ShimmerUX

Privacy Policy

Last updated: 1 June 2026

ShimmerUX is a small product run by one person in Norway. This page explains, in plain English, what we collect, why, and what you can do about it. No tricks.

The short version
  • We collect the minimum needed to run your audits and your account.
  • We never sell your data, and we never use it for advertising.
  • The one thing worth knowing: when you audit a website, that site's content and a screenshot are sent to Google's AI so it can analyze the page.
  • Want to see or delete your data? Email shimmerux@gmail.com any time.

Who we are

ShimmerUX is run by an independent solo developer based in Norway. For privacy law, that person is responsible for your data (the "data controller"). Since Norway is in the EEA, the GDPR applies. You can reach us any time at shimmerux@gmail.com.

What we collect

When you sign in with Google: your email address, your name, and your Google profile photo. We use these to set up your account and to fill in the sender details on the pitch emails we generate. You can edit your name and add a short bio on your account page. We never see your Google password.

When you run an audit: the URL you submit or the screenshot you upload, plus the report we generate (which includes a screenshot of the audited page, scores, and the suggested fixes and pitch emails). We save these so you can view your history and share reports.

If you run a free audit without signing in: to stop people abusing the one free audit, we store a scrambled one-way fingerprint of your network address (not your actual IP, which we never keep) and a random id in a cookie. That is all.

If you subscribe: payments are handled by LemonSqueezy. They deal with your card details. We never see or store them. We only keep your plan and a subscription id.

How the product is used: we use PostHog (hosted in the EU) to see which pages and buttons get used and when audits succeed or fail. This helps us fix bugs and improve things. Once you are signed in, this is linked to your account.

A note about auditing other people's sites

To produce an audit, we load the page you submit and send its content and a screenshot to Google's Gemini AI to analyze it. We also use a Cloudflare service to open the page. So if you audit a site you do not own, that site's content passes through Google and Cloudflare, and the screenshot is saved in your report. Please only submit URLs you are comfortable sharing this way and have the right to submit. See our Terms for more.

Finding prospects (the lead finder)

If you use the lead finder, you give us a business type and a location, and we look up matching local businesses through a service called Outscraper, which sources public Google Maps listings. For each result we may store the business name, website, address, phone number, rating, and a short AI note about how the site looks. These are saved to your own private prospect list so you can work through them and track who you have contacted. We do not build a shared database of these leads, and other users never see your list. If you reach out to a business you found this way, you do so as the sender, from your own email. You can delete saved prospects by emailing us, and they are removed if you close your account.

Who else sees your data

We rely on a few trusted companies to run ShimmerUX. Here is the full list and what each one gets:

  • Google for sign-in (your email, name, photo) and for the AI analysis (the audited page and screenshot).
  • Cloudflare to load the page you want audited (just the URL).
  • Outscraper to look up local business listings when you use the lead finder (it gets your search terms and returns public Google Maps listings).
  • Turso hosts our database (where your account and reports live).
  • Vercel hosts the app and keeps short-term technical logs.
  • PostHog (EU) for the product analytics described above.
  • LemonSqueezy for payments.
  • Your browser also loads fonts (Fontshare), shows site icons via Google, and, if you join the agency waitlist, sends that form to Tally.

Some of these are based outside the EEA, mostly in the US, so your data may be processed there under each provider's standard data-protection terms. We never sell your data.

How long we keep it

We keep your account and saved reports for as long as you have an account. Free and anonymous reports drop out of the app after 7 days. Saved prospects from the lead finder stay in your list until you delete them or close your account. If you ever want a report, a saved prospect, or your whole account fully deleted, just email us and we will remove it.

Your rights

It is your data. If you ever want to see what we hold, fix it, get a copy, or have it deleted, just email shimmerux@gmail.com and we will take care of it, at no cost and usually well within 30 days. We would always rather hear from you directly so we can make it right.

Cookies

We keep cookies to a minimum:

  • One to keep you signed in.
  • One to limit the free audit to one per visitor.
  • One for the product analytics (PostHog).

You can block or clear cookies in your browser settings at any time. A privacy-friendly browser or ad blocker will stop the analytics cookie. The sign-in and free-audit cookies are needed for the site to work.

Security and children

We use reputable providers, encrypted connections, and we store secrets and API keys only as hashes (never the raw value). No system is perfectly secure, but we take sensible care. ShimmerUX is a tool for professionals and is not meant for anyone under 18.

Changes

If we change this policy we will update the date at the top, and for anything important we will let you know. Questions? Email shimmerux@gmail.com.