This Privacy Policy explains how Ryan Almasu, operating as Shipflash (“Shipflash,” “we,” “us,” or “our”), collects, uses, stores, shares, and protects information when you visit our website, create an account, contact us, join a waitlist, purchase Shipflash, participate in a builder program, or use related customer-facing services.
Privacy Policy
Explain collection, storage, and protection of personal information.
Information We Collect
Account and profile information
We may collect information associated with your account, including:
- Name and email address.
- Authentication method and account identifiers.
- Phone number.
- Avatar or profile image.
- Locale and timezone.
- Job title and biography.
- GitHub, LinkedIn, X, and other profile links.
- Account role, preferences, and activity dates.
Authentication and session information may be processed through Supabase and stored in authentication cookies or similar technologies.
Contact information
When you contact us, we may collect your name, email address, company, subject, message, priority, account identifier, and related support information.
Company and subject fields may be optional. Captcha or bot-protection tokens may be processed temporarily to verify that a submission is legitimate.
Waitlist and lead information
When you join a waitlist or submit a lead form, we may collect:
- Email address, name, company, and use case.
- Signup source and status.
- Tags, notes, and internal qualification information.
- UTM and affiliate attribution data.
- First-touch and last-touch landing-page data.
- Session and request identifiers.
- Conversion and related billing references.
- Other metadata submitted with or generated from the signup.
Billing information
We may process and store billing-related information, including:
- Billing provider and customer identifiers.
- Checkout session and payment references.
- Subscription, order, product, and price references.
- Invoices, charges, receipts, refunds, and disputes.
- Subscription status, billing intervals, trial dates, and cancellation information.
- Entitlements, credit grants, usage records, and billing events.
- Payment status, currency, amounts, and provider webhook identifiers.
Shipflash does not directly store complete payment-card details. Card and payment-method information is handled by the selected payment provider.
Product-delivery information
If you purchase Shipflash, we may collect and use product-delivery information, including:
- Your GitHub username, account handle, email address, or other delivery identifier provided during checkout.
- Your customer name and email address.
- Purchase and provider references.
- Repository invitation identifiers and status.
- Delivery attempts, reminder status, timestamps, and errors.
- Support messages related to correcting, verifying, or troubleshooting product delivery.
This information is used to verify your purchase, deliver eligible repository or product access, send access-related communications, troubleshoot delivery issues, prevent fraud or misuse, maintain entitlement records, and enforce our Terms and Commercial License.
Builder and promotional-program information
If you participate in a Shipflash builder program, public directory, leaderboard, or reward program, we may collect:
- Your name, email address, GitHub username, and social handles.
- Product name, URL, description, tagline, and related product details.
- Builder type, verification status, badges, and milestones.
- Visibility and publication preferences.
- Current, historical, or highest monthly recurring revenue.
- Revenue currency, first-sale date, revenue milestones, and verification timestamps.
- Reward eligibility, fulfillment status, and administrative notes.
- Billing-provider account identifiers and verification metadata.
Information marked public may appear on public profiles, directories, leaderboards, or promotional surfaces. Exact revenue is displayed only where the applicable visibility setting permits it.
Revenue-provider credentials
Some builder-verification flows may allow you to provide a live restricted Stripe key or another supported revenue-provider credential.
These credentials are designed to be encrypted before storage and decrypted on the server only when needed to query the connected provider. Depending on the provider, Shipflash may query account details, subscriptions, charges, completed checkout sessions, customer records, revenue totals, currency, and product information.
You should provide only a restricted credential with the minimum permissions required. Do not provide unrestricted secret keys.
Content and uploaded files
We may process content you create or upload, including:
- Profile and team images.
- Public team-member information.
- Posts, pages, FAQs, changelog entries, case studies, and revisions.
- Images and media uploaded through the content system.
- Notification templates and operational content.
- Product descriptions and public builder submissions.
Content you choose to publish may become publicly accessible.
Technical and analytics information
We may collect technical information such as:
- Session and request identifiers.
- Pages and routes visited.
- Referrer and landing-page information.
- Browser and user-agent information.
- Device and performance information.
- UTM and affiliate attribution.
- IP-derived or hashed rate-limit identifiers.
- Authentication and security events.
- Audit records, webhook status, errors, and operational logs.
- Analytics event names, timestamps, and event properties.
How We Use Information
We may use information to:
- Provide and maintain Shipflash.
- Create, authenticate, and manage accounts.
- Process purchases and billing events.
- Deliver repository access and related communications.
- Respond to contact and support requests.
- Operate waitlist, customer, builder, and promotional programs.
- Verify purchases, builder status, revenue, and reward eligibility.
- Publish information that users have chosen to make public.
- Send transactional, billing, support, security, and operational messages.
- Maintain notification preferences and delivery records.
- Detect fraud, spam, abuse, and unauthorized activity.
- Apply rate limits and protect service boundaries.
- Maintain audits, financial records, and compliance workflows.
- Analyze product activity and improve the website, documentation, and customer experience.
- Enforce our Terms, Commercial License, and legal rights.
Where applicable, we process information based on contractual necessity, consent, legitimate interests, compliance with legal obligations, or another lawful basis recognized in the relevant jurisdiction.
Payments
Payments may be processed through Stripe or Lemon Squeezy.
These providers process payment information according to their own terms and privacy practices. Shipflash receives only the information needed to record purchases, manage access, support customers, and reconcile billing activity.
The availability of checkout, subscriptions, refunds, invoices, disputes, and customer-management features depends on the active billing provider.
Product Delivery
Eligible purchases may be delivered by granting read-only pull access to a private GitHub repository or by providing other digital access connected to your purchase.
To complete delivery, we may use the GitHub username, account handle, email address, or other delivery identifier you provide during checkout. We may send your GitHub username and repository-access request to GitHub. We may retain invitation identifiers, delivery status, timestamps, errors, and related support records to operate, verify, troubleshoot, and maintain product delivery.
You are responsible for providing accurate delivery information during checkout. If you contact us about a delivery issue, we may use your account, purchase, billing, support, and delivery information to review the request and determine whether access was delivered correctly.
Cookies, Local Storage, and Tracking
Shipflash may use cookies, local storage, and similar technologies to:
- Maintain authentication and session state.
- Store first-touch and last-touch UTM attribution.
- Record landing-page attribution.
- Maintain a session identifier.
- Remember theme or interface preferences.
- Record your cookie-banner selection.
- Measure website activity and performance.
- Detect abuse and protect service boundaries.
Shipflash may use Vercel Analytics and, when configured, Google Analytics. These providers may collect device, browser, page, referrer, and usage information under their own privacy practices.
The cookie banner records an accepted or declined preference in local storage. Depending on the current site configuration, this preference may not independently prevent all operational cookies or third-party analytics scripts from loading. You can also control or block cookies and storage through your browser settings, although some features may stop working correctly.
Third-Party Services
Shipflash may use service providers for:
- Hosting and deployment, including Vercel.
- Authentication, databases, and storage, including Supabase.
- Payments, including Stripe and Lemon Squeezy.
- Email delivery, including Resend.
- Repository delivery, including GitHub.
- Analytics, including Vercel Analytics and optional Google Analytics.
- Bot protection, including Cloudflare Turnstile.
- Logging, security, support, and operational infrastructure.
These providers may process information as necessary to deliver their services and are governed by their own terms and privacy practices.
How We Share Information
We do not sell personal information.
We may share information:
- With service providers that operate Shipflash.
- With payment providers to process and support purchases.
- With GitHub to provide repository access.
- With email providers to deliver messages.
- With analytics and security providers.
- When you choose to publish information publicly.
- To comply with legal obligations or valid government requests.
- To investigate fraud, abuse, or security incidents.
- To enforce agreements or protect our rights and the rights of others.
- In connection with a merger, acquisition, financing, reorganization, or sale of business assets.
We do not authorize service providers to use personal information for unrelated purposes beyond their applicable agreements and legal obligations.
Data Retention
We retain information only as long as reasonably necessary for the purposes described in this policy.
Retention may depend on account status, product access, billing and tax obligations, support requirements, security needs, disputes, audits, and applicable law.
Shipflash includes configurable retention defaults for certain operational records. For example, deployments may retain some webhook and completed notification records for approximately 90 days, audit records for approximately 365 days, and stale rate-limit records for approximately seven days. These periods may be changed by deployment configuration and require the applicable retention process to run.
Account, purchase, entitlement, delivery, revenue-verification, accounting, and legal records may be retained longer where needed to provide access, prevent fraud, resolve disputes, or satisfy legal obligations.
Security
We use reasonable technical and organizational measures designed to protect information.
These measures include access controls, restricted server credentials, row-level database policies, signature verification, rate limiting, audit records, and encryption for supported sensitive credentials.
No system is perfectly secure. You are responsible for protecting your email account, GitHub account, billing-provider accounts, restricted API credentials, passwords, and devices.
International Data Transfers
Shipflash and its service providers may process information in countries other than the country where you live.
Where required, we use appropriate contractual, organizational, or legal safeguards for international transfers.
Your Choices and Rights
Depending on where you live, you may have rights to:
- Access personal information.
- Correct inaccurate information.
- Request deletion.
- Receive a portable copy.
- Restrict or object to certain processing.
- Withdraw consent where processing depends on consent.
- Opt out of certain marketing communications.
- Appeal or complain to an applicable privacy authority.
We may need to verify your identity before completing a request. Some information may be retained where required for billing, tax, security, legal, or fraud-prevention purposes.
To submit a privacy request, contact [PRIVACY EMAIL] or use our contact page.
Marketing and Communications
You may unsubscribe from optional marketing emails using the instructions in the message or by contacting us.
We may continue sending essential transactional messages relating to your account, purchase, billing, security, product delivery, or requested support.
Children
Shipflash is not directed to children under the minimum age required to use online services in their jurisdiction.
We do not knowingly collect personal information from children. Contact us if you believe a child has provided personal information so that we can review and, where appropriate, delete it.
Changes to This Policy
We may update this Privacy Policy from time to time.
The updated version will be posted on this page with a revised “Last updated” date. Where required, we will provide additional notice of material changes.