Privacy Policy

Last updated: June 2026

This policy explains what information ShareOtter collects, how we use it, and your rights. We’ve kept it as plain and short as possible.

1. Who we are

ShareOtter is operated as an independent service. Our contact email is mohit@shareotter.com

2. What we collect

Information you give us directly:

Your email address (used for magic link authentication and account management)
Files and content you upload to the service
Payment information — handled entirely by Creem, our payment processor. We do not store your card details.

Information collected automatically:

IP address and approximate location
Browser type and device information
Usage data — pages visited, files uploaded, links accessed, time spent

Information from file viewers:

If you enable email capture on a project, we collect the email addresses of people who submit them to access your file. You own this data; we store it on your behalf.

3. How we use your information

We use your information to:

Provide and operate the ShareOtter service
Send you magic link login emails and account-related notifications
Show you analytics about your files and projects
Improve the product and fix bugs
Prevent abuse and enforce our Terms of Service
Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

4. How we store your files

Files you upload are stored on Cloudflare R2, a cloud storage service operated by Cloudflare, Inc. Cloudflare may store data in data centres globally. By using ShareOtter, you consent to your files being stored on Cloudflare’s infrastructure.

5. Third-party services we use

Service	Purpose
Cloudflare	File storage (R2), CDN, infrastructure, and bot protection (Turnstile)
Creem	Payment processing
Brevo	Transactional email (magic links)

Each of these providers has their own privacy policy. We share only the minimum information necessary with each.

6. Cookies

We use cookies to keep you logged in and to understand basic usage patterns. We do not use third-party advertising cookies. You can disable cookies in your browser, but some features may not work correctly.

Cloudflare Turnstile, which we use for bot protection, may also set strictly necessary cookies. See Section 12 for details.

7. Data retention

We retain your account data and files for as long as your account is active. If you delete a file or close your account, we will delete your data from our systems within 30 days, except where we are required by law to retain it longer.

8. Your rights

Depending on where you are located, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict how we process your data

To exercise any of these rights, email us at mohit@shareotter.com and we’ll respond within 30 days.

If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

9. Children

ShareOtter is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes, we’ll notify you by email or with a notice on the site.

11. Contact

If you have any questions about this privacy policy or how we handle your data, contact us at mohit@shareotter.com

12. Cloudflare Turnstile Addendum

Last updated: June 18, 2025

ShareOtter uses Cloudflare Turnstile to protect the service against bots and malicious traffic. This section is supplemental to the rest of this Privacy Policy and provides specific information about how Turnstile processes data when you use ShareOtter.

What Turnstile collects

To distinguish human visitors from bots, Turnstile processes a set of client-side signals (“Signals”), including your IP address, TLS fingerprint, User-Agent header, and the Turnstile sitekey and associated origin. Cloudflare states that it cannot directly identify any individual from these Signals.

How Turnstile uses this information

Bot detection and blocking (Cloudflare as data processor): Turnstile evaluates the Signals above to detect and block bot traffic. The purpose is not to identify, profile, or target individuals — it is solely to keep ShareOtter secure. For this purpose, Cloudflare acts as a data processor on behalf of ShareOtter (the data controller). If you wish to exercise data protection rights in relation to this processing, you may contact us at mohit@shareotter.com.

Improving Turnstile’s bot detection (Cloudflare as data controller): Cloudflare also uses the Signals to refine and improve its bot detection algorithms in response to evolving threats. For this purpose, Cloudflare acts as an independent data controller, governed by Cloudflare’s Privacy Policy and the Turnstile Privacy Notice.

Notice to EU and UK residents

To the extent Turnstile Signals qualify as personal data:

Where Cloudflare processes them as a processor (to protect ShareOtter), ShareOtter as the controller determines the lawful basis for processing.
Where Cloudflare processes them as a controller (to improve Turnstile), Cloudflare relies on its legitimate interest in maintaining effective bot detection.

Cookies

The cookies and Signals set by Turnstile are strictly necessary for bot detection. They are not used for advertising or tracking. For more information, refer to Cloudflare’s Cookie Policy and the Turnstile Developer Docs.

Turnstile privacy contact

For questions or concerns about Turnstile’s data processing, you can contact Cloudflare’s Data Protection Officer directly at dpo@cloudflare.com.