What we collect
We only collect what we need to process your order and keep your account working:
- Name, email, phone, and delivery address — to fulfil your order.
- Order history and preferences — if you create an account.
- Email address — if you subscribe to our newsletter.
- Reviews you choose to publish — tied to your account.
How we store it
Your data lives in our Supabase database, encrypted in transit (HTTPS) and at rest. Access is restricted to the small team that runs Shama.
What we never collect
Some things we don't touch — because we don't need them:
- Credit card numbers — we only support Cash on Delivery and bank transfer.
- Precise GPS location.
- Device fingerprints or advertising identifiers.
- Browsing activity on other sites.
Third parties we rely on
To run Shama we use a handful of trusted services:
- Vanex — to deliver your order. Shares your name, phone, and address.
- Supabase — to host our database and handle sign-ins.
- OpenRouter — to power the AI chatbot, Finder, and Quiz. Your prompts are processed to produce a response.
- We do not use analytics, advertising, or tracking cookies.
Your rights
You can ask us to access, correct, or delete your data at any time — just DM us on Instagram. We'll respond within 7 days.
Age limit
Shama is intended for customers aged 16 and older. We do not knowingly collect data from children under 16.
Changes to this policy
If we update this policy we'll change the date at the top and flag significant changes on the homepage.