vercel, Umami, OpenAI) to help protect your data. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

International Data Transfers

Our service providers may process data in multiple regions. By using Shadow Reader, you acknowledge that your information may be transferred to and processed in locations outside of your country.

Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date above and, when appropriate, provide additional notice.

Contact

Questions about this policy or your data? Reach out using the in-app feedback form (bottom-right “Feedback” button) or via our support channel.