Controller and Contact
The data controller is Shinuda. Privacy contact: help@shinuda.cc.
Data We Process
- Account and authentication data, including account identifiers, email verification state, hashed email identifiers, password hashes, token hashes, account roles, account tier, and timestamps.
- Security and technical data, including request identifiers, coarse request route, response status, coarse authentication state, rate-limit events, and audit events needed to protect the service.
- Encrypted sync, plugin data, cache, plugin-secret snapshots, device key envelopes, and server-hosted secret bundles. The server stores ciphertext, nonces, key identifiers, revisions, and ciphertext hashes, not plaintext private libraries, settings, watch history, secrets, private keys, or provider tokens.
- Plugin store and publisher data, including plugin metadata, release versions, public signing keys, review states, reports, installation records, and publisher terms acceptances.
- Support data that a user voluntarily sends, such as diagnostic bundles or messages to support.
Purposes
We process data to provide accounts, sync between devices, operate the plugin store, support plugin publication, enable household and server-hosted features, protect the service, prevent abuse, comply with legal obligations, and respond to user requests.
Legal Bases
Where GDPR applies, we rely on contract performance, steps requested before entering a contract, legitimate interests in security and service operation, consent where required, and legal obligations.
Encryption and Limited Visibility
Shinuda is designed so private user content and secrets are client-encrypted or sent as encrypted bundles. We do not ask for plaintext plugin secrets, private keys, private library content, private history, or provider tokens, and the server is not designed to decrypt user ciphertext. Passwords are hashed, user domain records are pseudonymized, and operational access is limited to service and security needs.
Plugins and Third-Party Content
Plugins may be created by third-party publishers or installed by users outside the official store. Shinuda does not host pirated plugins, authorize license circumvention, DRM circumvention, or copyright infringement, and is not responsible for plugins, sources, configurations, or content added by users outside the controlled store process. Users and publishers are responsible for the legality of their plugins, data sources, and usage.
Sharing
We may use infrastructure, database, object storage, email, security, monitoring, and support providers to operate the service. We may disclose data to public authorities only where required by law or necessary to protect rights, safety, and service integrity.
International Transfers
If technical providers process data outside the European Economic Area, we use legally required safeguards such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
Retention
We keep data for as long as needed for account operation, sync, security, accountability, support, and legal obligations. After account deletion, we delete or anonymize user-scoped records according to service architecture, except where retention is required for security, abuse prevention, accountability, or law.
Your Rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, objection to legitimate-interest processing, and withdrawal of consent without affecting prior lawful processing. You may also complain to a competent data protection authority.