← Back to shou
shou

Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains how ABSS Analytics ("shou", "we", "us") collects, uses, and protects your personal data when you use shou.be (the "Service"). We are committed to handling your data transparently and in accordance with the EU General Data Protection Regulation (GDPR).

1 Who We Are (Data Controller)

The data controller responsible for your personal data is:

  • ABSS Analytics
  • Ch. de Louvain 1220, Brussels, 1200, Belgium
  • Company registration number: BE0804852055
  • Contact for privacy matters: privacy@shou.be

If you have any questions about this policy or how we handle your data, contact us at the email above.

2 What Data We Collect

We aim to collect as little as possible. What we collect depends on whether you browse as a guest or sign in.

2.1 Everyone (including guests; no account required)

  • Approximate location (from your IP address): We use your IP address to estimate your general area (for example, city or region) so that we can show events near you. We do not collect precise GPS location unless you explicitly grant it (see Section 2.3).
  • Usage signals: The events you tap, like, search for, and mark as "going", used to make recommendations more relevant and to improve our event catalog. For guests, these are stored anonymously and associated with your browser rather than your identity.
  • Technical data: Basic information needed to operate and secure the Service, such as your IP address, browser type and version, operating system, device type, language preference, and timezone. Some of this is captured automatically; some is captured only if you send feedback (see Section 2.4).
  • Local storage on your device: We store your language preference and, if you sign in, your session, so that the Service remembers your settings between visits. This is stored in your browser rather than on our servers, except where noted.

2.2 If you create an account or sign in

  • Email address: Used to sign you in via a magic link (a one-time sign-in link). We do not use passwords.
  • Saved activity: Your liked events, events you are going to, and your preferred language, synced to your account so that they are available across your devices.
  • Account identifier: A unique ID assigned to your account.

2.3 Precise location (only with your permission)

If you tap "Use my location", your browser will ask permission to share precise location. We use this only to surface nearby events and do not store your precise coordinates beyond what's needed to serve that request. You can revoke this permission at any time in your browser settings.

2.4 If you send feedback

When you submit feedback through the app, we collect the message you write and, to help us reproduce and fix issues, some automatically captured context: the page/URL you were on, your language, your current search (if any), screen and viewport size, device type, browser language, timezone, and connection status. We do not ask for or attach your email to feedback unless you include it yourself in the message.

3 Why We Use Your Data and Our Legal Basis

What we doWhyLegal basis (GDPR Art. 6)
Show events near you (IP-based location)Core function of the ServiceLegitimate interests / performance of service
Recommendations based on your likes, searches, and tapsTo make the Service useful and relevantLegitimate interests (or consent, where applicable)
Sign you in via magic link and sync your saved eventsTo provide account features you requestPerformance of a contract
Use precise location when you opt inTo show nearby events more accuratelyConsent
Translate event contentTo show events in your languageLegitimate interests
Error monitoring and securityTo keep the Service working and secureLegitimate interests
Process feedback you sendTo fix issues and improve the ServiceLegitimate interests / consent
Where we rely on consent (for example, precise location), you can withdraw it at any time without affecting your use of the rest of the Service.

4 Who We Share Data With (Processors)

We do not sell your personal data, and we do not allow advertisers to target you. We share data only with service providers ("processors") who help us run the Service, under agreements that require them to protect your data and use it only on our instructions:

  • Supabase — database and authentication hosting. Your account data and saved activity are stored here. Data is hosted in the EU (Frankfurt, Germany).
  • Vercel — hosting and delivery of the website and its backend functions.
  • Google (Gemini API) — used to translate event titles and descriptions into your language. Only event text is sent for translation, never your personal account data.
  • Sentry — error monitoring to detect and fix technical problems. Configured to use the EU data region with personal data minimised.
  • Upstash — rate-limiting infrastructure to help prevent abuse. Processes IP addresses transiently.

Some providers may process data outside the EU. Where that happens, such transfers are protected by appropriate safeguards (for example, EU Standard Contractual Clauses).

5 How Long We Keep Your Data

  • Account data (signed-in users): Kept while your account is active. If your account is inactive for 2 years, we will delete or anonymise your personal data. You may also delete your account at any time (see Section 6), which removes your associated personal data.
  • Guest usage signals: Retained for up to 12 months for recommendations and catalogue improvement, then deleted or anonymised.
  • Feedback: Kept for up to 24 months, as long as needed to address the issue and improve the Service.
  • Technical and security logs: Kept for up to 90 days for security and debugging.

6 Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (the "right to be forgotten").
  • Restrict or object to certain processing, including profiling for recommendations.
  • Data portability — receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data protection authority. In Belgium, this is the Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), www.dataprotectionauthority.be.

To exercise any of these rights, contact us at privacy@shou.be. We will respond within the timeframes required by law (normally one month).

7 Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children below this age. If you believe a child has provided us data, contact us and we will delete it.

8 Security

We take reasonable technical and organisational measures to protect your data, including hosting in the EU, encrypted connections (HTTPS), restricted access to personal data, and rate-limiting to prevent abuse. No system is perfectly secure, but we work to protect your information and to address any issues promptly.

9 Cookies and Local Storage

We use browser local storage to remember your language preference and keep you signed in. These are essential to the functioning of the Service. We do not use third-party advertising or cross-site tracking cookies.

10 Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app.

11 Contact

Questions, requests, or complaints:

  • ABSS Analytics
  • privacy@shou.be
  • Ch. de Louvain 1220, Brussels, 1200, Belgium