Privacy

Shrubbery is in private beta. A counsel-reviewed privacy policy will replace this one before any public commercial launch. The notice below describes the actual data flows in place today.

Data controller. The operator of Shrubbery (see the imprint for identity and contact details) is the controller of your personal data.

What we collect. Your authentication email, your display name and organization membership, handshake content you create or accept, audit events on those handshakes (acceptances, refusals, completions, renegotiations), notification preferences, and standard server logs (IP, user-agent, timestamps) for security and abuse prevention. If you bring your own AI key (BYOK), that key is stored encrypted at rest in Supabase Vault and is never returned to the browser.

Lawful bases (GDPR art. 6). Performance of contract for everything required to operate handshakes (account, content storage, transmission to counterparties, notification delivery). Legitimate interest for security logs and abuse prevention. Consent for non-essential cookies and for the use of your BYOK key with the AI provider you nominate. Legal obligation for retention of records we are required to keep.

Retention. Account-linked data is kept while your account is active. After you request deletion, content and audit rows are purged within 90 days; minimal records required by law (e.g. financial records, if any are ever created in a paid offering) may be retained for the legally mandated period.

Analytics. Our public marketing and documentation pages use Google Analytics 4 to measure aggregate traffic. GA4 is loaded only after you opt in via the cookie banner; default is denied. We enable IP anonymisation, disable advertising features and Google Signals, and set the GA4 data retention to 14 months. Authenticated application routes (/dashboard, /accord, etc.) do not load GA at all. Withdraw consent any time via the “Manage cookies” footer link — we will instruct GA to stop and clear _ga* cookies on the next page render.

Your rights. Under the GDPR you can: access your data (art. 15), rectify inaccurate data (art. 16), request erasure (art. 17), restrict processing (art. 18), receive a portable export (art. 20), object to specific processing (art. 21), and withdraw consent at any time (art. 7(3)) without affecting prior processing. Email legal@shrubbery.eu with the subject line “data request” and we'll respond within 30 days (GDPR art. 12). You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA / Gegevensbeschermingsautoriteit).

What we don't do. We do not sell your data to third parties. We do not run advertising. We do not share commitment content with anyone outside the handshake parties (lead and knight) except as required by the law of Belgium or by a binding court order.

Sub-processors. Supabase (auth + database + storage + vault, EU region), Vercel (hosting, EU regions), Inngest (background jobs), Resend (transactional email via verified sender on mail.shrubbery.eu), Upstash Redis (rate limiting). Your nominated BYOK provider (OpenAI / Anthropic / Google) processes your prompts only when you trigger a Smart-Paste extraction. Transfers to US-based processors (Resend, Inngest) rely on Standard Contractual Clauses (SCCs). The full current list with links is at /legal/subprocessors.

Cookies. See the cookie policy for the per-cookie breakdown. We currently set only essential cookies.

Changes to this notice. Bumps to the privacy version trigger a re-acceptance flow on your next sign-in.