Privacy Policy
Last updated: 11 April 2026
The short version: you're anonymous, we collect as little as possible, we don't sell your data, and we delete your chats after 30 days. Read on if you want the full picture.
1. Who We Are
ShtChat is operated as an independent app. If you have questions about this policy, contact us at privacy@shtchat.app.
2. What Data We Collect
We aim to collect as little as possible. Here's what we do collect:
- Anonymous user ID — when you open the app, Firebase assigns you a random anonymous ID. No name, email, or phone number required.
- Chat messages — text messages you send during a session are stored in Firebase Firestore temporarily.
- Queue data — a temporary record that you're waiting to be matched. Deleted within 2 minutes of matching or leaving.
- Saved chats (optional) — if you choose to sign in with Google and save a chat, we store a summary (first 3 messages), message count, and a link to any generated audio file.
- Reports — if you report another user, we store the chat ID, your anonymous user ID, and the reason reported.
- Audio files (optional) — if you save a chat, an AI-generated audio file is uploaded to Firebase Storage.
We do not collect your name, phone number, location, contacts, or any device identifiers beyond what Firebase Analytics may collect (see Section 5).
3. How We Use Your Data
- To match you with another user via the queue system
- To deliver real-time chat messages during a session
- To generate AI audio previews of saved chats using ElevenLabs (see Section 6)
- To review reports of harmful content
- To maintain the security and integrity of the service
We do not use your data for advertising, profiling, or selling to third parties.
4. Data Retention
- Chat messages — deleted 30 days after the chat ends
- Queue entries — deleted within 2 minutes automatically
- Saved chats — retained until you delete your account or request deletion
- Audio files — retained as long as the associated saved chat exists
- Reports — retained for up to 12 months for moderation purposes
- Anonymous accounts — deleted after 90 days of inactivity
5. Third-Party Services
ShtChat uses the following third-party services. Each has its own privacy policy.
- Google Firebase (Firestore, Authentication, Storage, Functions) — used for authentication, data storage, and cloud functions. Firebase Privacy Policy
- Google Sign-In — optional, only if you choose to save chats. We receive your Google email and display name. Google Privacy Policy
6. AI Audio Generation (ElevenLabs)
When you save a chat, the chat messages are sent to ElevenLabs to generate an AI audio version of your conversation. ElevenLabs processes this data according to their own privacy policy.
- Only messages from saved chats are sent to ElevenLabs
- Messages are sent over HTTPS and processed server-side via Firebase Cloud Functions
- ElevenLabs does not receive your user ID or any identifying information beyond the text content
- ElevenLabs Privacy Policy
7. Children's Privacy
ShtChat is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at privacy@shtchat.app and we will delete it.
8. Your Rights (UK & EU Users)
Under UK GDPR and EU GDPR, you have the right to:
- Access — request a copy of the data we hold about you
- Erasure — request deletion of your data
- Restriction — request we limit how we use your data
- Portability — receive your data in a portable format
- Object — object to certain types of processing
To exercise any of these rights, email privacy@shtchat.app. Because chats are anonymous by default, we may not be able to identify you without additional information.
9. Security
All data is transmitted over HTTPS. Firestore security rules ensure users can only access their own data and chats they are a participant in. Cloud Function secrets are stored in Google Cloud Secret Manager.
10. Changes to This Policy
We may update this policy from time to time. We'll update the "last updated" date at the top. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact
Questions? Email privacy@shtchat.app. We'll try to respond within 30 days, or sooner if we're not on the loo.