This Privacy Policy explains how we collect, use, store, and protect personal data when you use ShakeTheSpear and, if you install it, the optional ShakeTheSpear Research browser extension.
ShakeTheSpear (“we”, “our”, or “us”) operates the ShakeTheSpear web application and related services. For the purposes of applicable data protection law (including the UK and EU General Data Protection Regulation, “GDPR”), we are the data controller of personal data described in this policy, unless we act solely as a processor on behalf of your organization. Contact us via the details on our Support page.
Account and profile: information you provide when you register or use the service, such as email address, name, and credentials (we store passwords using secure hashing). We may collect subscription or plan information, workspace membership, roles, and similar account metadata needed to operate multi-user workspaces.
Content you create: material you add to the service, such as niches, series, projects, scripts, research notes, competitor tracking, rules, and other creative or research content stored in your workspace.
YouTube and Google: if you connect a YouTube channel or use features that rely on Google or YouTube (for example OAuth to access channel or playlist data, or YouTube Analytics where you authorize it), we process tokens and metadata needed to provide those features, in line with Google’s and YouTube’s terms and the scopes you approve.
AI features: when you use AI-assisted features, we send the relevant prompts, context, and content you choose to the configured AI or model providers so they can return results to you. We use this to operate the product, not to sell your prompts for advertising.
Technical and security data: we automatically collect certain technical information such as IP address, request logs, browser or client identifiers, and similar data for operating, securing, and troubleshooting the service. We may associate a device or session fingerprint with your account to detect abuse or enforce account restrictions where permitted by law.
Communications: messages you send us (for example support requests) and operational emails such as verification or security notices.
Browser extension: if you install the optional ShakeTheSpear Research extension and use Connect, see the section “ShakeTheSpear Research browser extension” below.
We process personal data on these bases, as applicable:
Performance of a contract: to provide the service, workspaces, and features you request.
Legitimate interests: to secure the service, prevent fraud and abuse, improve reliability, and understand aggregate usage, where not overridden by your rights.
Consent: where required (for example certain optional connections or cookies that are not strictly necessary), we rely on consent you can withdraw at any time.
Legal obligation: where we must retain or disclose information to comply with law or enforceable requests.
We use personal data to provide, personalize, and improve ShakeTheSpear; to authenticate you and manage workspaces; to process AI requests you initiate; to connect to third-party services you authorize (such as YouTube); to communicate with you about the service; to detect abuse and protect users; to comply with law; and to enforce our terms. We do not sell your personal information as a commodity. We do not use the browser extension to collect your general browsing history for advertising analytics.
We use cookies and similar technologies that are necessary for the service to function. We do not load third-party advertising or behavioral analytics trackers (such as ad pixels) in the web app as currently operated.
Strictly necessary / authentication: session cookies managed by our authentication system so you can stay signed in. These are typically first-party and may include a short-lived session cache.
Functional: a first-party cookie (for example storing your selected workspace id) so we can scope Research, Reflect, and API requests to the workspace you chose. Another short-lived cookie may be set when you use the progressive web app “share target” flow so we can resume after sign-in.
You can control cookies through your browser settings. Blocking or deleting strictly necessary cookies will prevent sign-in or may reset your workspace selection.
Where applicable law requires consent for non-essential cookies, we only use optional mechanisms consistent with this policy. Essential cookies do not require marketing consent under ePrivacy rules in many jurisdictions because they are necessary to provide a service you asked for.
We use service providers and subprocessors to host the application, send email, run databases, and process data through AI or cloud APIs you trigger. Examples include Google (OAuth and YouTube APIs when you connect a channel), email delivery providers, and AI model providers. Their use of data is governed by their policies and our agreements with them.
Your information may be processed in countries other than where you live, including outside the European Economic Area. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as standard contractual clauses or other mechanisms recognized by applicable law.
Outputs from AI features are assistive and may be inaccurate; you remain responsible for reviewing and using them appropriately. We do not use AI features in this product to make solely automated decisions that produce legal or similarly significant effects about you without human involvement, beyond what is inherent in account security and abuse prevention.
We use technical and organizational measures designed to protect personal data, including encryption in transit (HTTPS) for connections to our service, access controls, and limiting access to personnel and systems that need it to operate the service.
We retain account and content data while your account is active and for a period afterward as needed for backups, legal compliance, and dispute resolution. Session authentication data is kept for the lifetime of the session (for example, sessions may expire after a defined period of inactivity) plus operational logs as required.
You may request deletion of your account and associated personal data where applicable; we will delete or anonymize it subject to legal retention requirements.
Depending on where you live, you may have the right to access, correct, or delete your personal data; to restrict or object to certain processing; to data portability; to withdraw consent where processing is based on consent; and to lodge a complaint with a supervisory authority in your country or region (for example in the EEA, with your local data protection authority).
You can exercise many rights through your account settings or by contacting us via our Support page. We will respond within the timeframes required by applicable law.
If you are a resident of certain U.S. states with consumer privacy laws (such as California), you may have additional rights including to know what personal information we collect, to delete personal information, and to opt out of “sale” or “sharing” for cross-context behavioral advertising. We do not sell personal information for money as traditionally understood, and we do not share it for cross-context behavioral advertising as defined in those laws in the operation described in this policy. To exercise rights, contact us through Support.
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. If changes are material, we will provide notice as required by law (for example by email or a notice in the app). Continued use of the service after changes take effect constitutes acceptance of the updated policy where permitted by law.
The optional extension (for supported browsers such as Chrome and Firefox) adds controls on YouTube and a small popup that links to the web app. It requests permissions needed to show that UI on YouTube, open ShakeTheSpear in a tab when you choose, store optional sign-in state, and call our API—the same authenticated backend as the website. We do not design the extension to collect your general browsing history for analytics or advertising. Content scripts run only on YouTube hostnames we declare so the on-page features can work. If you use Connect in the extension, OAuth completes through the browser’s secure flow; we do not embed YouTube Data API keys in the extension. Use of YouTube is also subject to Google’s and YouTube’s terms and policies where applicable.
Questions about this policy or your data? See our Support page or our Terms of Service.