Privacy Policy
한국어Effective Date: February 25, 2026 | Last Updated: February 25, 2026
1. Information We Collect
We collect the following types of information when you use SHIPIT (the “Service”):
Information you provide:
- Email address (via Magic Link authentication)
- OAuth profile information (via Google or GitHub: name, email, profile image)
- Build input data (form responses used to generate applications)
Information collected automatically:
- IP address, browser type, and operating system
- Service usage data (access times, build history, credit usage)
- Cookies and similar tracking technologies
2. How We Use Your Information
We use the collected information for the following purposes:
- Account authentication and service delivery
- Credit payment processing and usage tracking
- Build history management and output delivery
- Service improvement and new feature development through analytics
- Error monitoring and technical support
- Communication of required notices (terms updates, security alerts)
- Fraud prevention and service security
3. Third-Party Services
We share your information with the following third-party service providers as necessary to operate the Service:
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Email, auth data, service data | Database and authentication |
| Vercel | Generated code, deployment metadata | App hosting and deployment |
| Whop | Email, payment information | Credit payment processing |
| Sentry | Error data, IP, browser info | Error monitoring |
| xAI / Anthropic | Build input data (anonymized) | AI code generation |
We do not sell your personal information. We only share information as described above or when required by law.
4. Data Retention
We retain your personal information only as long as necessary for the purposes described in this policy:
- Account deletion: Personal data is deleted immediately upon account termination, except for a hashed email retained for 30 days to prevent fraud.
- Payment records: Retained for 5 years as required by the Electronic Commerce Act.
- Access logs: Retained for 3 months as required by the Protection of Communications Secrets Act.
- Service usage records: Retained for 1 year for dispute resolution.
5. Cookies and Tracking
- We use cookies for authentication, session management, and service improvement.
- You can control cookie preferences through your browser settings. Disabling cookies may limit access to certain features such as login.
- We use Sentry for error monitoring, which may set cookies to track service performance.
6. Data Security
We implement the following measures to protect your personal information:
- TLS (Transport Layer Security) encryption for all data in transit
- Row Level Security (RLS) policies on our database for access control
- Secure management of environment variables and API keys
- Regular security audits and vulnerability monitoring
- Principle of least privilege for personnel accessing personal data
7. Your Rights
You have the right to:
- Access, correct, or delete your personal information
- Request restriction of processing
- Withdraw consent (by deleting your account)
- Request data portability
To exercise these rights, contact us at contact@shipit.dev. We will respond within 10 business days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request that we delete the personal information we have collected from you.
- Right to Opt-Out: We do not sell personal information. If this practice changes, we will provide a “Do Not Sell My Personal Information” option.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To make a CCPA request, contact us at contact@shipit.dev.
9. Children’s Privacy (COPPA)
The Service is not directed to children under 14 years of age. We do not knowingly collect personal information from children under 14. If we become aware that we have collected personal information from a child under 14 without parental consent, we will take steps to delete that information promptly. If you believe a child under 14 has provided us with personal information, please contact us at contact@shipit.dev.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and the Republic of Korea. These countries may have different data protection laws. We ensure appropriate safeguards are in place through our agreements with third-party service providers to protect your information in accordance with this Privacy Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 7 days before they take effect by posting a notice on the Service or sending an email to your registered address. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
For questions, concerns, or requests regarding this Privacy Policy, please contact:
- SHIPIT Privacy Team
- Email: contact@shipit.dev
For Korean residents, you may also contact the following organizations for privacy-related complaints:
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Supreme Prosecutors’ Office Cyber Investigation Division (spo.go.kr / 1301)
- National Police Agency Cyber Bureau (ecrm.police.go.kr / 182)