SHARRY
Back

PRIVACY POLICY

Last updated: April 17, 2026

1. INTRODUCTION

We take your privacy seriously. This privacy policy explains what data we collect when you use Sharry and how we handle it. Sharry is designed with privacy in mind — we minimize data collection and do not store your screen sharing content.

2. DATA CONTROLLER

The data controller responsible for this website is:

Christoph Planken - Herrlich Digital

Am schwarzen Graben 26

47929 Grefrath, Germany

Contact: Contact form

3. DATA WE COLLECT

3.1 Server Logs (Automatic)

When you access our service, our server automatically collects:

  • IP address (anonymized after 7 days)
  • Browser type and version
  • Date and time of access
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring the security and functionality of our service.

3.2 Session Data (Temporary)

During a screen sharing session, we temporarily process:

  • Session ID (random 8-character code)
  • Hashed session password
  • WebSocket connection identifiers
  • WebRTC signaling data (ICE candidates, SDP offers/answers)

This data is stored only in memory and is automatically deleted when the session ends or after 5 minutes of inactivity.

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of the service.

3.3 Local Storage (Browser)

We store the following data locally in your browser:

  • Theme preference (light/dark mode)
  • Current session information (for reconnection)
  • Authentication token (if logged in)

This data never leaves your browser and can be deleted by clearing your browser data or logging out.

3.4 Account Data (Optional)

If you choose to sign in with Google or Apple, we collect and store:

  • Email address
  • Display name
  • Profile picture URL
  • Authentication provider (Google or Apple)
  • Provider-specific user ID

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of the service you requested by signing in.

4. THIRD-PARTY AUTHENTICATION

We offer optional sign-in via Google and Apple. When you use these services, you are also subject to their privacy policies.

4.1 Google Sign-In

When you sign in with Google, we receive your basic profile information (email, name, profile picture). We do not receive your Google password or access to other Google services.

Google's privacy policy: policies.google.com/privacy

4.2 Apple Sign-In

When you sign in with Apple, we receive your name and email address. Apple allows you to hide your real email using a private relay address.

Apple's privacy policy: apple.com/legal/privacy

5. WHAT WE DO NOT COLLECT

  • Screen content: Your shared screen is transmitted directly between participants via WebRTC (peer-to-peer). We never see, store, or process the content of your screen.
  • Audio: Any shared audio is also transmitted peer-to-peer and never passes through our servers.
  • Passwords: We never receive or store your Google or Apple password.
  • Cookies: We do not use cookies for tracking or analytics.

6. WEBRTC AND STUN SERVERS

To establish peer-to-peer connections, we use public STUN servers provided by Google:

  • stun:stun.l.google.com:19302
  • stun:stun1.l.google.com:19302

STUN servers help determine your public IP address to establish direct connections. They do not relay your screen content.

7. DATA RETENTION

  • Session data: Deleted immediately when session ends
  • Server logs: Retained for 7 days, then deleted
  • Local storage: Remains until you clear your browser data or log out
  • Account data: Retained until you request deletion
  • Authentication sessions: Expire after 30 days of inactivity

8. YOUR RIGHTS (GDPR)

Under the GDPR, you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

9. SECURITY

  • HTTPS encryption for all connections
  • WebRTC DTLS encryption for peer-to-peer streams
  • Password protection for sessions
  • Automatic session expiry
  • No persistent storage of session content

10. CHANGES TO THIS POLICY

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated revision date.

11. CONTACT

If you have any questions about this privacy policy, please contact us via our contact form.