Last updated · July 2026

Privacy Policy

The short version

Joining a room is anonymous: no email, no phone number, no name required, no tracking across other websites. Your phone gets a random token so the room recognizes the same device; that’s your whole identity as an attendee. Hosts need an account (email or Google). Everything you post is screened by automated moderation, which means it is processed by an AI service for that one purpose. We don’t sell data, we don’t run ad tracking, and we don’t use your content to train AI models. This page lists everything else, completely.

Who is responsible for your data

Shouts.live LLC operates the Service and is the data controller. Reach us at privacy@shouts.live.

What we collect from attendees (no account)

  • A random device token, generated in your browser and stored on your device. It carries no personal information; it exists so your votes count once, your prizes reach you, and rate limits apply per person. A second random secret proves the token belongs to your device (we store only a cryptographic hash of it).
  • The nickname you choose, per room, if you choose one.
  • What you post: messages, votes, reactions, replies, photos, game taps, prize claims. Posting is public to the room by nature (see “What is public” below).
  • Your IP address, transiently — used for rate limiting and abuse prevention, and present in short-lived operational server logs like on essentially every web service. We don’t build profiles from it.
  • A push subscription, only if you opt in (the bell): a browser push endpoint or an Apple/Google push token, stored per room, deleted when it stops working or the room’s data is purged.
  • Reports and blocks: if you report content we store the report (what, who, your reason) so staff can act on it. Your block list never leaves your device.

We deliberately do not collect attendee emails, phone numbers, contact lists, or real names.

What we collect from hosts (accounts)

  • Account basics: email address, optional name, and — with Google sign-in — the basic profile Google shares. Email signups are verified.
  • Your rooms and their settings, including any logo and brand colors you upload.
  • Billing state: your plan and subscription status. Payments are processed by Stripe; we never see or store your card number — we keep only Stripe’s customer and subscription identifiers.
  • Venue claim details, if you file one: the contact name, email, phone, role, and website you type into the form.
  • Emails we send you (welcome, room recaps, trial and billing notices) go through our email provider; see the processor list below.

Location — precise rules, because it's the sensitive one

  • “Rooms near you” (web and app): when you open the nearby list, your coordinates are sent once to answer that lookup and are not stored or logged.
  • Discoverable rooms: when a host makes a room discoverable, the server immediately coarsens the room’s location to a ~150-meter grid cell and stores only that. Raw coordinates are never persisted. Attendees are never shown a precise distance.
  • Background proximity alerts (mobile apps, opt-in): the decision that “there’s a room here” happens on your phone. The app periodically fetches a list of nearby venues (sending coordinates transiently, as above) and your operating system watches the geofences locally. Your movement history never leaves the device, and we never receive or store it. You can turn this off anytime in the app or your OS settings.

AI processing — what happens to every post

Every message and photo goes through moderation before it appears: a local filter, and for attendee content an AI review by Google’s Vertex AI. That means your post or photo is sent to Google Cloud for the sole purpose of safety screening, under Google Cloud’s data-processing terms, which prohibit Google from using it to train their models. We don’t use your content to train models either. Moderation decisions (post allowed / blocked, and why) are logged for abuse prevention; blocked content is not published.

Analytics and error reporting — the honest list

  • PostHog (product analytics): we record specific product events (e.g. “room created,” “poll voted”) with a random identifier. Automatic click capture and session recording are off.
  • Sentry (error and performance monitoring): when something breaks we receive the technical error, and a small sample of sessions (about 5%, plus sessions where an error occurred) produce a visual replay for debugging — with all text masked and all images/media blocked before it leaves your browser. We cannot read what you typed in a replay.

We run no advertising pixels and no cross-site trackers.

What is public

  • What you post in a room is visible to everyone in that room and may be projected on screens at the venue.
  • After a room ends, a public recap page shows aggregate stats and highlights (top poll, top hot take, a few photos). Hosts can turn the recap off.
  • If you win a prize, your nickname is shown to venue staff on the redemption screen.
  • Room photos are served from public storage links while they exist.

Post accordingly — a room at a public event is a public place.

Cookies and local storage

We use your browser’s localStorage for first-party, functional state only: your anonymous attendee token and its device secret, your nickname, which rooms’ community rules you’ve accepted, your block list, and small UI preferences. Account holders get a secure authentication token from Firebase Auth, and our staff console uses one session cookie. PostHog stores its random analytics identifier. There are no third-party advertising cookies.

How long we keep things

  • Room content: rooms run up to 24 hours; content stays viewable for a few days after a room ends, then the room is archived. Venues’ permanent rooms keep content until the host clears the room (clearing archives and removes it).
  • Photos and media: permanently purged ~10 days after a room expires or closes, with an independent 90-day storage backstop.
  • Recap pages: about 10 days after a room ends (until cleared, for permanent rooms).
  • Deleting your own post (swipe → Delete) removes it immediately, including any attached photo.
  • Operational logs and rate-limit counters: short-lived — logs follow our cloud provider’s default (~30 days).
  • Backups: daily database backups are kept for 7 days, then destroyed.
  • Accounts: kept until you delete your account. Deletion removes your rooms, their content and photos, your plan record, and the login itself.
  • Billing records: Stripe retains payment records (as regulations require, up to ~7 years for tax and accounting) even after account deletion; we remove the link between your deleted account and that history on our side.

Who we share data with — the complete processor list

We share data only with the services that run Shouts, and only what each needs:

  • Google Cloud / Firebase — hosting, databases, file storage, sign-in, push delivery, and Vertex AI moderation. Data is stored in the United States.
  • Stripe — payments and subscription billing.
  • Resend — sending transactional email.
  • PostHog — product analytics (as scoped above).
  • Sentry — error monitoring (masked replays, as scoped above).
  • Apple / Google — push notification delivery to the native apps.

We don’t sell personal information, we don’t share it with advertisers or data brokers, and we disclose it beyond this list only if the law compels us — in which case we’ll push back on overbroad demands.

Security

Everything travels over encrypted connections. Room write access is verified server-side on every request; game and prize state can’t be read or written by clients directly; secrets live in a managed secret store; passwords are handled by Firebase Auth and room passwords are stored salted and hashed. No system is perfectly secure — if we learn of a breach affecting your data, we’ll notify you as the law requires.

Your rights and choices

  • Delete your posts — swipe any of your posts, any time.
  • Delete your account — from the dashboard; it erases your rooms and content as described above.
  • Access or export — email privacy@shouts.live and we’ll provide a copy of the personal data we hold about you.
  • Push and location — both are opt-in and can be revoked in your browser or OS settings at any time.
  • If you’re in the EU/UK, you additionally have rights of rectification, restriction, portability, and objection, and can lodge a complaint with your supervisory authority. If you’re a California resident, the disclosures above describe our collection and sharing; we do not sell or “share” personal information as the CCPA defines those terms.

Children

The Service is not directed to children under 13, and we don’t knowingly collect personal information from them. Hosting requires being 18 or older. If you believe a child has provided us personal information, contact privacy@shouts.live and we’ll delete it.

Changes

When this policy changes materially we’ll update the date above and give notice on the dashboard (and by email to account holders) before the change takes effect.

Contact

Shouts.live LLC · privacy@shouts.live (data) · safety@shouts.live (abuse reports) · hello@shouts.live (everything else)