Privacy Policy
Last updated: April 3, 2026
1. Who we are
Shave20 ("we", "us", "our") is operated by Nikolaos Boutsioukis. We are the data controller for your personal data.
Contact: privacy@shave20.com
2. What data we collect
- Account data (from Google sign-in): your name, email address, and profile picture.
- Delivery data (provided by you): delivery addresses, notes (newspaper codes), city preferences, and list names.
- Document photos (uploaded by you): photos of delivery programs that you scan for address extraction.
- Payment data (via Stripe): we do not store your card details. Stripe securely processes and stores your payment method. We only store a reference to your Stripe customer account.
- Technical data: language preference and theme preference, stored in cookies and local storage.
3. Why we process your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Delivery list management | Contract performance (Art. 6(1)(b)) |
| AI analysis of document photos | Contract performance (Art. 6(1)(b)) |
| Subscription payment processing | Contract performance (Art. 6(1)(b)) |
| Financial record retention | Legal obligation (Art. 6(1)(c)) |
| Processing third-party data in delivery photos | Legitimate interest (Art. 6(1)(f)) |
4. Third-party processors
We share your data with the following processors to provide our service:
- Supabase (EU Frankfurt region) — database, authentication, and file storage.
- Google Gemini AI — processes your document photos to extract delivery addresses. Photos are sent to Google's servers for analysis and are not used for model training.
- Stripe — payment processing. Stripe acts as both our processor and an independent controller for fraud prevention and financial compliance.
- Vercel (EU region) — web hosting and content delivery.
5. International data transfers
Your primary data is stored in the EU (Frankfurt). Some of our processors (Google, Stripe, Vercel) may transfer data to the United States. These transfers are covered by the EU-US Data Privacy Framework (adequacy decision of July 10, 2023). All processors are certified under the DPF.
6. How long we keep your data
- Delivery lists and addresses: automatically deleted after 30 days of inactivity.
- Document photos: deleted when their associated list is deleted.
- Account data: kept until you delete your account.
- Financial records: retained for 7 years as required by Dutch tax law (Algemene wet inzake rijksbelastingen).
7. Cookies and local storage
We use only strictly necessary and functional storage:
- Authentication cookie — maintains your login session. Strictly necessary.
- Language preference cookie (NEXT_LOCALE) — stores your language choice. Functional.
- Theme preference (localStorage) — stores your light/dark mode choice. Functional.
We do not use analytics, advertising, or tracking cookies. No cookie consent banner is required under the Dutch Telecommunicatiewet (Art. 11.7a) as all cookies are strictly necessary or functional.
8. AI processing
When you scan a delivery document, the photo is sent to Google Gemini AI to extract addresses and newspaper codes. The AI processes the image and returns structured text data. No automated decisions with legal or significant effects are made based on this processing. You always review and confirm the extracted data before it is saved.
9. Your rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten") — use the "Delete My Account" option in Settings
- Restrict processing of your data
- Data portability — receive your data in a machine-readable format
- Object to processing based on legitimate interest
To exercise any of these rights, email us at privacy@shave20.com. We will respond within 30 days.
10. Complaints
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
11. Changes to this policy
We may update this privacy policy from time to time. We will notify you of significant changes by displaying a notice in the app. The "last updated" date at the top reflects the most recent revision.