Privacy Policy

Last updated: 2026-06-03

Data controller

Shore ("we") operates the Shore messaging and calling app. For any question about your personal data, contact us at privacy@getshore.io.

End-to-end encryption

Your messages and the media you send are end-to-end encrypted. Our servers only ever receive encrypted content and can neither read your messages nor access your media: only you and your recipient hold the decryption keys.

Data we collect

• Account data: your email address, profile name, username, bio, and profile picture.
• Messages and media: relayed in encrypted form through a temporary mailbox. They are deleted from our servers as soon as they are delivered to your recipient (or after at most 30 days if never retrieved). We do not store them long-term and cannot read them.
• Calls: the audio and video content of your calls travels directly between participants through a relay server and is never recorded. We only keep a call log (participants, date, duration, status) to show your call history.
• Notifications: your device's push notification tokens, used to alert you to new messages and calls.
• Technical data: your IP address and connection logs are processed transiently to run and secure the service; they are not stored in our database. A last-activity timestamp is associated with your account.

Purposes

We use this data to route your messages and calls, secure your account, send notifications, and prevent fraud and abuse.

Processors

We rely on service providers that process some data on our behalf:

• DigitalOcean Spaces — temporary storage of encrypted media awaiting delivery, and of your profile picture.
• Resend — sending account verification emails.
• Our TURN relay server (coturn) — relaying audio and video call traffic between participants.
• Expo, Apple (APNs), and Google (FCM) — delivering push notifications, without your message content.

Retention

• Messages and media: deleted as soon as they are delivered, and after at most 30 days.
• Account, profile, conversation membership, call log, and notification tokens: kept for as long as your account is active.

You can request deletion of all your data at any time (see below).

Your rights

Under the GDPR, you have the right to access, rectify, erase, object to the processing of, and port your data. To exercise them, write to us at privacy@getshore.io.

Account Deletion

To delete your account and your data, see the Account Deletion page.

Contact

For any question: privacy@getshore.io.