SHADER7 ("we," "us," "our") operates on a radical privacy-first principle: we collect as little information as possible—ideally, none at all. This Privacy Policy explains exactly what we do and don't collect when you use our website and tools.
Data Collection Summary
A quick overview of what we collect vs. what we don't:
Data Type
Collected?
Notes
Names, Emails, Phone
No
Never collected
Photos, Resumes, Files
No
Processed client-side only
Passwords / Accounts
No
No account system exists
GPS / Location
No
Never requested
Browsing History
No
No tracking scripts
Chat Messages
No
P2P only, we never see content
TOS Consent (local)
Yes
Stored in your browser localStorage
Anonymous Page Views
Yes
IP-anonymized analytics only
Client-Side Processing
All tool processing happens in your browser using JavaScript. When you upload a photo for passport editing or enter salary data, it NEVER leaves your device. Close the tab and your data is permanently gone from memory.
BER OF CHAT (P2P Communications)
Our real-time messaging application operates entirely on a Peer-to-Peer (P2P) network using WebRTC technology.
End-to-End Encrypted: All text, voice, and video streams are transmitted directly between peers using WebRTC's native DTLS/SRTP encryption.
No Server Storage: We do NOT intercept, store, record, or process any chat history, media, or files on any server.
IP Masking: Users may enable the "Mask IP" feature to route traffic through TURN relay servers, preventing direct IP exposure to peers.
Connection Data: A public PeerJS signaling server is used only for the initial connection handshake. IP addresses may be visible to peers in standard mode.
Consent Logs: When you agree to the Terms of Service, a consent record (timestamp, age verification, device info) is stored in your browser's localStorage. You may download this audit trail at any time from the entry screen.
Third-Party Services & Data Processors
The following third-party services may process limited data on our behalf (GDPR Art. 28):
Supabase Inc. (Data Processor): Hosts our legal_traceability database in the EU region. Stores only SHA-256 message hashes and room access logs. Auto-purged after 180 days. Supabase Privacy Policy.
Google AdSense: May set cookies for ads. Opt-out here.
PeerJS: Open-source signaling server for initial WebRTC connection handshake only.
OpenRelay TURN: Free TURN servers used when "Mask IP" is enabled.
Stripe: Processes donations. We never see payment details.
Formspree: Handles contact forms (stores email, message only).
Legal Basis for Processing (GDPR Art. 6)
Consent (Art. 6(1)(a)): We process localStorage data and traceability hashes only after you explicitly consent via the GDPR banner. EU users may reject all processing.
Legitimate Interest (Art. 6(1)(f)): Anonymized traceability logging serves the legitimate interest of legal compliance with India's IT Rules 2021.
Right to Withdraw: You may withdraw consent at any time by clicking "Delete My Data & Revoke Consent" in the app. This clears all local data immediately.
Your Rights (GDPR / CCPA / DPDP Act)
Under GDPR (EU), CCPA (California), and DPDP Act 2023 (India), you have the following rights:
Right to Access (Art. 15): Request any data we have about you. Download your consent logs from the app.
Right to Erasure (Art. 17): Click "Delete My Data" in the app to erase all local data. Server-side hashes auto-purge at 180 days.
Right to Portability (Art. 20): Download your consent audit trail as JSON from the app.
Right to Withdraw Consent (Art. 7(3)): Click "Reject All" on the GDPR banner or use the "Delete My Data" button at any time.
Right to Object (Art. 21): EU users who reject consent will have zero data processed.
Right to Lodge a Complaint: Contact your local Data Protection Authority (DPA) or our Grievance Officer.
Since we don't store user data, retention isn't applicable. Our GitHub Pages-hosted site uses HTTPS/TLS encryption for all data in transit.
Children's Privacy
Our tools are generally suitable for all ages. However, BER OF CHAT is strictly restricted to users 19 years of age and older via a Date-of-Birth verification gate. We do not knowingly collect data from anyone under 13. If you believe we have, contact us immediately.
Policy Changes
We may update this policy as needed. Changes are posted here with a new effective date. No email notifications (we don't collect emails).