Privacy Policy

Last updated: April 2026

SharePane (sharepane.com) is an EU-hosted, real-time screen-sharing and collaboration service. This policy explains what personal data we process, on what legal basis, how long we keep it, and the rights you have under the General Data Protection Regulation (GDPR).

Data Controller

SharePane is the controller for account data and service metadata. For questions about this policy or to exercise your rights, contact privacy@sharepane.com.

Data We Collect

• Account information: display name, email address, hashed password (or Google OAuth identifier when enabled).
• Session metadata: room identifiers, participant names, timestamps, room configuration, and audit-log entries for administrative actions.
• Recordings (only when explicitly enabled for a room): the audio and video streams captured while recording is active. Every participant is notified before recording starts.
• Security data: IP address and User-Agent string on authentication, rate-limit buckets, and active session records.

Legal Basis

• Performance of a contract (GDPR Art. 6(1)(b)) for creating and operating your account, authenticating you, and delivering the room features you request.
• Legitimate interests (GDPR Art. 6(1)(f)) for security logging, rate limiting, abuse prevention, and maintaining the integrity of the service.
• Consent (GDPR Art. 6(1)(a)) for optional features such as session recording.

Data Retention

Account data is kept while your account is active. Audit-log entries and rate-limit records are retained for a limited window (typically 30–90 days) for security purposes, then purged. Recordings are deleted after the configured retention period for the room. Deleted accounts are permanently removed after a 30-day grace period.

Your Rights

Under the GDPR you have the right to access, rectify, export, or delete your personal data, to restrict or object to processing, and to lodge a complaint with a supervisory authority.

• Access and export: you can request a machine-readable export of your account and session data via the /api/account/export endpoint (or from your profile page).
• Deletion: you can permanently delete your account and associated data via DELETE /api/account (or from your profile page).
• Rectification: update your display name and password from your profile page.

Sub-processors

We use a small number of EU-based sub-processors:

• OVH (France) — hosting and infrastructure.
• OVH SMTP (France) — transactional email (verification, password reset).
• Google LLC — only if you choose to sign in with Google (OAuth). Governed by Standard Contractual Clauses.

International Transfers

All primary data processing takes place within the European Union. Any transfer outside the EEA occurs only under Standard Contractual Clauses or another lawful transfer mechanism.

Security

Passwords are hashed with a modern KDF. Traffic is protected with TLS 1.2+. Access to production systems is restricted and logged.

Cookies and Local Storage

We use only strictly necessary storage: an authentication token, your locale, and your theme preference. We do not use analytics or marketing cookies.

Contact

Questions, requests, or complaints: privacy@sharepane.com. You may also contact your national data protection authority.