← Home

Privacy Policy

Last updated: March 2025

1. Data Controller

SharedPaint is operated as an independent project. For any privacy-related inquiries, contact us at info@sharedpaint.com.

2. Data We Collect

When you create an account via Google OAuth, we store the following information:

  • A unique user identifier provided by Google (not your email)
  • Your Google profile picture URL
  • The alias (username) you choose when joining
  • Your pixel credit balance
  • The pixels you place: coordinates, color, and timestamp

We do not collect your email address, Google password, or any data outside of SharedPaint.

3. Legal Basis for Processing (GDPR)

We process your data on the basis of contract performance (Art. 6(1)(b) GDPR) — your data is necessary to provide the SharedPaint service — and our legitimate interest (Art. 6(1)(f) GDPR) in operating a functioning platform.

4. How We Use Your Data

  • To authenticate you and maintain your session
  • To display your alias and avatar next to pixels you place
  • To track your credit balance and pixel activity
  • To show your profile on the leaderboard and history

We do not use your data for advertising, profiling, or any purpose unrelated to operating SharedPaint.

5. Data Sharing

We do not sell or share your personal data with third parties, except for the infrastructure providers required to operate the service:

  • Supabase — database and authentication (data stored in EU/US data centers)
  • Vercel — hosting and content delivery
  • Google — OAuth authentication provider

6. Data Retention

Your account data is retained for as long as your account exists. Pixel placements are permanent by design — they are part of the shared canvas and cannot be individually deleted. If you wish to delete your account, contact us at info@sharedpaint.com and we will remove your personal data (alias, avatar, user ID) from our records. Historical pixel entries will be anonymised.

7. Your Rights (GDPR)

If you are based in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and personal data
  • Object to or restrict processing in certain circumstances
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, contact info@sharedpaint.com.

8. Data Security

All data is transmitted over HTTPS. Data at rest is encrypted by Supabase. We do not store passwords — authentication is handled entirely by Google.

9. Changes to This Policy

We may update this policy as the service evolves. We will update the date at the top of this page. Continued use of SharedPaint after changes constitutes acceptance of the updated policy.

10. Contact

For any questions about this policy: info@sharedpaint.com