logoShindig
Sign InHome

Privacy Policy

Last updated: 8 March 2026

Privacy Policy

This Privacy Policy explains how Koder Ltd collects, uses, stores, shares, and protects personal data when you use Shindig.

In this Privacy Policy, "we", "us", and "our" mean Koder Ltd. "Shindig" means the Shindig application and related services.

By using Shindig, you acknowledge the practices described in this Privacy Policy.

1. Who we are

Shindig is operated by:

Koder Ltd
United Kingdom

Contact email: info@getshindig.app

2. Age requirement

Shindig is intended for users aged 16 and over. We do not knowingly provide the service to children under 16.

3. The personal data we collect

Depending on how you use Shindig, we may collect the following categories of personal data.

Account and identity data

  • name
  • email address
  • account identifier
  • authentication provider data such as Google profile details where you sign in with Google
  • profile image information where available

Profile and app data

  • profile details you provide or edit
  • contacts and related contact-management data
  • event memberships and RSVP states
  • event content you create, including titles, descriptions, locations, links, FAQs, polls, tasks, messages, and related participation data
  • gallery uploads, captions, and image-related metadata needed to operate the gallery
  • notification and preference data
  • shared ledger records relating to expenses and off-platform settlement tracking

Technical and session data

  • information required to maintain authentication and secure sessions
  • basic technical information generated through normal use of the app, such as request and device/browser context that may appear in server or infrastructure logs

We do not intentionally collect more personal data than is reasonably necessary to operate the service.

4. How we collect data

We collect personal data:

  • directly from you when you create or update information in the app
  • from supported identity providers when you sign in, such as Google
  • through the normal technical operation of authentication, hosting, storage, and email systems

We do not currently use analytics tools, advertising trackers, or marketing cookies.

5. How we use personal data

We use personal data to:

  • create and maintain your account
  • authenticate you and keep the service secure
  • operate core app features such as events, invitations, chat, tasks, contacts, gallery features, notifications, and the shared ledger
  • send essential service communications such as sign-in links or service-related emails
  • detect abuse, protect users, and maintain the integrity of the platform
  • comply with legal obligations
  • improve and maintain the service

We do not currently send marketing emails.

6. Legal bases for processing

Where UK GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • performance of a contract: to provide the service you ask us to provide
  • legitimate interests: to operate, secure, and improve Shindig, provided those interests are not overridden by your rights
  • legal obligation: where we must process data to comply with applicable law
  • consent: where consent is required for a specific activity

7. Authentication and email

Shindig currently supports authentication using Google OAuth and email magic links.

If you use Google sign-in, we may receive profile information from Google such as your name, email address, and avatar data.

If you use email magic links, we process your email address in order to send a sign-in link and authenticate you.

We may also use your email address to send essential account, security, or service-related communications.

8. Gallery privacy and uploads

Shindig processes event photo uploads to operate the gallery feature.

As part of the current app design, uploaded images are processed on the client before upload, including removal of EXIF metadata. This is intended to reduce unnecessary embedded metadata such as location or device details.

Event gallery images are treated as event content and may remain associated with an event even if the original uploader later deletes their account.

9. Shared ledger and payments

Shindig does not process in-app payments.

The shared ledger feature only records event-related expenses and off-platform settlement claims between users. Any actual payment or transfer takes place outside the app.

10. Cookies and similar technologies

We do not currently use analytics cookies, advertising cookies, or similar tracking technologies for marketing purposes.

We may use essential session-related technologies required for authentication, security, and basic service operation.

11. Sharing personal data

We do not sell your personal data.

We may share personal data with service providers that help us operate Shindig, such as providers involved in:

  • authentication
  • hosting and infrastructure
  • storage
  • email delivery

We may also disclose data where required by law, to enforce our terms, or to protect rights, safety, and the integrity of the service.

12. International access and transfers

Shindig is operated by a UK company and is accessible globally.

Where personal data is processed by providers or systems located outside the UK, we will take reasonable steps to ensure an appropriate lawful basis and safeguards are in place where required.

13. Data retention

We keep personal data for as long as reasonably necessary to operate Shindig, comply with legal obligations, resolve disputes, maintain security, and preserve legitimate event records where appropriate.

Retention periods may vary depending on the type of data, the feature involved, and our legal or operational obligations.

14. Account deletion and anonymisation

Where account deletion features are used, some data may be deleted and some may be anonymised rather than fully erased, where that is necessary to preserve event history or system integrity.

For example, event-related records such as messages, memberships, or uploads may in some cases remain as part of the historical event record in anonymised form.

15. Your rights

Depending on the laws that apply to you, you may have rights to:

  • access your personal data
  • correct inaccurate personal data
  • request deletion of personal data
  • object to or restrict certain processing
  • request a copy of your data
  • lodge a complaint with a relevant supervisory authority

To make a privacy-related request, contact info@getshindig.app.

16. Security

We take reasonable technical and organisational measures to protect personal data, but no system can be guaranteed to be completely secure.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will update the "Last updated" date on the page. Continued use of Shindig after an updated version takes effect means you acknowledge the revised Privacy Policy.

18. Contact

If you have questions about this Privacy Policy or want to make a privacy request, contact:

Andrew James Bingham
Koder Ltd
info@getshindig.app