Version 2.1.0 • Effective June 1, 2026
This Privacy Policy describes how Shako Statistics LLC ("Shako Stats," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website at https://shakostats.com and our marketing measurement and analytics service (collectively, the "Service").
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
Shako Stats provides a software-as-a-service platform for marketing measurement, including geo-incrementality testing, media mix modeling, forecasting, and related analytics. This Policy covers personal information we process when you visit our website, sign up for an account, use the Service, communicate with us, or otherwise interact with us.
This Policy does not cover information practices of third parties whose websites or services may link to or from the Service.
We collect the following categories of information.
When you create an account, we collect:
If you apply for early access, we collect your responses to application questions, including: your reason for interest, the marketing metrics you track, the marketing tools you use, where you heard about us, whether you are willing to provide feedback, and any feature requests you provide.
If you subscribe to a paid plan, we collect billing-related information through our payment processor, Stripe. Full payment card details are entered directly into Stripe and are not stored on our servers. We retain a Stripe customer identifier, subscription status, plan, and high-level billing records (invoices, payment dates).
The Service allows you to upload datasets (CSV, XLSX, or parquet files) containing marketing performance data — typically location identifiers (such as DMA, ZIP, or state), dates, conversion or sales counts, advertising spend, and optional covariates. We refer to this as "Customer Data."
You should not upload personal information (such as names, email addresses, customer-level identifiers, or other directly identifying information) unless you have a lawful basis to do so under applicable law and have hashed or otherwise pseudonymized the data prior to upload. You are responsible for the legality of Customer Data you upload.
When you use the Service, we automatically collect:
If you email us, fill out a contact form, or communicate with our support team, we collect the contents of those communications and any information you choose to provide.
If you sign in using Google OAuth, we receive your Google account ID, name, email address, and profile picture URL from Google. We use this information solely to create and authenticate your account.
We do not access, collect, or store your Google Ads, Google Analytics, Google Search Console, Gmail, Drive, or any other Google service data through this authentication. If we offer optional integrations with such Google services in the future, we will request additional consent at that time, disclose what data we will access, and only use that data for the specific purpose you authorize.
We do not transfer Google user data to third parties except as necessary to provide the authentication and account features (for example, to our Google Cloud hosting environment), to comply with applicable law, or as part of a merger, acquisition, or sale of assets.
We use the information described above to:
We use the following third-party service providers ("subprocessors") to operate the Service. Each subprocessor receives only the information necessary to perform its function and is contractually bound to protect that information.
| Subprocessor | Purpose | Location | Data Processed |
|---|---|---|---|
| Google Cloud Platform | Application hosting, file storage (Google Cloud Storage), background job queue (Cloud Tasks), text-to-speech | United States | All Service data including Customer Data |
| Stripe | Payment processing (PCI DSS Level 1) | United States | Billing details (entered directly into Stripe) |
| Resend | Transactional and product email delivery | United States | Recipient email, name, message content |
| Google (OAuth) | Sign-in with Google | United States | OAuth identifier, email, name, profile picture |
| Google Analytics 4 / Google Tag Manager | Website usage analytics and tag management | United States | Page views, IP address (truncated), device and browser type, referrer, anonymous identifiers via cookies |
| ipapi.co | One-time country detection at signup | United States / EU | Visitor IP address |
Our public, current Subprocessor List is also available at /subprocessors. We will provide at least 15 days' advance notice of any new subprocessor that will process Customer Data, by email or in-product notice.
We use cookies and similar technologies to operate the Service and to measure how the marketing site is used. Detailed information is in our Cookie Policy. Summary:
shako_session_v1, shako_csrf_v1) — keep you signed in and protect against cross-site request forgery. The Service cannot function without these.We do not respond to "Do Not Track" browser signals at this time.
We do not sell or rent personal information. We share personal information only as follows:
We do not share Customer Data with advertisers, data brokers, or AI/model training providers.
We retain personal information only as long as necessary for the purposes described in this Policy, unless a longer period is required by law. Specific retention windows include:
| Category | Retention |
|---|---|
| Account profile and credentials | For the life of your account; deleted within 90 days after account closure (except as needed for legal, tax, or fraud-prevention purposes) |
| Customer Data uploaded files (CSV, XLSX, parquet) | 2 years from upload, then automatically deleted |
| Test configurations, results, and Output | For the life of your account (and for the 30-day post-termination export window described in the Terms of Service) |
| Audit logs (login, legal acceptance, administrative actions) | 7 years |
| Billing records | 7 years (tax and legal recordkeeping) |
| Support communications | 3 years from the last interaction |
| Aggregated Data | Indefinitely (cannot be re-identified) |
You may request deletion of your account and personal information at any time by emailing info@shakostats.com. Some information may be retained as required by law or to resolve disputes.
We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including:
No security measures are perfect. We cannot guarantee that personal information, Customer Data, or Output will not be accessed, disclosed, altered, lost, or destroyed by unauthorized parties or as a result of hardware, software, or third-party subprocessor failure. You are responsible for maintaining the security of your account credentials and for keeping your own copies of any Customer Data important to you. If you believe your account has been compromised, contact us at info@shakostats.com. Any liability of Shako Stats arising from a security incident, data loss, data corruption, or unauthorized access — to the extent any liability exists and is not otherwise excluded by law — is subject to the disclaimers and limitations in Sections 12 and 13 of the Terms of Service, and to the data-loss provision in Section 5.5 of the Terms of Service. Nothing in this Section 8 expands or modifies those limitations.
We may use Aggregated Data — Customer Data that has been de-identified and combined with data from multiple customers such that no individual or organization can be identified or re-identified — to improve our statistical models, generate industry benchmarks, conduct research, and develop new features.
We do not sell Customer Data. We do not use identifiable Customer Data to train artificial intelligence or machine learning models. We do not share identifiable Customer Data with any third-party AI or model provider.
Regardless of where you live, you can:
To exercise these rights, email info@shakostats.com. We will respond within a reasonable time, generally within 30 days. We may need to verify your identity before fulfilling a request.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended:
You may submit a request by emailing info@shakostats.com. You may also designate an authorized agent to make a request on your behalf, subject to verification.
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comparable privacy laws have rights similar to those described in Section 10.2. We honor requests from residents of those states on the same basis. Contact info@shakostats.com.
The Service is operated from the United States and is currently directed at U.S.-based customers. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with comprehensive privacy law, certain rights (such as access, rectification, erasure, restriction, portability, and objection) may apply under your local law. We will honor reasonable requests on a case-by-case basis. Contact info@shakostats.com. We do not currently offer Standard Contractual Clauses, a Data Processing Addendum, or appoint an EU/UK representative; if your organization requires those instruments, please contact us before signing up.
The Service is operated from the United States, and personal information you provide will be transferred to, stored, and processed in the United States and other countries where our subprocessors operate. By using the Service, you consent to this transfer. If your local law prohibits or restricts the transfer of personal information to the United States, do not use the Service.
The Service is intended for business users and is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please email info@shakostats.com and we will take steps to delete it.
We may update this Privacy Policy from time to time. Material changes (such as new categories of information collected, new uses, or new subprocessors processing Customer Data) will be communicated by email and by an in-product notice at least 15 days before they take effect. Non-material changes take effect on posting, with the "Effective Date" updated above.
We encourage you to review this Policy periodically.
For privacy questions or to exercise your rights:
For security-related concerns: info@shakostats.com.