1. Scope & regions
This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you use TellShots — including mobile apps and websites such as tellshots.com (together, the “Service”).
TellShots is available worldwide. Your rights may vary by country or province/state — see Section 10. Note that premium payment features (Ad-free and Identity Verification) are not available in certain sanctioned or restricted jurisdictions as described in our Terms & Conditions Section 2.1.
2. Information we collect
2.1 Account & profile
- Name, display name, email address, phone number (if you provide it);
- Profile fields such as avatar images (often delivered via Cloudflare Images where enabled), bio text, and regional labels you enter or select;
- Approximate or structured location you supply during onboarding (for example city/region): on web we may use browser-based search powered by third-party geocoding APIs (such as Photon/Komoot using OpenStreetMap data); on mobile we use Expo Location APIs that rely on the platform geocoder (Apple/Google–style services on the device) when you search by place name or use GPS-based “current location”.
2.2 Content & activity
- Predictions, thread replies or comments on predictions, reactions, follows, bookmarks or similar saves where offered, and related timestamps;
- In-app notification records (for example rows delivered to your notification inbox while signed in), generated when relevant activity occurs;
- Optional in-app feedback or ratings you submit (for example product feedback forms).
- Reputation-related scores or aggregates derived from your activity (for example credibility or calibration-style metrics presented in-product).
2.3 Technical & diagnostic data
- Device type, OS version, app/build identifiers, IP address, coarse location derived from IP in some cases;
- Server, edge, and vendor logs (for example authentication events, API errors, rate limits);
- Cookies, pixels (if any), local storage, and theme preference keys on websites — see our Cookies Policy;
- On mobile, optional product preference flags stored on-device (for example notification-related toggles) even when native push delivery is not enabled for your build.
2.4 Verification & payments
If you use optional identity verification, our payments partner(s) (for example Stripe) may process payment details. Identity verification may involve a vendor such as Didit (or similar) collecting identity documents or biometric verification depending on the flow presented to you. We do not store full payment card numbers on our servers.
2.5 Sensitive information
We generally try to minimise sensitive personal information. If you voluntarily include sensitive information in content you post (for example health or political opinions), that content may be visible according to your settings and Service functionality. Where local law requires explicit consent for certain sensitive categories, we rely on your voluntary submission or present separate consent in-product where applicable.
2.6 AI & prediction-resolution processing
To structure and resolve predictions we process prediction text and related metadata through automated systems, including machine-learning models operated by Anthropic (for example Claude Haiku with web-assisted research where configured) and deterministic calls to public reference sources (for example market-pricing or weather archive endpoints such as CoinGecko-style or Open-Meteo-style APIs depending on category). Outputs may be stored as part of prediction records and reputation calculations.
2.7 Permissions we request (mobile)
Our iOS and Android apps may ask for OS permissions consistent with the features below (you can deny them where the platform allows; some flows may be unavailable without alternative input):
- Location (“when in use”) — to suggest places during signup / profile region selection via search or optional GPS-based current location (processed through Expo Location and the device geocoder).
- Camera — optional photo capture for profile avatars (expo-image-picker).
- Photo library — optional selection of existing photos for profile avatars.
We do not use these permissions to serve third-party behavioural ads in the TellShots apps as currently shipped.
3. Legal bases
UK / EEA (GDPR / UK GDPR): We process personal data under lawful bases including:
- Contract — providing accounts and the Service you request;
- Legitimate interests — security, fraud prevention, product improvement, and moderation (balanced against your rights);
- Consent — where required (for example certain cookies or optional communications);
- Legal obligation — where we must comply with law.
India (Digital Personal Data Protection Act 2023 — “DPDPA”): Where you access the Service from India, we act as a Data Fiduciary for personal data covered by the DPDPA. We process personal data for lawful purposes consistent with this Policy, with consent or other grounds allowed under Indian law. You may have rights described in Section 10.6.
4. How we use information
We use personal information to:
- Provide authentication (email/password everywhere; OAuth via Google or Apple on web where offered via Supabase), sync, and core social features;
- Operate feeds, discovery, leaderboards, moderation, safety tooling, analytics, and debugging;
- Process verification fees where offered and prevent fraud;
- Communicate service notices, security alerts, and (where permitted) marketing — with opt-out where required;
- Meet legal, regulatory, and tax obligations and enforce our Terms & Conditions.
5. How we share information
We may disclose information:
- To processors / service providers — including Supabase (hosted database/authentication and realtime delivery), Stripe (payments), identity-verification vendors (for example Didit), Cloudflare (CDN/images), Anthropic (AI extraction/resolution processing), public reference API hosts (for example market or weather data providers invoked during resolution), optional geocoding APIs on web (such as Photon/Komoot / OSM-backed search), mobile platform geocoding services via Expo Location, Apple/Google authentication or notification transport services tied to your device OS, and analytics or observability vendors we may introduce from time to time (for example crash or performance diagnostics).
- To other users — according to content you publish or interactions you choose;
- In connection with business transfers (for example merger or asset sale) subject to confidentiality;
- To authorities — where required by law, court order, lawful requests, or to protect rights and safety.
Sale / targeted advertising: We do not sell personal information for money. Where US state laws define “sale” or “sharing” broadly (for example for cross-context behavioural advertising), we describe our practices in Section 10.2.
6. International transfers
Neno Group is based in Australia. Our subprocessors may store or process data in other countries (including the United States, European Economic Area, United Kingdom, Singapore, India, or other regions depending on vendor configuration).
- UK / EEA: Where required, we use appropriate safeguards such as Standard Contractual Clauses (EU Commission or UK ICO versions), supplemented measures where appropriate, or reliance on adequacy decisions.
- Canada / New Zealand: Cross-border disclosures may occur subject to applicable privacy statutes and contractual protections with vendors.
- India: Where the DPDPA or implementing rules restrict transfers, we rely on permitted mechanisms (including Government-approved territories or contractual safeguards when specified).
7. Security
We implement reasonable administrative, technical, and organisational measures (including encryption in transit where configured, access controls, and vendor due diligence). No method of transmission or storage is perfectly secure.
8. Retention
We retain information while your account is active and as needed to operate the Service, resolve disputes, comply with law, and defend claims. Backup systems may retain residual copies for a limited period. After account deletion, we delete or de-identify personal information within a reasonable period unless a longer retention period is required by law or legitimate interest (for example fraud prevention logs).
9. Your choices & general rights
You may access or correct certain profile fields in-app.
To exercise privacy rights (access, deletion, portability where applicable, objection, restriction, appeal): email [email protected] with “Privacy Request” in the subject, describe your country/state of residence, and include the email associated with your account. We may verify identity before fulfilling requests.
We respond within timelines required by applicable law (for example 30–45 days for many US state laws, or as prescribed under Indian rules once effective guidance applies).
10. Regional information
TellShots is available globally. Where your country is not listed below, your local data-protection and privacy laws may still apply. For privacy requests from any jurisdiction, contact [email protected] with "Privacy Request" in the subject line, stating your country of residence.
10.1 Australia
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If we disclose personal information overseas (for example to cloud vendors), we take reasonable steps under APP 8. You may complain to us first; you may also contact the Office of the Australian Information Commissioner (OAIC) — oaic.gov.au.
In outline (non-exhaustive): we collect personal information that is reasonably necessary for our functions; we notify via this Policy (APP 5); we use and disclose it for primary and reasonably expected secondary purposes (APP 6); we strive to maintain accuracy and security (APP 10–11); overseas disclosures may occur to recipients such as Supabase, Stripe, Didit, Anthropic, Cloudflare, and reference API hosts — we take steps reasonable in the circumstances to ensure recipients meet substantive privacy standards comparable to the APPs where APP 8 requires.
10.2 United States
Depending on your state of residence, you may have rights under state privacy laws (including, as examples, California CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, Montana MCDPA, and others as enacted).
- Rights may include access, deletion, correction, portability, and opting out of certain processing;
- We do not use or disclose “sensitive personal information” beyond permitted business purposes where those concepts apply, and we do not sell personal information for monetary consideration;
- California: California residents can learn about categories collected and disclosed in this Policy. You may designate an authorised agent where permitted by law.
- Children: We do not knowingly collect personal information from children under 13 as described in COPPA; our Service is directed to adults 18+.
10.3 United Kingdom & European Economic Area
If you are in the United Kingdom, the UK GDPR and Data Protection Act 2018 may apply. If you are in the EEA, the GDPR may apply. You may have rights including access, rectification, erasure, restriction, objection, portability, and (where processing is consent-based) withdrawal of consent. UK residents may complain to the ICO — ico.org.uk. EEA residents may contact their local supervisory authority.
10.4 New Zealand
If you are in New Zealand, your personal information is handled in accordance with the Privacy Act 2020. You may complain to the Office of the Privacy Commissioner — privacy.org.nz.
10.5 Canada
Canadian privacy laws may apply, including the federal PIPEDA and provincial statutes (for example Alberta’s PIPA, BC’s PIPA, and Quebec’s Law 25). Depending on province, you may have rights to access, correction, withdrawal of consent where applicable, and complaints to the relevant Commissioner (including the Office of the Privacy Commissioner of Canada — priv.gc.ca).
10.6 India
If you access the Service from India, the DPDPA may apply to digital personal data we process there. You may have rights to access information about processing, correction, erasure, grievance redressal, and nomination, subject to conditions in Indian law and any delegated rules. You may escalate complaints to the Data Protection Board of India when operational procedures permit.
Cross-border transfers will follow mechanisms recognised under Indian law as they become clarified by rulemaking.
Grievance Officer (Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 & Digital Personal Data Protection Act, 2023):
- Name: Amit Taneja
- Designation: Grievance Officer, NENO GROUP PTY LTD (ACN 671 083 711)
- Email: [email protected] (please include "Grievance" in the subject line)
- Office hours: Mon–Fri, 9am–5pm AEST (excluding Australian public holidays)
We acknowledge grievances within 24 hours and aim to resolve them within 15 days of receipt. Complaints relating to content that exposes the private area of an individual, depicts such individual in any sexual act or conduct, or is in the nature of impersonation in an electronic form (including artificially morphed images), will be acted upon as expeditiously as possible and resolved within 72 hours, in line with Rule 3(2) of the IT Rules 2021.
11. Third-party links
The Service may link to third-party websites, app stores, identity/payment hosts, or documentation. We do not control those services and this Policy does not apply to them — review their privacy notices before engaging.
12. Advertising
The TellShots web app (tellshots.com) may display ads served by Google AdSense (publisher ID: ca-pub-1822658414344782) to users who have not purchased the Ad-free premium plan. Google may set advertising cookies and use interest-based signals to show relevant ads. See our Cookies Policy for details. Users who purchase Ad-free will not be shown these ads.
Our mobile apps are not monetised through in-app advertising networks such as Google AdMob. We do not use cross-app tracking frameworks for ad personalisation in mobile builds as currently shipped. If we introduce advertising or analytics SDKs that materially change collection, we will update this Policy and obtain permissions where required by Apple, Google, or applicable law.
13. Children
TellShots is not directed to individuals under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.
14. Automated processing & profiling
Some product features may use algorithms or rules to compute scores, rankings, feeds, or moderation signals about your activity. These outputs may constitute profiling under some laws. Where required, we provide information about logic and significance in-product or on request. You may contest outcomes where applicable law gives you that right by contacting [email protected].
15. Marketing communications
Where we send promotional communications, we will obtain consent where required and provide an unsubscribe or preference mechanism (for example email opt-out or in-app settings).
16. Changes
We may update this Privacy Policy. We will revise the “Last updated” date and, where legally required, notify you (for example via in-app notice or email for material changes affecting Indian users or certain US states).
17. Contact
Privacy & data requests:
[email protected]
(include “Privacy Request” in the subject where applicable)
Account deletion: you may submit a request at
tellshots.com/delete-account (or email us from your registered address).
Website: tellshots.com
Response time: we aim to respond within the timelines required by applicable law (often ~30 days for
many jurisdictions, subject to complexity and verification).
This Policy is designed for multi-country launch alongside our Terms & Conditions. Laws evolve — obtain qualified legal review before relying on this text as final compliance documentation.