Privacy Policy

1. Scope

• Primary audience: Hosts and staff of busy establishments who manage waitlists through Shokken.
• Guest data: Hosts input guest information into Shokken to manage their queues. Hosts remain responsible for ensuring they have the right to share guest information with us, and Shokken processes that data as a service provider.
• Issue tracker interactions: Any information submitted to our public repository (e.g., GitHub usernames, comments, attachments) is additionally subject to GitHub's own privacy terms.

2. Personal Information We Collect

We collect or process the following categories of data when you use the app, send us information, or interact with support. All data is gathered through your use of Shokken.

1. Account basics – Name, business name, username, roles, authentication credentials (hashed), and profile preferences.
2. Contact details – Email address, phone number, preferred contact method, and any mailing address you provide for billing or communication purposes.
3. Guest/waitlist information – Guest names, party size, notes, visit history, notification preferences, and timestamps you capture while managing your queue.
4. Communications content – Messages you send through Shokken (email/SMS/push), delivery logs, read receipts, and recordings where applicable.
5. Payment and billing data – Subscription tier, license status, invoice history, payment tokens (handled via RevenueCat), and tax identifiers when required.
6. Device and app data – Device identifiers, OS version, app version, crash diagnostics, and configuration data captured to troubleshoot issues.
7. Usage analytics – Feature usage, screens visited, session duration, clickstream data, and aggregated statistics that help us improve the product.
8. Location data – Venue location you configure, approximate location inferred from IP, and optional GPS data when you enable location-based features.
9. Integrations data – Identifiers, tokens, and metadata exchanged with downstream providers such as RevenueCat, Supabase, Resend, and Twilio so the app can function.
10. Support information – Helpdesk tickets, attachments, diagnostic exports, and any context you provide when requesting assistance.
11. Security and fraud records – Login history, IP addresses, access logs, abuse reports, and enforcement actions that help us secure the service.
12. Marketing preferences – Opt-in/opt-out status for product announcements, surveys, and community updates.

We may combine data from these sources and derive insights (e.g., churn risk, capacity planning) to operate the service. We do not collect biometric data, government-issued IDs, or payment card numbers directly.

3. How We Use Personal Information

• Service delivery – Provide, maintain, and support the waitlist app, authenticate users, sync data across devices, send notifications to guests, and manage your subscriptions.
• Customer communications – Respond to support requests, send transactional notices, provide onboarding materials, and deliver admin alerts about system changes.
• Product improvement & analytics – Measure feature adoption, analyze reliability, develop new capabilities, and run experiments to improve host and guest experiences.
• Safety & compliance – Detect abuse, prevent fraud, enforce our terms, comply with applicable laws, and respond to lawful requests.
• Business operations – Plan capacity, process payments and accounting entries, conduct audits, and support potential corporate transactions.

We rely on a mix of contractual necessity, legitimate interests in running our business, and your consent (where required) as the legal bases for processing.

4. How We Share Information

We never sell personal information. We share data only with:

• Service providers – Vendors that help us operate the service, limited to what they need to perform their work. This includes:
  • RevenueCat for subscription management and payment tokenization.
  • Supabase for managed infrastructure, storage, and authentication services.
  • Resend for transactional email delivery.
  • Twilio for SMS/voice messaging.
• Professional advisers – Lawyers, accountants, insurers, or auditors bound by confidentiality obligations.
• Legal and safety authorities – When required by law or to protect our rights, users, or the public.
• Corporate transactions – If we explore or complete a merger, financing, or asset sale, subject to appropriate confidentiality protections.

Each provider is contractually obligated to safeguard the data and use it only for Shokken-related services.

5. Data Retention

We retain personal information for as long as an account remains active and for a reasonable period (typically up to 24 months) afterward to comply with legal, tax, and operational requirements. We may anonymize or aggregate data for longer retention. Guest entries can be deleted by hosts at any time within the app, and we will delete residual copies from backups on a scheduled cycle.

6. Your Rights and Choices

Even though no specific jurisdictional law applies to every user, we provide the following controls:

• Access, correct, or delete your account data via in-app settings or by emailing [email protected].
• Export waitlist data you created or request a machine-readable copy from us.
• Object to or restrict certain processing, including analytics or marketing.
• Opt out of marketing communications at any time via the unsubscribe link or by contacting us.
• Manage guest notifications directly in the host dashboard.

We will respond to requests within 30 days unless a different timeframe is required by law.

7. Security Measures

We use industry-standard safeguards to protect personal information, including:

• Encryption in transit (TLS) and encryption at rest within our hosted infrastructure.
• Role-based access controls, audit logging, and least-privilege policies.
• Continuous monitoring, vulnerability management, and incident response procedures.

No system is 100% secure, so please contact us immediately if you suspect unauthorized access.

8. International Data Transfers

We operate primarily from the United States but may process data in other regions through our service providers. By using Shokken, you consent to transferring information to countries that may have different data protection laws than your own. We rely on contractual protections (such as Standard Contractual Clauses) where required.

9. Children's Privacy

Shokken is built for establishments and is not directed to children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, please contact us and we will take appropriate steps to delete it.

10. Updates to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. When we make material updates we will notify account owners through the app or by email. Continued use of the service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

Questions, requests, or complaints about privacy can be sent to:

We will review every request and work with you to resolve concerns.