Privacy Policy

Last updated: March 2026 · Version 1.0

1. What We Collect

When you use Two Shares we collect:

  • Account information — email address and OAuth profile data (Google, Discord) when you create an account.
  • Creator profile data — display name, handle, bio, and profile photo (stored privately).
  • Transaction data — display name provided at checkout, hashed IP address (SHA-256, never raw), Share amount, and Stripe payment identifiers.
  • Usage data — page views and interactions, collected via standard server logs.

We never collect or store raw IP addresses. Sender photos are processed in memory for Graphic Card generation only — they are never stored on our servers.

2. How We Use It

We use the data we collect to:

  • Process and record payments via Stripe (a PCI-compliant payment processor).
  • Display creator profiles and Graphic Cards.
  • Maintain compliance logs as required by our internal policy.
  • Detect and prevent fraud (velocity controls on hashed IPs).
  • Send transactional emails via Supabase Auth (password reset, magic link).

We do not sell your data. We do not use your data for advertising.

3. Third-Party Services

Two Shares uses the following sub-processors:

  • Stripe — payment processing and identity verification for creators.
  • Supabase — database, authentication, and file storage (hosted on AWS us-east-1).
  • Upstash — Redis-backed velocity controls (hashed IPs only, no PII).
  • Vercel / Railway — hosting for the web frontend and API.

4. Data Retention

Transaction records are retained for 7 years for financial compliance purposes. Account data is retained while your account is active. You may request deletion of your account by emailing us — transaction records required for legal compliance will be anonymised, not deleted.

5. Your Rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data, and to opt out of certain processing. To exercise any of these rights, contact us at hello@twoshares.app.

6. Cookies

Two Shares uses only essential cookies (session tokens set by Supabase Auth). We do not use tracking or advertising cookies.

7. Contact

Privacy questions: hello@twoshares.app

Terms of Service →← Back to home