Privacy Policy
Last updated: 2026-02-27
1. Information We Collect
Shomerli collects the following categories of information to provide and improve our internet filtering service: Account Information: When you create an account, we collect your name, email address, preferred language, and organization details (family name, institution name, or business name). For institutional accounts, we may also collect the administrator's role and contact details. Device Information: When you register a device, we collect the device name, operating system, OS version, and a unique device identifier. We also collect device status information (online/offline, protection active/inactive). DNS Query Logs: Our filtering service processes DNS queries from your registered devices. We log the domain name requested, the filtering decision (allowed, blocked, or escalated), the source of the decision (blocklist, cache, or AI classification), and a timestamp. We do not log full URLs, page content, or browsing session data. Billing Data: If you subscribe to a paid plan, we collect payment information through our payment processor, Stripe. Shomerli does not store credit card numbers directly. We retain transaction records, plan details, and invoice history. Support Interactions: When you contact support or use our AI chat assistant, we collect the content of your messages to provide assistance and improve our service.
2. How We Use Your Information
We use the information we collect for the following purposes: Internet Filtering: To provide DNS-based content filtering according to your chosen protection profiles (Child, Teen, Adult, or Business). DNS query data is used to make real-time filtering decisions and to improve the accuracy of our AI classification system. Account Management: To create and maintain your account, manage your organization's devices and protection profiles, and process unblock requests. Billing and Payments: To process subscriptions, generate invoices, and manage your plan through Stripe. Support: To respond to your inquiries, troubleshoot issues, and provide customer service through our AI assistant and human support team. Security and Anti-Bypass: To detect and alert administrators about bypass attempts (such as VPN usage, DNS-over-HTTPS, proxy applications, or app uninstall attempts) on protected devices. Service Improvement: To analyze aggregated, anonymized usage patterns to improve filtering accuracy and reduce false positives, particularly on religious and community content.
3. Data Retention
We retain your data according to the following schedule: DNS Query Logs: Retained for 90 days for Family and Individual plans, and 365 days for Institution and Business plans. After the retention period, logs are permanently deleted. Account Data: Retained for as long as your account is active, plus 30 days after account deletion to allow for reactivation. Billing Records: Retained for as long as required by applicable tax and accounting laws (typically 7 years under Québec and Canadian law). Support Conversations: AI chat transcripts are retained for 90 days. Support tickets are retained for 1 year after resolution. Bypass Alert Data: Retained for 180 days from the date of the alert.
4. Data Sharing
Shomerli does not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, strictly as necessary to operate our service: Supabase: Provides our authentication infrastructure. Receives email addresses and authentication tokens. Hosted in North America. Stripe: Processes payments and manages subscriptions. Receives billing information as necessary to process transactions. Stripe's privacy policy governs their handling of your payment data. Anthropic (Claude AI): Our AI classification engine processes domain names only to determine content categorization. We never send personal information, browsing history, page content, or any personally identifiable information to the AI service. Only the domain name is transmitted for classification. We may also disclose information if required by law, court order, or governmental regulation, or if necessary to protect the rights, safety, or property of Shomerli, our users, or the public.
5. Your Rights (Loi 25 / PIPEDA)
Under Québec's Loi 25 (Act respecting the protection of personal information in the private sector) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights: Right of Access: You may request a copy of the personal information we hold about you. Right of Rectification: You may request that we correct any inaccurate or incomplete personal information. Right of Deletion: You may request the deletion of your personal information, subject to our legal retention obligations. Right to Data Portability: You may request your personal information in a structured, commonly used, and machine-readable format. Right to Withdraw Consent: You may withdraw your consent to the processing of your personal information at any time. Note that withdrawing consent for essential processing (such as DNS filtering) will require cancellation of your account. Right to File a Complaint: You may file a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada (OPC) if you believe your privacy rights have been violated. To exercise any of these rights, contact our Person Responsible for the Protection of Personal Information (PRP) at privacy@shomerli.com.
6. Data Security
We implement industry-standard security measures to protect your personal information: Encryption at Rest: All personal data stored in our databases is encrypted using AES-256 encryption. Encryption in Transit: All data transmitted between your devices and our servers is encrypted using TLS 1.3. Access Controls: We enforce role-based access control (RBAC) at every level of our system. Only authorized personnel with a legitimate need can access personal data, and all access is logged. Infrastructure Security: Our infrastructure is hosted on secure, SOC 2-compliant cloud providers. Database access is restricted by network policies and requires authenticated connections. Incident Response: In the event of a data breach, we will notify affected users and the relevant privacy authorities within the timeframes required by Loi 25 and PIPEDA.
7. Children's Privacy
Shomerli is designed to protect children online, but we do not directly collect personal information from children under the age of 13. Child protection profiles are created and managed by parents or authorized administrators. For Child (ENFANT) profiles, we collect only the device identifier and DNS query logs associated with the device. The child's name is optional and entered by the parent. Children cannot create accounts, manage profiles, approve unblock requests, or access billing information. Parents have full visibility into and control over their children's filtering settings, activity logs, and unblock requests through the parent dashboard.
8. Cookies and Tracking
Shomerli uses only essential session cookies to maintain your authenticated session and remember your language preference. We do not use: - Third-party tracking cookies - Advertising cookies - Analytics tracking scripts (such as Google Analytics) - Social media tracking pixels - Browser fingerprinting techniques Our session cookies are HttpOnly, Secure, and SameSite=Strict. They are automatically deleted when your session expires or when you log out.
9. Contact
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: Person Responsible for the Protection of Personal Information (PRP): Email: privacy@shomerli.com General Inquiries: Email: support@shomerli.com Mailing Address: Shomerli Inc. Montréal, Québec, Canada You may also file a complaint with: - Commission d'accès à l'information du Québec (CAI): www.cai.gouv.qc.ca - Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: - Notify you by email at the address associated with your account - Display a prominent notice in the Shomerli dashboard - Update the "Last updated" date at the top of this page We encourage you to review this Privacy Policy periodically. Your continued use of Shomerli after any changes constitutes your acceptance of the updated policy.