Privacy policy | Termerly

In Summary: Shourly is committed to protecting your privacy. We collect only the information necessary to provide our digital portfolio and product catalog services. Your data is never sold to third parties, and you maintain full control over your information.

1. Introduction

This Privacy Policy describes how Shourly ("we", "our" or "the platform") collects, uses, stores, and protects the personal information of users who use our platform to create, manage, and publish digital portfolios and product catalogs.

Shourly is a comprehensive ecosystem consisting of multiple interconnected applications:

Main Application (Dashboard): Where sellers create and manage their portfolios, products, and business profiles
Marketing Site: Public-facing website with seller profiles and lead capture system
Blog Platform: Integrated content platform for sharing stories, tips, and building authority
Policies Site: Dedicated pages for terms of service, privacy policies, and legal documentation

All these applications are part of the Shourly platform and are covered by this Privacy Policy.

By using Shourly, you accept the practices described in this policy. If you do not agree with any of the terms set forth herein, we ask that you do not use our services.

2. Information We Collect

2.1. Account and Registration Information

When you register with Shourly, we collect:

Identification data: Full name, email address

Access credentials: Encrypted password (we never store passwords in plain text)

Authentication information: Session tokens managed through Firebase Authentication

Registration method: If you register via Google or other authentication providers, we receive your basic profile information

2.2. Catalog and Product Information

To provide our digital portfolio services, we store:

Created catalogs: Catalog name, visibility settings

Products: Titles, complete descriptions, photographs, variations, categories, availability status, discount information

Seller contact information: WhatsApp number, email address for potential customers to contact you

Marketing page: Content of your presentation page, including texts, images, and video links (such as YouTube)

Blog content: Articles, posts, and stories you publish through the integrated blog platform

Change history: Creation and modification dates of your products, catalogs, and blog posts

2.3. Usage and Technical Information

We automatically collect certain information when you use Shourly:

Navigation data: Pages visited, time spent, interactions with the platform

Device information: Browser type, operating system, IP address, unique identifiers

Cookies and similar technologies: We use session cookies to maintain your authentication and analytics cookies to improve our service

Server logs: Access logs, technical errors, and performance metrics

Product statistics: Product views, catalog visits (aggregated and anonymous data shown in your dashboard)

2.4. Communications

We store communications you have with us:

Technical support emails

Inquiry or suggestion messages

Responses to satisfaction surveys

3. How We Use Your Information

We use the collected information for the following purposes:

3.1. Service Provision

Create and maintain your Shourly account

Enable you to create, edit, and manage your catalogs and products

Publish your digital portfolio when you determine

Enable you to create and publish blog posts and content

Manage your marketing page and seller profile

Automatically synchronize and update your content across all Shourly applications

Provide rich editor functionalities and product organization

Facilitate product search through Algolia

Generate view statistics for your dashboard

Facilitate direct contact between potential buyers and sellers (by displaying your contact information on published products)

Feature your seller profile on the Shourly marketing site (with your permission)

3.2. Improvement and Development

Analyze usage patterns to improve user experience

Identify and resolve technical issues

Develop new features based on user needs

Conduct A/B testing and platform optimization

3.3. Communication

Send you important notifications about your account

Inform you about service updates or policy changes

Respond to your support requests

Send you periodic updates (only if you have given consent)

3.4. Security and Compliance

Detect, prevent, and respond to fraud or suspicious activities

Protect the integrity and security of the platform

Comply with legal and regulatory obligations

Enforce our Terms of Service

4. Legal Basis for Data Processing

We process your personal information based on the following legal bases:

Contract performance: To provide the services you have requested

Consent: When you have given us explicit permission to process certain data

Legitimate interest: To improve our services, prevent fraud, and maintain security

Legal obligation: When the law requires us to process or retain certain information

Shourly does not sell or rent your personal information to third parties. We share information only in the following circumstances:

5.1. Service Providers

We work with trusted service providers who help us operate the platform:

Firebase (Google): User authentication and session management

MongoDB: Secure database storage for seller and product data

Cloudinary: Multimedia file storage and management (product photos)

Algolia: Search engine for products and catalogs

Prismic: Content management system for marketing pages and policies

Strapi: CMS backend for blog platform and flexible content organization

PostgreSQL: Database for CMS and blog content

Brevo: Marketing automation and email campaigns

Resend: Transactional email delivery

Google OAuth: Authentication provider integration

reCAPTCHA: Form security and spam prevention

Hotjar: User behavior analysis to improve experience (production only)

Vercel: Application hosting and deployment infrastructure

All these providers are contractually obligated to protect your information and can only use it according to our instructions.

5.2. Legal Compliance

We may disclose your information if required by law or in response to:

Court orders or legal subpoenas

Legitimate government requests

Protection of our legal rights or defense against claims

Emergency situations involving danger to people's safety

5.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.4. Public Information

Content you publish in your digital portfolio is public by design. Anyone with access to your catalog's public URL will be able to view the products you have marked as published, including product descriptions, photos, prices, and your contact information (WhatsApp and/or email).

Blog posts you publish through the Shourly blog platform are also public and can be viewed by anyone visiting the blog site.

Your marketing page and seller profile may be featured on the Shourly marketing site to help potential customers discover your products.

Important: Since Shourly does not process payments or transactions, when a potential customer contacts you directly (via WhatsApp or email), any subsequent exchange of information occurs outside our platform and under your own responsibility.

6. Data Security

We implement technical and organizational security measures to protect your information:

6.1. Technical Measures

Encryption: All communications use HTTPS/TLS. Passwords are encrypted before storage

Access control: Robust authentication systems with Firebase and Google OAuth

Session management: Secure session tokens with automatic expiration

Secure cookies: We use HTTP-only cookies with secure configuration in production

Form protection: reCAPTCHA integration to prevent spam and automated attacks

Continuous monitoring: Threat detection systems and security analysis

Regular backups: Automatic database backups for MongoDB and PostgreSQL

Infrastructure security: Hosted on Vercel with enterprise-grade security measures

6.2. Organizational Measures

Limited access to personal data only for authorized personnel

Periodic security reviews and audits

Security incident response procedures

Regular team training in privacy best practices

Important: No method of Internet transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

Account data: As long as your account remains active

Catalogs and products: Until you decide to delete them or close your account

Blog posts and content: Until you decide to delete them or close your account

Marketing page content: Until you decide to modify or delete it

Usage data and logs: Generally between 90 days and 2 years, depending on the type of information

Support communications: Up to 3 years for reference and service improvement

Legal obligations: We may retain certain information if required by law

8. Your Rights Regarding Your Data

Depending on your location, you may have the following rights regarding your personal information:

8.1. Access and Portability

Request a copy of all personal information we have about you

Export your data in a structured, machine-readable format

8.2. Rectification

Correct inaccurate or outdated information

Update your profile and settings at any time

8.3. Deletion

Request deletion of your account and associated data

Delete specific catalogs, products, blog posts, and marketing pages whenever you wish

8.4. Restriction and Objection

Limit how we process your information in certain circumstances

Object to data processing based on legitimate interest

Opt out of receiving marketing communications

When processing is based on your consent, you can withdraw it at any time

This will not affect the lawfulness of processing prior to withdrawal

8.6. Lodge Complaints

You have the right to lodge a complaint with the data protection authority in your jurisdiction

To exercise any of these rights, contact us through the means indicated in the "Contact" section.

9. Cookies and Tracking Technologies

9.1. Types of Cookies We Use

Essential cookies:

These cookies are necessary for the platform to function and cannot be disabled:

nextauth.session-token: NextAuth session cookie that maintains your authenticated session

Purpose: User authentication and session management
Duration: 30 days (configurable via JWT maxAge)
Type: HTTP-only, Secure (in production)

COOKIE_IDENTIFIER.userAuthToken: Firebase custom authentication token

Purpose: Firebase authentication for real-time features
Duration: Session-based, deleted on sign-out
Type: Secure cookie

NEXTAUTH_SECRET: Session encryption token

Purpose: Signs and encrypts session tokens for security
Type: Server-side only, not accessible to client

Analytics and performance cookies:

Hotjar: Analytics to understand user interaction and improve experience

Purpose: User behavior analysis, heatmaps, session recordings
Loaded: Only in production environment (NEXT_PUBLIC_APP_ENV=production)
Duration: According to Hotjar's retention policy
Control: Can be disabled through browser settings

Third-party authentication cookies:

When you sign in with Google OAuth, additional cookies may be set by Google for authentication purposes. These include:

Google OAuth tokens (id_token, access_token)
Duration: Managed by Google's authentication flow
Purpose: Single sign-on functionality

reCAPTCHA cookies:

Google reCAPTCHA may set cookies when you interact with protected forms:

Purpose: Spam prevention and bot detection
Duration: According to Google's reCAPTCHA policy
Type: Third-party cookies from Google

You can control and manage cookies through your browser settings:

Browser controls:

Most browsers allow you to view, block, or delete cookies
You can typically find these settings in your browser's privacy or security section
Instructions vary by browser (Chrome, Firefox, Safari, Edge)

Important considerations:

Disabling essential cookies (session, authentication) will prevent you from logging in and using the dashboard
Disabling analytics cookies (Hotjar) will not affect functionality but will prevent us from improving user experience
Third-party cookies from Google OAuth and reCAPTCHA are required for authentication and security features

Impact of disabling cookies:

Essential cookies disabled: Cannot maintain login session, cannot use the platform
Analytics cookies disabled: Platform works normally, but we cannot gather insights to improve experience
Third-party cookies disabled: May affect Google sign-in and reCAPTCHA functionality

9.3. Session Management

Shourly uses JWT (JSON Web Tokens) for session management with the following characteristics:

Strategy: JWT-based authentication via NextAuth
Maximum session duration: 30 days
Automatic expiration: Sessions expire after the maximum duration or on explicit sign-out
Secure transmission: All session data is encrypted and transmitted over HTTPS
Token refresh: Handled automatically by NextAuth

When you sign out:

All authentication cookies are deleted
Firebase custom tokens are revoked
Session data is cleared from the server

9.4. Do Not Track

Shourly respects browser "Do Not Track" settings where applicable. However, essential cookies for authentication and session management will still be used to provide core functionality.

10. International Data Transfers

Shourly operates primarily on the web, and some of our service providers may be located outside your country of residence. When we transfer data internationally:

We ensure adequate data protection safeguards exist

We use standard contractual clauses approved by data protection authorities

We verify that providers comply with recognized privacy standards

11. Children's Privacy

Shourly is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected information from a minor without appropriate parental consent, we will delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Links to Third-Party Sites

Shourly may contain links to third-party websites or services (such as YouTube videos on marketing pages). We are not responsible for the privacy practices of these sites. We recommend reading the privacy policies of any third-party sites you visit.

Note on seller contact: When a potential customer contacts you directly through WhatsApp or email from your catalog, any exchange of information occurs outside Shourly. You are responsible for handling that information in accordance with applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make material changes:

We will update the "Last Updated" date at the top

We will notify you by email if the changes are significant

In some cases, we may request your explicit consent

We recommend reviewing this policy regularly to stay informed about how we protect your information.

14. Applicable Legal Framework

Shourly is committed to complying with applicable data protection laws, including but not limited to:

General Data Protection Regulation (GDPR) of the European Union

California Consumer Privacy Act (CCPA)

Other local data protection legislation as applicable

15. Business Use of Shourly

If you use Shourly on behalf of an organization or company:

Your organization will be responsible for data processed through the platform

Shourly acts as a data processor under your instructions

Your organization must ensure it has appropriate legal bases to use our services

Additional terms may apply through a Data Processing Agreement (DPA)