Shorebound App Privacy Policy

Effective date: March 21, 2026. Last updated: June 3, 2026.

Plain-Language Summary

Shorebound uses personal information to run the app, deliver messages and media you choose to send, keep users safe, handle purchases, process support or feedback, and maintain the service.

We do not sell personal data or use it for advertising. We share information only with service providers needed to operate Shorebound, with other users when you choose to send them content, and in limited legal, safety, or dispute situations described below.

References to legal obligations or legal claims are not a general permission to share data. They mean specific situations such as valid court, regulator, law-enforcement, tax, accounting, consumer, app-store, or payment obligations, or where information is necessary to establish, exercise, or defend legal rights.

Contents

1. Scope

This Privacy Policy applies to the Shorebound iOS app and Shorebound backend services (including Firebase-hosted APIs and data stores).

This policy does not describe Shorebound website waitlist processing. It is app-policy scope only.

2. Controller and Contact

Shorebound is provided by Command B Limited.

Contact details:
Command B Limited
Unit 2, 2 Bridge Street
Athlone, WESTMEATH, N37 F1W4
Ireland
Telephone: +353 (87) 376 2336
Email: [email protected]

3. 18+ Requirement

Shorebound is intended only for people who are 18 years of age or older. We do not knowingly provide the service to minors.

4. Information We Collect

  • Account and identity data: authentication provider metadata, user ID, email address (when provided by Apple/Google/Firebase Auth), first/last name (when available), username, and profile metadata such as country code and time zone.
  • User content: bottle messages, chat messages, bottle image uploads/photos, voice notes or audio messages where those features are enabled, report notes, message previews for inbox views, and moderation-related snapshots used to investigate reports.
  • Media and attachment metadata: file type, size, technical processing metadata, and media attributes such as image dimensions or audio duration needed to store, deliver, and moderate content.
  • Permission and access data: camera, microphone, and photo library permission state on your device, as well as related in-app media capture or upload actions.
  • Safety and moderation data: block lists, report records, moderation outcomes, and abuse-prevention/rate-limiting state.
  • Notification data: APNs/FCM push tokens, installation ID, and app version used to route notifications to your device.
  • Usage and diagnostics: app event telemetry through PostHog (including user identify/capture calls), app version/build, device model, and OS version.
  • Purchases and entitlement data: RevenueCat app user ID, purchase/restore results, and entitlement status (for example, Shorebound Access).
  • Feedback data: feedback text, optional screenshot uploads, and metadata (app version/build, OS, device model) submitted through Shorebound feedback flows.

5. How We Use Information

  • Provide core app functionality (authentication, bottle lifecycle, chat, media sharing, notifications).
  • Process, store, and deliver user-submitted media content (including image and audio attachments where available).
  • Operate safety systems (reports, blocking, moderation actions, abuse prevention).
  • Support purchases and entitlement access.
  • Process feedback and improve product quality/performance.
  • Troubleshoot incidents, enforce terms, and maintain service integrity.
  • Comply with specific legal obligations and establish, exercise, or defend legal rights when necessary.

We may use automated and manual moderation processes to detect, review, investigate, and respond to suspected abuse, fraud, impersonation, harassment, or other violations of our Terms across text, images, and audio/voice content, and may retain relevant information where reasonably necessary for safety, fraud prevention, dispute handling, or specific legal compliance needs.

7. Sharing and Service Providers

We use service providers acting on our behalf to operate Shorebound. Depending on use, your data may be processed by:

  • Google Firebase / Google Cloud: Auth, Firestore, Functions, Messaging, Storage, Remote Config.
  • PostHog: product analytics and usage telemetry.
  • RevenueCat: purchase and entitlement infrastructure.
  • WishKit: feature-request and feedback-list integration in the app UI.
  • Loops: account lifecycle contact sync initiated from backend bootstrap flows.
  • Slack: moderation alerting/workflow payloads for report review handling.
  • Apple and Google: sign-in and platform services (including push delivery paths).

We do not sell your personal data.

We share only the information reasonably needed for the purpose involved. Sharing may include:

  • Other users: messages, media, profile details, or interaction data you choose to send or make available in Shorebound.
  • Service providers: the providers listed above, acting on our behalf to host, deliver, moderate, analyze, support, or secure the service.
  • Legal, safety, and dispute recipients: courts, regulators, law-enforcement bodies, app-store or payment providers, insurers, accountants, or legal advisers where required by law, needed to respond to valid legal process, needed to protect users from serious harm, or necessary to establish, exercise, or defend legal rights.

We do not treat an informal request or a general complaint as enough by itself to share private content externally. We assess whether there is a valid legal, safety, or dispute basis and limit disclosure to what is reasonably necessary.

8. International Transfers

Shorebound infrastructure and service providers may process data in jurisdictions outside your country. Where required, we use contractual and organizational safeguards for international transfers.

9. Retention

We retain personal data for as long as needed to provide the service, protect users, and satisfy specific legal, accounting, tax, payment, app-store, or dispute obligations.

Retention periods vary by data type. For example, active account/profile data is retained while your account is active, while operational logs and backups may persist for limited periods.

For moderation and abuse prevention, some safety, fraud-prevention, and enforcement records may be retained after account deletion where reasonably necessary to prevent repeat abuse, protect users, handle disputes, respond to valid legal process, or meet the specific obligations described above.

10. Security

We use technical and organizational safeguards designed to protect personal data, including access controls and managed cloud infrastructure security controls. No method of transmission or storage is perfectly secure.

11. Cookies and Tracking

Shorebound is primarily a mobile app and does not use browser cookies directly. However, third-party services we use (including Firebase and PostHog) may use cookies or similar technologies when accessed via web surfaces. PostHog collects anonymised usage telemetry to help us improve the app; this data is not used for advertising or marketing.

We respect Do Not Track signals where applicable.

12. We Never

  • Sell your personal data to third parties.
  • Use your data for advertising or ad targeting.
  • Share your private messages or content for advertising, data brokerage, or unrelated purposes. Private content is accessed or shared only when needed to deliver the feature you used, moderate reported or suspicious activity, protect users, respond to valid legal process, or handle a specific legal dispute.
  • Send spam or unrelated marketing communications.
  • Retain your data longer than necessary to provide the service or meet the specific obligations described in this policy.

13. Your Rights

Depending on your location, you may have rights to:

  • Access personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated personal data.
  • Object to or restrict certain processing.
  • Receive a copy of data in a portable format (where applicable).
  • Unsubscribe from communications at any time.
  • Lodge a complaint with your local supervisory authority.

Additional Rights for EEA/UK Residents (GDPR/UK GDPR)

If you are located in the EEA or UK, you have the above rights under GDPR or UK GDPR. You may exercise them by contacting us at [email protected]. You also have the right to lodge a complaint with your local data protection authority (for example, the Irish Data Protection Commission).

14. Account Deletion

You can request deletion from the in-app Settings flow. Deletion is permanent and cannot be undone.

When deletion completes, Shorebound backend flows remove account/auth records and attempt cleanup of associated profile, content (including media uploads such as images and voice notes where applicable), conversation, moderation, and related records used by the service.

Limited data may remain where retention is required for the specific legal, accounting, tax, payment, app-store, fraud/safety, or dispute reasons described above, or in short-lived backups/log streams.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be posted at this URL with a revised effective date.

Related terms: Shorebound Terms / EULA