ShotMind

Privacy Policy

Last updated: May 9, 2026

1. Data Controller

ShotMind is operated under the ShotMind brand by Yuan Shuai. For all privacy-related inquiries, contact us at hello@shotmind.net.

2. Information We Collect

We collect the following types of information:

  • Account Information: email address, display name, and a salted bcrypt hash of your password (we never store your password in plaintext).
  • Content: clips or shots you choose to submit for analysis, generated shot thumbnails, and AI-produced metadata such as descriptions, tags, search metadata, and search records. The desktop client is used for import, clip selection, analysis, and search. Full local source videos remain on your device. Temporary clip copies used for desktop AI analysis are removed from cloud storage after successful analysis; analysis results and necessary metadata are used for your searchable reference library.
  • Usage Data: analysis history, search queries, quota consumption, and feature usage to operate and improve the Service.
  • Technical Data: IP address, browser type, device information, and request logs for security, rate limiting, and performance.
  • Billing and Access Data: limited plan, account access, and quota status. If paid billing is enabled, full payment details such as card number, billing address, and tax ID will be collected and stored by Paddle and will not be accessible to us — see Section 4.

3. How We Use Your Information

  • To provide and improve the video analysis service
  • To authenticate your identity and secure your account
  • To manage account access, quota, and payments if paid billing is enabled
  • To communicate important service updates and quota warnings
  • To detect and prevent fraud and abuse
  • To comply with our legal obligations

Our legal bases for processing under GDPR are: performance of contract (providing the Service), legitimate interests (security, fraud prevention, service improvement), consent (non-essential communications, which you can withdraw at any time), and legal obligations (tax records, law-enforcement requests).

4. Third-Party Services (Sub-processors)

We use the following categories of third-party services to operate ShotMind:

  • Cloud infrastructure and object storage: Alibaba Cloud, used to run APIs, background jobs, and the files needed for submitted analysis such as temporary clips and thumbnails
  • Database: Neon, used for account data, shot metadata, quotas, and analysis results
  • AI analysis services: DashScope / Qwen; Google Gemini may be used as a fallback model provider when the primary service is unavailable
  • Search index: Meilisearch, used to search shot titles, tags, and descriptions
  • Payments: Paddle, used as Merchant of Record for payments, invoices, tax, and refunds when paid billing is enabled
  • Website, email, and error reporting: Vercel, Amazon SES, and Sentry, used to host the website, send service emails, and diagnose errors

Authentication is handled by our own servers using industry- standard bcrypt password hashing and short-lived JWT access tokens. No third-party single-sign-on provider is used.

5. Data Storage and Cross-Border Transfer

Your data is processed and stored in multiple regions including Hong Kong (API server, file storage, search index), Singapore (primary database), the United Kingdom (payments, if paid billing is enabled), and the United States (web hosting, error tracking, transactional email). By using the Service, you consent to this cross-border transfer, which is carried out subject to appropriate safeguards (standard contractual clauses where applicable) as required by GDPR and the UK Data Protection Act.

6. Data Retention

Temporary clip copies used for desktop AI analysis are removed from active cloud storage after successful analysis. We retain your data for as long as your account is active. Upon account deletion, we will delete your personal data, submitted clips or shots, generated thumbnails, and analysis results within 30 days. Backups containing deleted data are overwritten within 90 days. We may retain aggregated, anonymized usage statistics indefinitely for service improvement, and we retain transactional records (invoices) for the period required by tax law.

7. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Request data portability (export your data in a common format)
  • Withdraw consent to non-essential processing at any time
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at hello@shotmind.net. We respond to verified requests within 30 days.

8. Cookies

We use essential cookies and browser localStorage for authentication (JWT access tokens), session management, and user preferences (language, theme, cookie consent). We do not use advertising or cross-site tracking cookies. Paddle payment flows, if enabled, may set their own cookies as described in Paddle's privacy policy. Marketing analytics, where enabled, may also set non-essential cookies. You can manage non-essential cookies using the consent banner displayed on your first visit.

9. Security

We implement industry-standard security measures including encrypted connections (TLS 1.2+), hashed passwords (bcrypt), encryption at rest for stored files, server-side access controls, and audit logging of sensitive operations. However, no system is 100% secure, and we cannot guarantee absolute security. If we discover a breach affecting your personal data, we will notify you and, where required, the relevant data protection authority without undue delay.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will delete it promptly. If you are a parent or guardian and believe we may have collected information about your child, please contact us at hello@shotmind.net.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notification at least 14 days before they take effect.

12. Contact

For privacy-related inquiries, please contact us at hello@shotmind.net.

Privacy Policy - ShotMind