Last updated: 2026-05-09
Imperfect Shade ("the Application") is a private, self-hosted personal data ingest application operated by a single individual for personal use. The Application connects to third-party services that the Operator authorizes via OAuth — including social media platforms and personal accounting or financial-data services — and stores the returned data on the Operator's own infrastructure. This policy describes what data the Application collects, how it is used, and how to request deletion.
Imperfect Shade is operated by Steven Harris (the "Operator"). The Application is not offered as a service to third parties; it runs on the Operator's own infrastructure for the Operator's own use.
When the Operator authorizes the Application to connect to a third-party service via OAuth, the Application stores:
The specific OAuth scopes requested vary by service and are documented in each service's developer documentation. The Application requests only the scopes required for the use cases listed in "How the data is used" below — typically read-oriented scopes for the Operator's own data — and does not request scopes that would grant access to other users' data.
Collected data is used solely to:
Data is not sold, shared with third parties, or used for advertising. The Application does not include third-party analytics or tracking scripts.
Data is stored on the Operator's self-hosted infrastructure. No data is sent to any third party other than the connected services whose APIs the Operator has authorized.
Data is retained while the corresponding service connection remains authorized. When the Operator disconnects a service from the Application, OAuth tokens for that service are deleted, and the cached account, content, and analytics data for that service is removed within 30 days.
Because the Application is single-operator, the Operator may delete any data at any time directly from the Application's database. Third parties who believe their data may be referenced inside the Application — for example, public commenters on a tracked post — may request deletion by emailing [email protected]. Requests will be honored within 30 days.
You may also revoke the Application's access from each connected service's own settings page (for example, the TikTok app permissions screen, the Intuit App Connections page, or the equivalent setting on any other service) at any time, which will invalidate the Application's tokens for that account.
OAuth tokens are encrypted at rest. The Application is served over HTTPS. Access to the Application's user interface is restricted to authenticated sessions on the Operator's own account. The underlying server is not exposed publicly except via the Application's HTTPS endpoint.
The Application is not directed at children under 13 and does not knowingly collect data from children under 13.
This policy may be updated from time to time. Material changes will be reflected in the "Last updated" date above.
Questions or deletion requests: [email protected].