Privacy Policy

Last updated: June 8, 2026
Effective date: June 23, 2026

Get Shelter LLC (“Shelter,” “we,” “us,” or “our”) operates this website, providing a way for people to securely store personal information and give access to their trusted contacts.  This Privacy Policy describes how we collect, use, and share information when you visit our website or otherwise interact with us.

By using our website or purchasing our products, you agree to the practices described in this policy.

1. Information We Collect

We collect information you provide directly to us, including:

  • Identifiers — email address, name, and billing address.
  • Financial information — payment method type and last four digits of card number (full card details are handled by our payment processor and never stored on our servers).
  • Communications — messages you send us via email or contact forms.

We also collect certain information automatically when you visit our website:

  • Internet or network activity — pages visited, time spent, referring URLs, browser type, device information, and IP address.
  • Cookies and similar technologies — see Section 5 below.

The categories listed above represent the personal information we have collected in the preceding 12 months. We have disclosed identifiers to service providers solely for payment processing purposes.

We encrypt and store information that you upload to Shelter in each of the categories, e.g. Finances, Physical Assets, etc., but we cannot view it because it can only be decrypted with your password and we don’t know your password.

Our employees can only see the following data:

  • Account creation and last login timestamps.
  • The count of vault items in each category.
  • File sizes (if applicable).
  • Subscription status and payment history.
  • The names and email addresses of your Trusted Contacts and their current access status.

Sensitive Personal Information. Other than your encrypted vault data, which we cannot read, we do not intentionally collect sensitive personal information as defined under the CCPA/CPRA. If you believe you have submitted such information to us, please contact us at contact@getshelter.co so we can delete it.

 

2. How We Use Your Information

We use the information we collect to:

  • Send communications regarding authentication, trusted contact status, subscription, general info, promotions, etc.
  • Maintain and improve our website and product offerings.
  • Detect and prevent fraud or other harmful activity.
  • Comply with legal obligations.
  • Send promotional communications, if you have opted in (you may opt out at any time).
  • Conduct internal research and analytics for security auditing and product performance analytics using aggregated or de-identified data. De-identified data has been processed such that it can no longer reasonably identify any individual, and we maintain technical and organizational safeguards against re-identification.
  • Show you advertisements for our products on third-party websites and social media platforms based on your interactions with our website.
  • Measure the effectiveness of our advertising campaigns and understand how users interact with our ads.

3. Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service providers — third parties that help us operate our business, such as payment processors and email delivery services. These parties are contractually restricted to using your information only to perform services on our behalf.
  • Advertising and Analytics Partners — Only for public-facing landing pages, we may share identifiers and internet activity (such as IP addresses and browsing behavior) with third-party advertising partners, including social media and search advertising platforms. These partners use this information to serve you relevant ads on other websites (cross-context behavioral advertising) and to provide us with analytics. We do not share this information for logged in users accessing vaults.
  • Legal authorities — when required by law, subpoena, or to protect our rights. While we comply with valid legal orders, our zero-knowledge architecture ensures that we cannot provide unencrypted vault content to any third party, including law enforcement, as we do not possess the keys to decrypt it.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Payment Information

Payment card details are processed by our third-party payment processor and are not stored on our servers. We receive only a transaction token and the last four digits of your card number.

5. Cookies

We use the following categories of cookies:

  • Essential — required for the website to function (e.g. authentication). These cannot be disabled without breaking core functionality.
  • Analytics — help us understand how visitors use the site (e.g., page views, traffic sources). Data collected is aggregated and not linked to individual identities.
  • Marketing — allows us to run cross-context behavioral ad campaigns, such as by placing third-party tracking pixels on this site.

You can control or disable non-essential cookies through your browser settings. Disabling essential cookies may affect site functionality.

6. Do Not Track & Opt-Out Signals

Our website does not currently take specific technical action in response to browser-based “Do Not Track” (DNT) or “Global Privacy Control” (GPC) signals.

7. Data Retention

We retain personal information as follows:

  • Account data
    • Automatic deletion – Your data will be retained while your subscription is active, plus a 12-month grace period. The data will be permanently and irretrievably purged after this period.
    • Manual deletion – You may request deletion at any time (see Section 9).
  • Subscription history and payment metadata — retained for seven years to comply with tax laws and record-keeping requirements.
  • Technical usage data (IP addresses, cookie identifiers) — deleted after 12 months if you do not return to our site.

8. Children’s Privacy

Our website and products are not directed to children under 13. We do not knowingly collect personal information from children, and we do not sell or share personal information of consumers we know to be under 16 without opt-in consent. If you believe we have inadvertently collected information from a minor, please contact us at contact@getshelter.co and we will promptly delete it.

9. Your Rights and Choices

While only required by a relatively small number of US states, we provide the following options to all U.S. consumers, regardless of your state of residence:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
  • Right to Access — obtain a copy of your personal information in a portable format.
  • Right to Correct — request that we correct inaccurate information.
  • Right to Delete — request deletion of your personal information, subject to certain exceptions (e.g., legal obligations).
  • Right to Opt Out of Marketing Emails — click “Unsubscribe” in any marketing email or contact us directly.
  • Right to Non-Discrimination — we will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised any of these rights.

How to Submit a Request To exercise any of the rights above, submit a verifiable consumer request to contact@getshelter.co with the subject line “Data Privacy Request.” Your request must include sufficient information for us to verify your identity and locate your records, including the name and email address associated with your purchase.

Response Timing. We will acknowledge receipt of your request within ten (10) business days. We will respond substantively to your request within forty-five (45) days of receipt. If we reasonably require additional time to respond, we will notify you within the initial 45-day period and may extend our response by an additional forty-five (45) days, for a maximum total response period of ninety (90) days from the date of receipt. We will explain the reason for any extension in our notice to you.

Identity Verification. To protect your information, we will verify your identity before fulfilling access, correction, or deletion requests. Verification is typically done by confirming the email address associated with your account. We may request additional information if we are unable to verify your identity through email alone.

Authorized Agents. You may designate an authorized agent to submit a privacy rights request on your behalf. To do so, the authorized agent must provide written proof of your authorization, such as a signed permission letter or power of attorney. We may contact you directly to confirm that you authorized the agent to act on your behalf, but we will not use that contact as an opportunity to require you to re-verify your identity independently or to otherwise delay or deny the request. To exercise any of these rights, contact us at contact@getshelter.co.

Appeals. If we deny your rights request in whole or in part, you may appeal our decision by emailing contact@getshelter.co with the subject line “Privacy Request Appeal” within 60 days of receiving our denial. We will respond to your appeal within 45 days. If your appeal is denied, you may contact the attorney general in your state of residence for further recourse.

10. Security

We use a Zero-Knowledge Architecture, including AES-256 for data at rest and TLS encryption for data in transit, to protect your personal information. Because we use a Zero-Knowledge Architecture, the only way to reset your password is by using your recovery code. Consequently, we cannot recover or decrypt your vault data if you lose both your password and your recovery code.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page.

For material changes — meaning changes that affect how we collect, use, or share your personal information in ways that are materially different from what was previously disclosed — we will provide at least 15 days advance notice before the changes take effect. Notice will be provided by email to the address associated with your account.

Continued use of our website after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

13. Geographic Scope

This website and our products are intended for customers located in the United States. If you are accessing this site from outside the United States, including from the European Union, you do so at your own initiative and are responsible for compliance with your local laws. We do not represent that this site is appropriate or available for use in other jurisdictions.