Privacy policy

Shake Ltd., Radnicka 47, Zagreb, Croatia (further: “Shake”, “company”, “we”, “us”, or “our”) respects and protects the privacy and personal data of users of our services, business partners and any other persons whose personal data we might collect and process during our everyday business activities.
 

This Privacy policy explains who we are, the purpose and basis for that processing, whether you have to provide the data to us, how long we store your data, whether we share your personal data with anybody or intend to transfer it to another country, how we secure your personal data and which rights you have regarding the processing of your data, as provided under the European Union’s General Data Protection Regulation (GDPR).
 

This Privacy policy applies to all personal data which we collect, use or in any other way process if you are a user of our services, visitor of our website or if you otherwise communicate. For the purpose of this Privacy policy, and in accordance with the GDPR:
 

  1. personal data” means any information relating to a natural person which is identified or can be identified, directly or indirectly;
  2. processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
     

Who are we?

Shake helps developers get unreal data to fix real issues in their mobile apps.
 

Within the meaning of the GDPR, we act as the controller for the processing of your personal data specified in this Privacy policy.
 

When and why do we collect your personal data?

1. Users of our services

If you are a user of our services, we collect and process your personal data in order to provide the service to you. The scope of personal data that we process is strictly limited to personal data necessary to serve your needs (for example, to process your crash reports and communications with us) or to meet legal and regulatory requirements.
 

Your information which we process may be collected either when you provide services to end users or directly from you, when you input it into our system.
 

We may also use your personal data to send you news and other relevant information about our service or in order to improve the quality of the service, to solve problems detected within the service and to develop better features.
 

Shake SDK

Please be aware that third parties (our users) may use Shake SDK to collect their end users’ personal data. In such scenarios, we do not operate as data controllers, instead we serve solely as data processors while our users control the SDK and its behavior. This Privacy policy primarily applies to instances where we are the data controller and outlines how we process personal data in that capacity.
 

2. Visitors to our website

We may collect your personal data if you are a visitor to our website. While this information does not necessarily reveal your specific identity (your name or contact details), it may include personally identifiable information, which is primarily needed to maintain the security and operation of our website and for our internal analytics and reporting purposes.
 

Additionally, we also process your personal data if you contact us through the contact form available on our website or if you send us a direct message by other means.
 

Direct inquiries

Through our website, you can also apply for a startup discount. For this purpose, a contact form is available. In order to reply to your query, we collect personal data which you decide to disclose.
 

Similarly, we collect the personal data which you send when directly contacting us by other means, e.g. by sending us an email.
 

Cookies

Like many businesses, we may also collect information through cookies and similar technologies, which help us to improve our website, to better understand our visitors and their behavior. Cookies are small text files placed on a visitor’s device to collect internet log information. They are widely used by website owners in order to make their websites work, or work more efficiently, as well as to provide reporting information.
 

3. Users of our dashboard

If you are registering as a user of the Shake Dashboard, we need to collect some information about you so that we can create your account. We need this information to:
 

  1. be able to identify users accessing the Shake Dashboard;
  2. keep track of your usage of Shake Dashboard, as it may affect the subscription;
  3. meet our standard security procedures.
     

4. Newsletters

When you subscribe to our newsletter you will provide certain personal data which will only be used for that specific purpose. If you were a previous user of our services or have shown interest in our services or starting a career in Shake, we may send you a newsletter as well.
 

5. Social media

We have an official account on Slack, LinkedIn and Twitter. This means we will have access to some of your personal data if you are our social media contact, but this is limited to such data which you decide to make available by sending us a message or otherwise connecting with us. We use your personal data collected through our social media accounts, for example, to solve your requests when you send us a direct message or to notify you about recent developments regarding our business activities.
 

What information do we collect about you?

1. Users of our services

We collect your personal data required to provide you our services (such as information needed to set up your user account) and information provided in the course of your use of our service. The personal data we collect may be categorized as follows:
 

  1. personal contact details, such as your name, address, phone number and email;
  2. any contact details which may be required to access our service, such as your login name and password;
  3. your tax number;
  4. the relevant payment or banking information;
  5. any other information which may be necessary to perform our services.
     

Shake SDK

We do not control the data our servers receive this way. The scope of personal data we process results from the nature of the service provided by our users to you as their end user. It may include:
 

  1. personal contact details, such as your name, address, phone number and email;
  2. our user’s app screenshots, screen recordings and other automatically or manually attached photos, videos and files;
  3. history of your interaction with our user’s app, system events, console logs, network traffic and similar;
  4. any data from our user’s app, such as your username, subscription status or shopping cart contents, including the data we strongly encourage our users not to collect, such as passwords, tokens and other credentials.
     

2. Visitors to our website

If you are visiting our website, it is usually the case that we are not aware of your specific identity. We only collect information of a technical nature, which your browser will automatically transfer to our server while you are browsing through our website.
 

The data which we collect in this process includes the following:
 

  1. date and time of access;
  2. the part of our website which you accessed;
  3. information on the browser and operating system used;
  4. where applicable, information on any errors which occur (where requested content cannot be displayed);
  5. the last website you accessed which redirected you to our website.
     

Direct inquiries

Further, if you apply for a startup discount through our contact form or by directly contacting us by other means, we will collect your name, email address and personal data which you disclose in the message you send us.
 

Cookies

We use cookies to:
 

  1. distinguish you from other users;
  2. provide you with an optimum browsing experience;
  3. enable us to collect general browsing information which allows us to do site analytics, customization and improve the quality of the service.
     

If you access Shake through your browser, you can manage your cookie settings there but if you disable some cookies you may not be able to use Shake.
 

In addition, we use third parties like Google Analytics (opt out) and FullStory (opt out) for website analytics and customer support. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.
 

3. Users of our dashboard

If you wish to create an account to access the Shake Dashboard, you will be asked to provide your name, email address which you will use as your username and information on your corporate affiliation (i.e., our user on whose behalf you will be using our products).
 

You will also be asked to set up a password to access your account. Please make sure to use your password in accordance with any applicable Terms of service. In particular, do not disclose your password to anyone else and notify us immediately if you become aware of unauthorized use of your account.
 

4. Newsletters

When you subscribe to our newsletter, we only collect your personal contact details necessary for this purpose, such as your name and email.
 

5. Social media

If you are one of our social media contacts, we collect and process personal information which you publish or otherwise make available to us through these accounts such as your first and last name, comments, likes or other reactions and membership in certain groups.
 

If you send us a direct message through one of our social media accounts, we will collect your contact details (such as your first and last name) and other personal data which you disclose in the message you send us.
 

What is the legal basis?

1. Users of our services

If you are a user of our services, your personal data is necessary so that we can provide the service to you.
 

The scope of personal data which we process results from the nature of the service you provide to your end users, so that they can be identified in Shake.
 

We undertake our best efforts to ensure that the scope of processing is limited to what is necessary for the performance of the contract between you as user and Shake as your service provider. In this sense, you are required to provide us the requested information if you would like to use our service.
 

Occasionally, we may also contact you with information about our service or process personal data in order to improve the quality of the service, to solve problems detected within the service and to develop better features. We base this processing on our legitimate interest to keep you informed about our service and to regularly improve it.
 

Shake SDK

Our users may use Shake SDK to collect their end users’ personal data so that they can provide the service to them, improve the quality of their app, solve problems detected within the app, develop better features, or whatever their legitimate interest is.
 

2. Visitors to our website

The information you disclose through our contact form or by directly contacting us by other means, and the information we collect about you while you are browsing through our website is processed for the purpose of our legitimate interests, i.e. providing a website for information and use, its maintenance and improvement.
 

We also store analytics and customization cookies, which help us understand how our website is being used or how effective our marketing campaigns are or to help us customize our website for you.
 

However, depending on the nature of a query, other legal bases might also apply e.g. processing of the information may also be needed prior to entering into a contract with you.
 

3. Users of our dashboard

When you create an account to access the Shake Dashboard, we collect limited information about you. This is necessary to provide the agreed service to our user, on whose behalf you are accessing the Shake Dashboard.
 

We consider that Shake has a legitimate interest in processing this information, as we need to be able to identify those accessing and using the Shake Dashboard and to track usage in order to apply the correct subscription. Collecting such data is also necessary to meet standard security procedures and ensure reliability and operability of our services.
 

4. Newsletter

When you subscribe to our newsletter, the basis for the processing is your consent.
 

However, we may also send you a newsletter if you were a previous user of our services or if you have shown interest in our services or starting a career in Shake. In that case, the processing is based on our legitimate interest.
 

You may withdraw your consent or object to the processing based on our legitimate interest at any time by simply unsubscribing at the bottom of the newsletter email or by sending us an email to friends@shakebugs.com.
 

5. Social media

If your personal data is public or sent to us directly through social media accounts, you consent to our processing of your personal data for the purpose of connecting with us or responding to a request or query. You may withdraw consent at any time by contacting us or using the options available in your social media account, as applicable.
 

How long do we keep your personal data?

We keep the information we collect about you for as long as you use our services or as necessary to fulfill the purposes for which it was collected, provide our services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
 

How long do we keep your personal data?

We do not sell your personal data to third parties in any circumstances whatsoever.
 

However, we may share your personal data in the following cases:
 

  1. when subcontractors assist us in providing our services (e.g. software developers, who also maintain our software and who assist us in resolving queries we may receive from you);
  2. if Shake or substantially all of its assets are acquired by a third party, in which case personal data will be one of the transferred assets;
  3. with providers of cloud computing services, which we need to collaborate with in order to store and be able to access the collected data;
  4. when we use the services of providers of various information society services, e.g. tools for communication and project management.
     

We may also disclose your personal data to the following sub-processors which assist us in providing our services:
 

  1. Amazon Web Services, Inc. (Hosting), United States
  2. Canny, Inc. (Customer feedback), United States
  3. FullStory, Inc. (Analytics), United States
  4. Google LLC (Analytics), United States
  5. Intercom, Inc. (Support helpdesk, customer communication), United States
  6. Segment.io, Inc. (Analytics), United States
  7. SendGrid, Inc. (Customer communication), United States
  8. Stripe, Inc. (Payment processing), United States
     

In certain circumstances, we may also share your personal data with public authorities. It is also possible that public authorities (e.g. courts) will require us to disclose personal data. In such a case, we will have a legal obligation to do so.
 

Besides that, we may share your personal data with other third parties as necessary to enforce our Terms of service, user agreements or other policies. Such disclosure may be carried out to enforce a legal claim or resolve a dispute regarding the use of our services, as well as to protect Shake’s other rights and properties.
 

Transfer of personal data outside the EU/EEA

We do not usually share your personal data with any third parties located outside the EU/EEA. However, some of our service providers might operate in countries outside this territory. When such service providers provide services to us, we may need to transfer some personal data outside the EU/EEA. Nevertheless, in these cases, our service providers have committed themselves to safeguards that are required by European data protection laws to provide adequate level of data protection (such as, for example, by applying standard contractual clauses for processors in third countries).
 

How do we protect your personal data?

We use a variety of technical and organizational measures to protect your personal data from unauthorized access or disclosure, alteration, loss, theft and any other breach. These measures, among others, include:
 

  1. we host Shake on Amazon Web Services, a world leader in compliance with the latest security best practices;
  2. your data in transit is encrypted using TLS and then stored on AWS where it’s encrypted at rest using AES with a 256-bit key;
  3. we do not store your credit card data on our servers;
  4. our offices have 24-hour security personnel on site, cameras, visitor logs and smart card door entry requirements;
  5. our non-disclosures, training courses and security guidelines guide our entire team in making the right security decisions;
  6. Shake audits data access regularly so that employees only have the permissions necessary to do their jobs;
  7. to ensure business continuity in case of disaster, critical data is always backed up and moved to a different account.
     

Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
 

What are your rights?

Under the GDPR you, as an individual, have certain rights, depending on our reason for processing of your personal data:
 

1. Your right of access

You have the right to request from us a confirmation whether we process any of your data, and where that is the case, you can access that data and the information regarding the purpose of the processing, the categories of personal data concerned and rest of the information concerning that processing. Based on this right, you have the right to ask us for copies of your personal data.
 

2. Your right to rectification

If you notice that we have some incomplete or incorrect data, you can request from us to complete or correct it. This right always applies.
 

However, if you are a user of our product, you may be able to login to your account and complete/correct it yourself. If this option is available, we strongly advise you to keep your personal data accurate at all times. However, if this option is not available to you, you can request from us to complete or correct it by contacting us. You can find our contact details in the section “How can you contact us” below.
 

3. Your right to erasure

Under certain circumstances you have the right to ask us to erase your personal data. For example, if you think that we no longer need your data for the original reason we collected or used it for, or you initially consented to us using your data, but have now withdrawn your consent, or you have objected to the use of your data for direct marketing purposes, or if you think that we have a legal obligation to erase your data.
 

However, please bear in mind that this is not an absolute right and that sometimes we will not be able to comply with your request. For example, if we have an overriding legitimate interest for the processing or where due to legal obligations, we must keep your data for a certain period.
 

4. Your right to restriction of processing

Under certain circumstances, if you are concerned about the accuracy of the data or how it is being used you have the right to ask us to restrict the processing of your information.
 

5. Your right to object to processing

You have a right to object to the processing of your personal data which is based on our legitimate interest (for example, such as the processing for the purpose of promotion or sales, or for statistical purposes).
 

6. Your right to data portability

When the processing is based on your consent or required for the performance of a contract and when the processing is automated you have the right to ask that we transfer your data to another organization in a structured, commonly used and machine-readable format.
 

This only applies to the personal data you manually provided to us.
 

7. Your right to withdraw consent at any time

If the processing of personal data is based on your consent, you may at any time withdraw your consent and, in that case, we will no longer process your personal data for this purpose. However, withdrawal of consent will not affect the legality of the consent-based processing prior to its withdrawal.
 

8. Your right to file a complaint to a supervisory authority

Lastly, if you think that the processing of personal data carried out by us is not compliant with GDPR, you have the right to file a complaint to the competent supervisory authority – in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
 

In Croatia, the supervisory authority is the Croatian Personal Data Protection Agency, whose website may be found at https://azop.hr/naslovna-english/.
 

However, without prejudice to your right to file a complaint to a supervisory authority, in case you are unsatisfied with our processing, we encourage you to first contact us to see if we may mutually resolve the issue. You can find our contact details in the section “How can you contact us?”
 

How can you contact us?

If you have any questions regarding this Privacy policy or if you wish to exercise one of your GDPR rights stated above in section “What are your rights?”, feel free to contact us by sending an email to friends@shakebugs.com or by post to:
 

Shake Ltd.
Radnicka 47
Zagreb, Croatia
 

When you contact us to exercise one of your GDPR rights, we might ask for additional information from you for the purpose of a reliable identification. If we cannot reliably identify you, please bear in mind that we can decline any request you make.
 

We will try to provide you the information you request within fifteen days of the receipt of your request.
 

Please note that this Privacy policy primarily covers data processing in cases where we act as data controllers. Due to the nature of our services, we also act as data processors for third-parties (our clients) as data controllers. In such cases, we are generally required to refrain from addressing your privacy requests except as instructed by the data controllers. Nevertheless, should you direct your query to us, we will immediately notify your data controller and provide all necessary assistance in responding.
 

Children’s privacy

Our services are not intended to be used by children under 13 years of age (and in certain jurisdictions under the age of 16) and children will not be given a profile or password by us. If we learn that we have collected any information (including personal data) pertaining to a child under 13 years of age (and in certain jurisdictions under the age of 16), we will promptly take steps to delete that information.
 

Governing law and jurisdiction

To the extent permitted by GDPR, Croatian law applies to this Privacy policy and all related matters. You agree to exclusive jurisdiction of Croatian courts for any disputes which may arise regarding our use of your personal data.
 

Changes to Privacy policy

Shake Ltd. reserves the right to change or update this Privacy policy at any time and, in particular, when we find it appropriate or necessary to remain compliant with relevant laws.
 

If there is a substantive change to the Privacy policy, we will try to notify you of it by various means – for example by using a pop-up, or send you an email, so you can review it and decide whether you perhaps want to object to it.
 

Also, if we want to further process your data for a different purpose and the processing is based on your consent, we will first notify you and ask for your consent again for that new purpose.
 

Last updated and effective as of: 7 November 2023
 

Help your app be the best version of itself.

Get started for free

Add to app in minutes

Doesn’t affect app speed

GDPR & CCPA compliant