Privacy Policy

Shoort ("we", "us", "our") operates the Shoort mobile application and the website shoortplus.com (collectively, the "Platform"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the choices you have.

By using the Platform you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

1. Data We Collect and Why

1.1 Account & Profile Information

• Username, display name, email address, phone number, date of birth, and profile photo
• Password (stored as a one-way cryptographic hash — we never see your plain password)
• Bio, links, and any other profile details you choose to add
• Social login identifiers from Google or Apple when you choose Sign in with Google / Apple

Why: To create and manage your account, authenticate you, and personalise your experience.

1.2 Content You Create

• Videos, audio recordings, photos, captions, comments, stickers, and reactions
• Live stream audio and video while you are broadcasting
• Sound clips you record or upload
• Duet and Stitch recordings

Why: To host, distribute, and display your content on the Platform.

1.3 Device Permissions

The Shoort app requests the following device permissions. Each is optional — you can use limited features of the app without granting them.

• Camera & Video Recording: Required to record short videos, take profile photos, and go live. We access the camera only while you are actively recording or in a live session. We do not access your camera in the background.
• Microphone: Required to capture audio during video recording, duets, voice-overs, and live streams. We access the microphone only during active recording or streaming sessions.
• Location (Nearby Users feature): We request precise location permission only if you enable the "Nearby" discovery feature. We use your location to show you creators and content near you. You can revoke this permission at any time in your device settings without losing access to other features.
• Contacts (optional): If you choose to "Find Friends from Contacts", we securely transmit a one-way hashed list of your phone contacts to our servers to match against registered Shoort users. We do not store your raw contact list, we do not share it with third parties, and we delete the hashed data once matching is complete.
• Push Notifications: We request permission to send you push notifications for new followers, likes, comments, live alerts, and system messages. You can disable notifications at any time in your device settings or within the app under Settings → Notifications.
• Storage / Media Library: Required to save videos to your device's gallery or to upload videos from your library.

1.4 Usage & Analytics Data

• Videos you watch, how long you watch them, and how you interact (likes, shares, saves, follows)
• Search queries and content discovery patterns
• Feed scroll position and session duration
• App events and crash reports

Why: To personalise your For You feed, improve content recommendations, debug issues, and measure Platform performance.

1.5 Device & Technical Data

• Device model, operating system version, app version
• IP address and general location derived from IP (country/city level)
• Advertising ID (Android GAID / iOS IDFA) — used only for non-personalised ads unless you opt in
• Network type (Wi-Fi / cellular) and connection quality

1.6 Payment & Transaction Data

• Coin purchase history, tip transactions, subscription records, and in-app purchase receipts
• Payout requests (creator earnings)
• Payment processing is handled by Google Play Billing or Apple In-App Purchases. We do not receive or store full card numbers or bank account details.

1.7 Communications

• Direct messages between users (end-to-end encrypted where supported)
• Support tickets and emails you send to us

2. How We Use Your Data

• Operate, maintain, and personalise the Platform and your For You feed
• Process coin purchases, tips, subscriptions, and creator payouts
• Deliver push notifications you have opted into
• Enable live streaming sessions via our streaming infrastructure
• Detect and prevent fraud, abuse, spam, and policy violations
• Enforce our Terms of Service and Community Guidelines
• Provide customer support and respond to reports
• Display in-app advertising (see Section 4)
• Conduct analytics to improve features and fix bugs
• Comply with legal obligations and respond to lawful requests

3. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, our legal bases are:

• Contract: Processing necessary to provide the service you signed up for (account creation, video delivery, payments)
• Legitimate interests: Analytics, fraud prevention, improving the Platform, and sending service-related notifications
• Consent: Personalised advertising, optional permissions (location, contacts), and marketing communications
• Legal obligation: Responding to court orders, law enforcement requests, and regulatory requirements

4. Third-Party Services & Partners

We use trusted third-party services to operate the Platform. Each has its own privacy policy.

• Firebase (Google LLC) — We use Firebase Analytics for usage analytics and crash reporting, and Firebase Cloud Messaging (FCM) for push notifications. Firebase may collect device identifiers and usage events. Firebase Privacy Policy →
• Google AdMob (Google LLC) — We display in-app advertisements through AdMob. AdMob may use your Advertising ID and usage data to serve ads. You can reset or opt out of personalised ads in your device settings (Google Settings → Ads on Android; Privacy → Apple Advertising on iOS). Google Privacy Policy →
• Google Play / Google Play Billing — Handles in-app purchase transactions on Android. Google processes payment information directly. Google Play Privacy →
• Apple App Store / StoreKit — Handles in-app purchase transactions on iOS. Apple processes payment information directly.
• Ant Media Server — We use Ant Media Server to power real-time live streaming (RTMP/WebRTC). Live stream audio and video is transmitted through Ant Media infrastructure. Stream data is not persistently stored after the session ends unless you choose to save a replay. Ant Media Privacy Policy →
• Sign in with Google / Sign in with Apple — If you choose social login, the respective platform authenticates you and shares basic profile information (name, email, unique ID) with us. We do not receive your password.
• Cloud Hosting (Hetzner) — Our servers and databases are hosted on Hetzner infrastructure. Data is stored in European data centres.
• Content Delivery Network (CDN) — Video files and images are served via CDN providers to improve load times globally.

We do not sell your personal data to advertisers or data brokers.

5. How We Share Your Information

• With other users: Your public profile, videos, follower/following counts, and public activity are visible according to your privacy settings (public or private account).
• With service providers: As listed in Section 4, under data processing agreements.
• Legal requirements: We may disclose data to law enforcement, courts, or regulators when required by applicable law or valid legal process.
• Business transfers: In a merger, acquisition, or asset sale, user data may be transferred as part of the transaction. We will notify you in advance.
• Aggregated / anonymised data: We may share aggregated, non-identifiable statistics with partners or publish them publicly.

6. Your Rights & Controls

In-app controls

• Switch to a Private Account — Settings → Privacy → Private Account
• Control who can comment, duet, stitch, or message you
• Block or restrict specific users
• Manage notification preferences — Settings → Notifications
• Revoke camera, microphone, or location permissions in your device settings at any time
• Download your data — Settings → Privacy → Download My Data

Account & data deletion

You can permanently delete your account and all associated personal data at any time:

• In the app: Settings → Account → Delete Account
• By email: send a deletion request to privacy@shoortplus.com

After deletion, your account and content are removed from public view immediately. Our systems fully purge personal data within 30 days. Some data may be retained longer only where required by law (e.g., financial transaction records for up to 7 years).

GDPR & CCPA rights

Depending on your jurisdiction you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (right to erasure)
• Restrict or object to certain processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time (for consent-based processing)
• California residents: Opt out of sale — we do not sell personal data, so there is nothing to opt out of

To exercise any right, email privacy@shoortplus.com. We will respond within 30 days (or 45 days where extended response time is permitted).

7. Children's Privacy

The Platform is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has registered, we will delete their account and data promptly.

Users aged 13–17 have additional protections: accounts default to private, they are not recommended to strangers, their data is not used for personalised advertising, and they cannot access certain features (paid tipping, live gifting).

8. Data Retention

• Active account data: Retained while your account is active
• Deleted account data: Removed within 30 days of deletion
• Financial records: Retained up to 7 years as required by tax and financial regulations
• Safety & abuse logs: May be retained up to 2 years to prevent ban evasion
• Anonymised analytics: May be retained indefinitely (no personal identifiers)

9. Data Security

• All data in transit is encrypted using TLS 1.2 or higher
• Passwords are hashed using bcrypt — we cannot retrieve your password
• Direct messages use end-to-end encryption where supported
• We conduct regular security audits and vulnerability assessments
• Access to production systems is restricted to authorised personnel only

While we take reasonable security measures, no internet service is completely secure. If you believe your account has been compromised, contact us immediately at privacy@shoortplus.com.

10. International Data Transfers

Our primary servers are located in Europe (Hetzner). If you access the Platform from outside Europe, your data may be transferred to and processed in countries with different data protection laws. We rely on appropriate safeguards (Standard Contractual Clauses, adequacy decisions) for transfers to countries outside the EEA.

11. Cookies & Tracking Technologies

The Shoort app does not use browser cookies. Our website (shoortplus.com) uses essential cookies for session management and optional analytics cookies. See our Cookie Policy for full details.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via in-app notification or email at least 30 days before the change takes effect. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For privacy questions, data requests, or to exercise your rights:

• Email: privacy@shoortplus.com
• Website: shoortplus.com
• App: Settings → Help & Support → Privacy Request

This privacy policy applies to the Shoort app (package: com.shoortplus.app) available on the Google Play Store and Apple App Store, and the website shoortplus.com.