GDPR Information
Your data protection rights under the General Data Protection Regulation
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that gives you control over your personal data. Even if you're not in the EU, we extend these rights to all our users.
Your Rights
1. Right to Access
You can access all your personal data at any time. Go to Account Settings and click "Export My Data" to download everything we have about you.
2. Right to Rectification
You can update your account information, scripts, and keys at any time through your dashboard.
3. Right to Erasure ("Right to be Forgotten")
You can delete your account and all associated data at any time. Go to Account Settings and click "Delete My Account". This will:
- Permanently delete your account
- Delete all your scripts and versions
- Remove all your keys
- Revoke all share tokens
- Remove all access logs containing your data
4. Right to Data Portability
You can export your data in JSON format. This includes:
- Account information
- All scripts and their versions
- Public keys
- Metadata and timestamps
5. Right to Object
You can object to how we process your data. Contact us at privacy@shebang.run
6. Right to Restrict Processing
You can request that we temporarily stop processing your data while we investigate a concern.
What Data We Collect
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Username, Email | Account management | Contract |
| Password (hashed) | Authentication | Contract |
| Scripts | Service provision | Contract |
| Public Keys | Script signing/encryption | Contract |
| IP Address, Logs | Security, abuse prevention | Legitimate Interest |
Data Retention
- Active accounts: Data retained while account is active
- Deleted accounts: All data permanently deleted within 30 days
- Access logs: Retained for 90 days for security purposes
- Backups: Deleted data removed from backups within 90 days
Data Processors
We may use the following third-party processors:
- Cloud Storage: For storing scripts (S3-compatible services)
- Database Hosting: For storing account data
- OAuth Providers: GitHub, Google (if you choose to use them)
International Data Transfers
Your data may be transferred to and processed in countries outside the EU. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Encryption in transit and at rest
- Regular security audits
Data Breach Notification
In the event of a data breach that affects your personal data, we will notify you within 72 hours via email and through a notice on our website.
Supervisory Authority
If you're in the EU and have concerns about how we handle your data, you can lodge a complaint with your local data protection authority.
Contact Our Data Protection Officer
For any GDPR-related questions or to exercise your rights:
- Email: dpo@shebang.run
- Or use the data export/deletion tools in Account Settings