Controller
The controller is Bastien Vanhove EI, 78, Avenue des Champs-Élysées, Bureau 326, 75008 Paris, France.
For privacy questions: contact@shredy.app.
Data collected by Shredy, processing purposes, providers, retention periods, and user rights.
Updated on July 9, 2026.
The controller is Bastien Vanhove EI, 78, Avenue des Champs-Élysées, Bureau 326, 75008 Paris, France.
For privacy questions: contact@shredy.app.
Shredy collects only the data needed to run the app, secure the service, provide support, and manage premium rights.
Shredy does not collect or store bank card details. Payments are made exclusively in the mobile app through Apple App Store or Google Play.
RevenueCat may process technical subscription data to verify premium rights, restore purchases, and synchronize access between the app and Shredy backend.
Processing is based on contract performance when data is required to provide the app, synchronize data, manage the account, process support, or activate purchases.
Some processing relies on consent, including notifications, access to Apple Health or Health Connect, and marketing communications if introduced.
Security logs, abuse prevention, and technical analytics rely on Shredy’s legitimate interest in maintaining a reliable and secure service. Billing and accounting requirements rely on legal obligations.
Your data is never sold. It may only be shared with providers needed to operate the service.
The app uses SQLite as a local source of truth for some data and Expo Secure Store for the authentication token. Tokens are not stored in SQLite.
When signed in, some data may synchronize with the Shredy backend for backup and multi-device use.
You may exercise access, rectification, erasure, restriction, objection, and portability rights where applicable.
You can use app features when available or write to contact@shredy.app. You may also lodge a complaint with the CNIL.
Shredy uses technical and organizational measures to protect data: password hashing, token authentication, secure mobile token storage, access restrictions, and secure hosting.
Some providers, including Apple, Google, RevenueCat, or Expo, may process data outside the European Economic Area. In that case, GDPR safeguards or applicable contractual mechanisms are used.
This policy may change to follow app, backend, or legal developments. The update date appears at the top of the page.