Privacy Policy

1. Who Is Responsible for Your Data

Sheboyggin Productions S.A.R.F. is the "organization" responsible for personal information under PIPEDA. It is a federal Canadian corporation incorporated under the Canada Business Corporations Act (incorporated 2026-02-24) and is the operator of sheboyggin.com.

Sheboyggin Stewardship Association (federal not-for-profit, registered 2026-02-06) is the community body that hosts the public-interest activity on the platform. Where SSA processes member information independently of S.A.R.F. (for example, governance records of the association), it is also an organization under PIPEDA in its own right.

Our privacy contact for both entities is: privacy@sheboyggin.com.

1b. How We Govern Personal Information

We maintain a written internal policy that sets out how we govern personal information across its full lifecycle — collection, use, communication, retention, and destruction. The policy is approved by the Person in Charge of Personal Information Protection (named in section 8b below) and reviewed at least once every twelve months and whenever a third-party processor is added or materially changed. This summary describes its main features in plain language; the full policy is available on request to privacy@sheboyggin.com.

Roles and accountability. Richard Alan Musson, sole director and president of Sheboyggin Productions S.A.R.F., is the Person in Charge and is accountable for our compliance with applicable privacy law. Any future personnel or contractor with access to personal information must be trained on our policies before they are granted access and must complete a refresher review at least annually.

Retention. We keep personal information only for as long as needed for the purpose it was collected, plus any minimum retention required by law (notably 7 years for Jigg-transaction records under Canadian tax rules). Account records are anonymised within 30 days of a deletion request; rate-limit events are purged after 7 days; transactional-email logs after 90 days; verification tokens expire within 24 hours. The full retention schedule is in our internal governance policy and may be requested.

Data-subject requests and complaints. Submit access, deletion, correction, opt-out, or other privacy requests at /privacy/requests. While signed in you can also export everything we hold about you instantly at /api/account/export and delete your account from /settings/profile. We acknowledge requests within 5 business days and respond within the shortest applicable statutory window (30 days under PIPEDA, Law 25, GDPR, and UK GDPR; 45 days under CCPA; 15 days under LGPD). Unresolved complaints may be escalated to the CAI in Quebec, the OPC in the rest of Canada, or your applicable supervisory authority.

Privacy by default. Profiles default to private; marketing-email consent is unchecked at registration; operational logging captures country only (no IP, user-agent, referrer, or per-visit URL tied to an individual visit); IP addresses used for vote-deduplication are hashed before storage; and we do not deploy third-party analytics, advertising, or behavioural-tracking scripts on the Service.

2. What We Collect

We do not collect sensitive personal information (health, ethnicity, biometrics, etc.) and we do not sell your personal information.

3. How We Use Your Information

• To create and maintain your account.
• To display your Content to other community members.
• To process Jigg purchases and creator payouts.
• To send you service emails (account security, payout notifications).
• To detect and prevent fraud, spam, and vote manipulation.
• To improve the platform through aggregate analytics.
• To comply with legal obligations.

We will not use your personal information for purposes other than those listed here without first obtaining your consent.

4. Who We Share Your Information With

We share personal information only where necessary:

• Neon (Neon Inc.): Our database host. Your data is stored on Neon's managed PostgreSQL service (AWS-based infrastructure).
• Stripe: Our payment processor. When you purchase Jiggs, your payment information is handled by Stripe. Sheboyggin never sees or stores raw card details. Stripe's privacy policy is at stripe.com/privacy.
• Vercel: Our hosting provider. They process HTTP requests and may log IP addresses as part of normal web infrastructure.
• Resend: Our transactional email provider. They process recipient email addresses and message content needed to deliver account, notification, and announcement emails.
• Anthropic: We use Anthropic's Claude API to generate optional follow-up questions, translations, and broadcast summaries from public content you submit (stories, questions, art prompts). Anthropic does not retain this content for model training. See anthropic.com/privacy.
• Legal requirements: We may disclose information if required by law, court order, or to protect the safety of users or the public.

We do not share your data with advertisers or data brokers.

5. IP Addresses and Vote Integrity

To prevent vote manipulation, we record a one-way SHA-256 hash of your IP address when you cast a vote without logging in. This hash cannot be reversed to recover your IP address. It is stored only to prevent the same IP from voting twice on the same submission.

Logged-in users are deduplicated by user ID instead, and no IP hash is stored.

6. Cookies and Local Storage

We use session cookies to keep you logged in (via NextAuth.js). We do not use third-party advertising cookies. We do not use tracking pixels.

We store the following preferences in your browser's local storage so the site remembers how you like it. These stay on your device and are never sent to our servers:

• Theme (light/dark)
• Sidebar layout (expanded/collapsed, classic/orb)
• Daily palette / accent colour
• Visual modes (retro, dyslexia-friendly font, anonymous, focus, chaos, world-view)
• Font-size preference
• Animation on/off

You can clear these at any time by clearing your browser's site data for sheboyggin.com.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account:

• Your account and profile are removed within 30 days.
• Public Content you posted (stories, art, music) may remain on the platform unless you also delete it before closing your account.
• Content that has been incorporated into a produced episode is retained as part of that production record.
• Financial records (Jigg purchases, payouts) are retained for 7 years as required by Canadian tax law.

8. Your Rights Under PIPEDA

Under PIPEDA you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Ask us to correct inaccurate information.
• Withdrawal of consent: Withdraw consent to our use of your information, subject to legal and contractual restrictions. Note that withdrawal may mean we can no longer provide certain services.
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe we have mishandled your information.

To exercise any of these rights, submit a request at /privacy/requests or email privacy@sheboyggin.com. We will respond within 30 days. You may also request a complete machine-readable copy of your data instantly via the data export endpoint while signed in.

8a. Your Rights Under GDPR (EU) and UK GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

• Right of access (Art. 15) — confirm whether we process your data and obtain a copy.
• Right to rectification (Art. 16) — correct inaccurate or incomplete data.
• Right to erasure / "right to be forgotten" (Art. 17) — request deletion under specified conditions.
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interests, including direct marketing.
• Right not to be subject to automated decision-making (Art. 22). Sheboyggin does not currently make decisions that produce legal or similarly significant effects about you using solely automated processing.
• Right to withdraw consent (Art. 7) at any time, without affecting the lawfulness of processing performed before withdrawal.
• Right to lodge a complaint with your supervisory authority (e.g., the UK ICO at ico.org.uk) or, in the EU, the data-protection authority of your member state.

Lawful bases: we process personal data on the bases of (a) contract (delivering the service you signed up for), (b) legitimate interests (security, abuse prevention, basic country-level analytics), (c) consent (marketing email; stored as an explicit opt-in record), and (d) legal obligations (tax, financial-record retention).

International transfers: our infrastructure is located in the United States. Where we transfer EU/UK personal data, we rely on the European Commission's Standard Contractual Clauses (and, for UK transfers, the UK International Data Transfer Addendum) with our processors (Vercel, Neon, Resend, Stripe, Anthropic).

EU/UK representative: we are presently below the threshold for which an Article 27 representative is mandatory; if and when that changes, the representative's contact details will be published here.

8b. Your Rights Under Quebec Law 25

If you are a resident of Quebec, the Act to Modernize Legislative Provisions Regarding the Protection of Personal Information (Law 25) gives you, in addition to PIPEDA rights:

• Right to be informed in plain language about the categories of personal information collected, the purposes, the means used, and any decisions made by automated processing alone.
• Right to data portability — receive personal information in a structured, commonly-used technological format.
• Right of de-indexation — request that information about you no longer be disseminated where dissemination causes harm disproportionate to the public interest.
• Right to be informed of automated decisions made about you using only personal information.
• Right to file a complaint with the Commission d'accès à l'information du Québec (CAI) at cai.gouv.qc.ca.

Person in Charge of Personal Information Protection (Quebec): Richard Alan Musson, sole director and president of Sheboyggin Productions S.A.R.F., serves as the designated Person in Charge of Personal Information Protection within the meaning of section 3.1 of Quebec's Act respecting the protection of personal information in the private sector (CQLR c. P-39.1).

Contact for Quebec privacy matters: privacy@sheboyggin.com. Requests in French are welcome and will be answered in French. A French version of this privacy policy is available on request at no charge by emailing the same address with a subject line beginning [FR].

8c. Your Rights Under California (CCPA/CPRA) and Other US State Laws

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, or other US states with comprehensive privacy laws (Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, New Jersey, New Hampshire, Kentucky, Maryland, Minnesota, Rhode Island, and others as enacted), you have rights to:

• Know what personal information we collect, the sources, the purposes, and to whom we disclose it.
• Access a copy of your personal information (the right to know specifically).
• Delete personal information we have collected from you, subject to legal exceptions.
• Correct inaccurate personal information.
• Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising.
• Limit use of sensitive personal information.
• Non-discrimination — we will not deny services, charge different prices, or provide a different level of service because you exercised any of these rights.
• Designate an authorized agent to make requests on your behalf.

We do not sell or share your personal information as those terms are defined under the CCPA, CPRA, or any analogous US state law. We do not engage in cross-context behavioral advertising and we do not deploy third-party advertising cookies, pixels, or trackers on the site. We honor browser-level Global Privacy Control (GPC) signals as opt-out requests by default; no separate opt-out is required when GPC is set.

Submit a request: use /privacy/requests, which we will treat as the "Do Not Sell or Share" link required by California Civil Code § 1798.135 (we do not sell or share, but the link is provided for your convenience). We will respond within 45 days; we may extend by 45 additional days if reasonably necessary, with notice to you.

8d. Your Rights Under Brazil's LGPD

If you are located in Brazil, the Lei Geral de Proteção de Dados (Lei nº 13.709/2018, LGPD) gives you the rights to:

• Confirm the existence of processing of your personal data.
• Access your data.
• Correct incomplete, inaccurate, or outdated data.
• Anonymize, block, or eliminate unnecessary or excessive data, or data processed in non-compliance with the LGPD.
• Data portability to another service or product provider.
• Eliminate personal data processed with your consent (subject to legal retention obligations).
• Be informed about public and private entities with which we have shared your data.
• Be informed about the possibility of refusing consent and the consequences thereof.
• Revoke consent at any time.
• File a complaint with the National Data Protection Authority (ANPD).

Submit requests via /privacy/requests or directly to privacy@sheboyggin.com. We respond within 15 days.

8e. Automated Decisions and Profiling

Some operational decisions on the Service are made by automated processes without human review at the moment of the decision. We disclose them here in compliance with section 12.1 of the Quebec Act and Article 22 of the GDPR. None of these decisions produce legal effects or similarly significant effects about you within the meaning of GDPR Art. 22(1) — they are operational safeguards. You can request human review of any automated outcome by contacting privacy@sheboyggin.com.

• IP rate-limiting. When the same IP address triggers more than a published threshold of requests against a sensitive endpoint (registration, privacy-request submission, etc.) in a 24-hour window, further requests from that IP are blocked until the window resets. The block is automatic; the principal factor is the count of recent requests from the same IP.
• Username filter. Usernames matching a published profanity list are rejected at registration.
• Content auto-rejection. Submissions whose text matches a small set of conservative patterns covering racial slurs, direct threats of violence, child-exploitation indicators, and doxxing are auto-rejected. All other moderation goes through a human admin review queue.
• Region-based content visibility. Adult-flagged content is hidden from visitors located in jurisdictions with active age-verification regimes the Service does not currently meet (United Kingdom under the Online Safety Act and sixteen US states). Visibility is decided on the country (and, for the United States, state) reported by Vercel's edge headers.

In each case the principal personal information used in the decision is described above. To request human review of an outcome, to contest it, or to ask for the reasoning behind it, write to privacy@sheboyggin.com.

9. Children's Privacy

Sheboyggin is not directed at children under 13 and we do not knowingly collect personal information from them. We require all account holders to provide a self-reported date of birth at registration and refuse signups under 13 (US Children's Online Privacy Protection Act floor; GDPR Art. 8 minimum age — some EU member states set a higher digital-consent threshold up to 16, in which case parental consent is required and we will work with you to obtain it).

If you believe a child under 13 has created an account, contact privacy@sheboyggin.com and we will delete the account and all associated data promptly.

10. Security

We take reasonable technical and organizational measures to protect your personal information:

• Passwords are hashed using bcrypt before storage — we never store plaintext passwords.
• Database connections are encrypted in transit (TLS).
• Payment data is handled entirely by Stripe and never touches our database.
• IP addresses used for vote deduplication are hashed immediately and the raw address is discarded.

No system is 100% secure. If you discover a vulnerability, please report it responsibly to security@sheboyggin.com.

Breach notification. If we experience a breach of security safeguards involving personal information that creates a real risk of significant harm to affected individuals, we will (a) notify the Office of the Privacy Commissioner of Canada and any other applicable data-protection authority (such as the lead supervisory authority under GDPR Art. 33, the UK ICO, the CAI in Quebec, the ANPD in Brazil, or the relevant US state attorney general) without undue delay and where feasible within 72 hours of becoming aware of the breach, and (b) notify affected individuals directly without unreasonable delay. We keep an internal record of all incidents that meet the breach threshold.

11. International Transfers

Our infrastructure (Neon, Vercel) is US-based. By using Sheboyggin, you consent to your personal information being transferred to and processed in the United States. We rely on contractual data protection clauses with our service providers to ensure your information receives an adequate level of protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Effective Date above. For significant changes we will notify you by email. Continued use of the platform after a change takes effect constitutes acceptance of the updated policy.

13. Contact Us

Privacy questions or requests: privacy@sheboyggin.com

General legal matters: legal@sheboyggin.com