Privacy policy
Last updated: 27 April 2026
Data controller
Trade name | Shellit |
RCCM | RB/COT/20 A 58317 |
IFU | 1201700505505 |
Contact | contact@shellit.io |
This policy applies to the shellit.io website and to all services and products published by Shellit (the “Services”).
Data collected
- Account: name, email, password (hashed), organisation.
- Content: data and files uploaded by the user to the Services.
- Technical: IP address, browser, usage logs, session cookies.
- Payment: no card data is stored by Shellit. Payment details are entered directly with Lemon Squeezy.
Purposes and legal bases
Purpose | Legal basis |
|---|---|
Provide the Services | Performance of the contract |
Bill subscriptions (via Lemon Squeezy) | Performance of the contract |
Security, fraud prevention, logging | Legitimate interest |
Accounting and tax obligations | Legal obligation |
Transactional communications | Performance of the contract |
Marketing communications | Consent (revocable) |
Partners and processors
Provider | Role |
|---|---|
Lemon Squeezy | Payment processing (Merchant of Record) — https://www.lemonsqueezy.com/privacy |
Resend | Sending of transactional emails — https://resend.com/legal/privacy-policy |
Application host | Hosting and running the Services |
Storage provider | File storage |
No data is sold to third parties.
Retention periods
Data | Period |
|---|---|
Active account | Duration of the subscription |
Account / content after termination | 30 days, then deletion |
Technical logs | 12 months |
Accounting data | 10 years (legal requirement) |
Your rights
The user has the right to access, rectify, erase, restrict, port and object to the processing of their data. They may withdraw their consent at any time where processing is based on it.
To exercise these rights, write to contact@shellit.io. A response is provided within one (1) month at most.
In case of disagreement, the user may lodge a complaint with the Personal Data Protection Authority of Benin (APDP): https://apdp.bj.
Security
Shellit implements reasonable technical and organisational measures: password hashing, TLS-encrypted communications, access control, logging, backups.
Cookies
Only cookies strictly necessary to operate the Services are set (authentication, preferences). Any additional cookie (analytics, marketing) would require prior consent.
Processing on behalf of users
Where a user stores in the Services personal data relating to third parties, the user acts as data controller and Shellit as processor. A data processing agreement may be provided on request.
Changes
This policy may be amended. Any substantial change is notified at least fifteen (15) days before it takes effect.