Shake — Privacy Policy

Effective: April 25, 2026
Contact: hmu@quasimatt.com

This is the privacy policy for Shake (the "App"), a social app that lets people in physical proximity connect by shaking their phones. This policy explains what we collect, why, and your choices.

We try to keep this short and direct. If you have questions, email us at the address above.

What we collect

When you create an account and use Shake, we collect:

• Name — your display name, shown on your profile and to people you connect with.
• Username — your unique handle.
• Email address — used to sign in (if you use email/password) and for account recovery. Apple Sign In users may use a private relay email; we honor that.
• Account identifier — a randomly-generated user ID we assign to your account.
• Profile photo — only if you choose to upload one. Stored on our backend.
• Bio and social handles — only if you choose to add them. You control who can see each one (public, your direct connections, or your friends-of-friends).
• Precise location — used at the moment you shake your phone, to match you with other nearby users who shook at the same time. We do not continuously track your location and we do not store a history of your movements. We store only the location of each shake event, retained for up to 90 days for spam and abuse prevention, after which it is deleted or anonymized.
• Device identifier (push token) — issued by Apple, used to send you push notifications (e.g. "someone shook with you"). We do not use it to track you across apps or websites.
• Bluetooth proximity data — we use short-range Bluetooth (BLE) advertisements to detect nearby Shake users in the moments before and during a shake. We don't store the broadcast data; it's used in real time to confirm proximity.
• Shake history — who you've shaken with, when, and how many times. This is the core of the product.

We do not collect: your contacts, your address book, your browsing history, your microphone audio, your camera (other than photos you choose to upload), your health data, your financial data, or your advertising identifier (IDFA).

We do not track you across other apps or websites. We do not sell your data. We do not run ads.

How we use what we collect

• To run the App — match shakes, show your profile, render your feed, calculate streaks and leaderboards.
• To send you notifications — when someone shakes with you, when your streak is at risk, and similar in-app events. You can disable these in iOS Settings at any time.
• To prevent abuse — detect spam, blocked-user evasion, and other misuse.
• To support you — if you contact us, we use your info to reply.

We do not use your data for advertising, profiling, or any purpose unrelated to running Shake.

Who we share it with

We use the following third-party services to operate the App:

• Supabase — our backend host. Stores your account, profile, photos, and shake history. Supabase processes this data on our behalf under a data-processing agreement.
• Apple — for Sign in with Apple, push notification delivery (APNs), and App Store distribution. Apple's privacy practices are governed by their own policy.

That's it. We do not share your data with advertisers, data brokers, or marketing partners.

If we are ever required by valid legal process (subpoena, court order) to disclose information, we will. We will push back on overbroad requests where we can.

Who can see your data

Other users can see:

• Your name, username, and profile photo (if any). These are public to anyone who can find your profile.
• Your bio and social links — only at the visibility level you choose for each (public, first-degree connections, or second-degree connections).
• Your shake history with them — the people you've shaken with can see when and how often you've shaken together.
• Third-party shakes in the feed — when you shake with someone, your direct connections (and, depending on the privacy setting on each side, their direct connections too) may see a feed entry like "you and Jane shook together." This is how the social feed works. The entry shows participants' names and profile photos but not location, time of day beyond a relative timestamp, or any other detail.
• Mutual-connection context — friends-of-friends may see that a connection exists between you and another user, depending on your privacy settings.

Your email address, precise location, and device identifier are never shown to other users. Your shake history with users outside the visibility scope above (e.g. people you've shaken with who are not connected to a specific viewer) is not shown to that viewer.

How long we keep it

We keep your data for as long as your account is active. When you delete your account (Settings → Delete Account), your profile and shakes are immediately hidden from everyone else. After a 30-day grace period (during which an admin can restore your account if you ask), we permanently remove your profile, photo, shakes, connections, and login credentials. Some entries that reference you in another user's history (e.g. "you shook with X") may be anonymized rather than deleted, so the other user's data isn't corrupted.

Shake-event location data is retained for up to 90 days for abuse prevention.

If you signed in with Apple, deleting your account also revokes the Apple Sign In token associated with your account.

We may keep minimal records (e.g. the fact that an account with a given email was deleted) for fraud prevention and to honor our legal obligations.

Your choices and rights

• See your data — most of it is visible inside the App on your profile.
• Edit or delete it — change your name, bio, photo, or social links any time from Settings.
• Delete your account — Settings → Delete Account. This is final.
• Turn off notifications — iOS Settings → Notifications → Shake.
• Turn off location — iOS Settings → Privacy & Security → Location Services → Shake. Note: shake matching won't work without location.
• Block users — block any user from your profile or theirs. Blocked users can't see you, shake with you, or appear in your feed.
• Contact us — hmu@quasimatt.com. If you're in California, the EEA, or the UK, you have additional rights under your local law (access, correction, deletion, portability, objection). Email us and we'll honor them.

Children

Shake is not intended for users under 13 (or the equivalent minimum age in your country). We don't knowingly collect data from children under that age. If you believe a child has signed up, email us and we'll remove the account.

Security

Data is transmitted over HTTPS and stored on Supabase, which encrypts data at rest. We use row-level security to ensure users can only access data they're authorized to see. No system is perfectly secure — if we ever experience a breach affecting you, we'll notify you as required by law.

International users

Shake is operated from the United States. If you use the App from outside the US, your data will be transferred to and processed in the US.

Changes to this policy

If we change this policy in a material way, we'll notify you in the App and update the effective date above. Continuing to use Shake after a change means you accept the updated policy.

Contact

Questions, requests, or complaints: hmu@quasimatt.com

For details on what's not allowed, how to report it, and how we respond, see our Content & Moderation Policy.