1 Introduction
Shouffing (“we”, “our”, or “us”) operates two mobile applications that together form a fashion and clothing discovery platform in Algeria:
- Shouffing — the shopper app, used by customers to browse products, follow shops, place delivery orders, and share fit photos
- Shouffing Admin — the shop owner app, used by boutiques and shops to list products, manage orders, create drop events, and communicate with customers
This Privacy Policy explains what personal information we collect when you use either application, how we use it, who we share it with, and the rights you have over your data.
By creating an account and using either app you agree to the practices described in this policy. If you do not agree, please do not use the apps.
2 Information We Collect
2.1 Shopper Account Information (Shouffing app)
When you create a shopper account we collect:
- First and last name
- Email address or phone number (used for login and account recovery)
- Password (stored as an irreversible bcrypt hash — never readable by us)
- Wilaya (region) of residence
2.2 Shop Owner Account Information (Shouffing Admin app)
When you create a shop owner account we collect:
- Shop name and owner name
- Email address and phone number
- Password (stored as an irreversible bcrypt hash)
- Shop type / category and wilaya
- Shop location (latitude and longitude, if provided)
- Social media URLs (Instagram, Facebook, TikTok — optional)
- Profile picture
2.3 Location Data
With your explicit permission we use your device’s GPS to show nearby shops and to calculate routes. Location coordinates are used only within your current session and are never stored on our servers. Shop owners may optionally save their shop’s location to help customers find them.
2.4 Photos and Product Listings
Shoppers: If you choose to share a “fit” (a photo of yourself wearing a purchased product) that image is uploaded to our secure cloud storage and shown publicly within the app. You can delete your fit photos at any time, and they are permanently deleted when you delete your account.
Shop owners: Product images and listing details (name, brand, price, description, category) that you upload are stored on our servers and displayed publicly in both apps. All product listings and images are permanently deleted when you delete your shop account.
2.5 Order Information
When an order is placed we collect:
- Customer name, phone number, delivery address, and wilaya
- Product details, price, and order status history
- Shop name and shop owner identity (linked internally)
2.6 Device and Technical Data
- Push notification token (FCM token) — used to deliver order updates and alerts to your device
- App interaction data (screens visited, features used) — used anonymously to improve the experience
- Device type and operating system version — used for troubleshooting
- Online status and last-seen timestamp — used to show availability
2.7 Preferences and Activity
- Shops and products you follow or add to favourites (shoppers)
- Drop reminders you set (shoppers)
- Notification preferences (e.g. sale alerts on/off)
- App language and theme settings
- Drop events you create and manage (shop owners)
3 How We Use Your Information
| Purpose | Data used |
|---|---|
| Creating and managing your account | Name, email or phone, password, wilaya |
| Processing and tracking orders | Name, phone, delivery address, order details |
| Sending push notifications | FCM token; order status, drop alerts, promotions |
| Showing nearby shops and directions | GPS coordinates (session only, not stored) |
| Displaying the Fit Gallery | Uploaded fit photos |
| Displaying product listings | Product images, details, and pricing (shop owners) |
| Managing drop events | Drop schedule, linked products, subscriber list (shop owners) |
| Personalising your feed and recommendations | Wilaya, favourites, follows, preferences |
| Improving the apps | Anonymous usage analytics |
| Security and fraud prevention | Account activity, order history |
We process your data on the legal basis of contract performance (to provide the service you requested) and legitimate interest (to improve and secure the platform).
4 How We Share Your Information
We do not sell, rent, or trade your personal information. We share it only in the following limited circumstances.
4.1 Between Shoppers and Shop Owners
When a shopper places an order, the relevant shop owner receives the shopper’s name, phone number, delivery address, and product details — the minimum information needed to fulfil the delivery.
Shoppers can see the shop owner’s shop name, profile picture, wilaya, shop type, and social media links as displayed on the shop’s public profile. Shop owners are independent businesses operating on the Shouffing platform.
4.2 Third-Party Service Providers
- Firebase (Google LLC) — push notification delivery. Your FCM token may be processed on Google’s servers. Google operates under standard contractual clauses. See Google’s Privacy Policy.
- Swift Object Storage — secure cloud hosting for images (fit photos and product images). Images are stored on encrypted object storage servers.
- OpenStreetMap & OSRM — map tiles and route calculation when you view a shop’s location. These services receive only anonymous map tile requests; no account data is sent to them.
4.3 Legal Requirements
We may disclose your information if required to do so by applicable law, court order, or a competent governmental authority in Algeria.
5 Data Security
We apply the following technical and organisational security measures:
- All communication between the apps and our servers is encrypted with HTTPS (TLS 1.2+)
- Passwords are stored using bcrypt hashing — we cannot read or recover your password
- Access tokens expire after 15 minutes; refresh tokens after 30 days
- Backend scripts are stored outside the public web directory and are not directly accessible
- All API endpoints require a validated key for every request
- Real-time connections use secure WebSocket (WSS) with certificate encryption
No internet-connected system is completely immune to attack. In the unlikely event of a data breach that materially affects your rights, we will notify affected users without undue delay.
6 Data Retention
6.1 Shopper Data
| Data type | Retention period |
|---|---|
| Account profile (name, email, phone) | Until you delete your account |
| Push notification token (FCM) | Until account deletion or device token rotation |
| Fit gallery photos | Until you delete them, or until account deletion |
| Delivery order records | 2 years after order completion. After account deletion, your personal details are removed from the order record but the order itself is retained in anonymised form for the shop owner’s business and tax records. |
| In-app notification history | Until account deletion |
| Session tokens | 15 minutes (access) / 30 days (refresh) |
6.2 Shop Owner Data
| Data type | Retention period |
|---|---|
| Shop profile (name, email, phone, social links, location) | Until you delete your account |
| Product listings and images | Permanently deleted when you delete your account |
| Drop events and linked products | Permanently deleted when you delete your account |
| Shop ratings and followers | Permanently deleted when you delete your account |
| Delivery order records | After account deletion, your shop details are removed from existing orders but the anonymised order records are retained so customers can still view their order history. |
| Push notification token (FCM) | Until account deletion or device token rotation |
| Session tokens | 15 minutes (access) / 30 days (refresh) |
7 Your Rights
Under Algerian Law No. 18-07 on the Protection of Individuals with Regard to the Processing of Personal Data, and consistent with internationally recognised best practices, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate information through the Settings screen in either app
- Erasure — request permanent deletion of your account and all personal data
- Restriction — ask us to limit how we process your data in certain circumstances
- Data portability — request your data in a structured, machine-readable format (within 30 days)
- Withdraw consent — opt out of promotional notifications at any time via Settings → Notifications
8 Children’s Privacy
Shouffing and Shouffing Admin are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will delete the account and all associated data immediately.
If you are a parent or guardian and believe your child has registered on our platform, please contact us at support@shouffing.com.
9 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes we will notify you via a push notification or a prominent notice within the app before the change takes effect.
The “Last updated” date at the top of this page always indicates the most recent revision. Continued use of either app after any update constitutes acceptance of the revised policy.
10. Contact Us
For privacy-related questions, data requests, or concerns, please contact our support team.
Email: support@shouffing.com
We aim to respond to all requests within 5 business days, and no later than 30 days.
Delete My Account