SHMLV (shmlv.) is the brand of Denis Shumilov, an independent developer based in Ukraine. this policy explains what personal data is handled, why it is used, and which service providers receive it.
what is collected
- website and hosting providers may process basic technical data such as IP address, browser details, page URL, referrer, and request logs.
- Paddle.com processes checkout and payment for current purchases as Merchant of Record. Paddle and shmlv. may process data such as name, email address, country, transaction and customer identifiers, product purchased, price, payment status, refund status, and tax information.
- Payhip data is retained only where needed to support purchases made through the former Payhip checkout, including legacy order, receipt, billing, refund, and entitlement records.
- if you use a shmlv. account, the account service processes your sign-in email, password credential records where applicable, session records, verification state, product entitlements, download availability, download events, and basic security data needed to protect paid files.
- passwords are not stored as plain text; the account system stores salted password hashes.
- download files, account records, and entitlement data may be stored using Cloudflare services.
- transactional account emails may be sent through Resend.
- if you use Google sign-in, Google returns the account information needed to authenticate you, such as email identity.
- if you contact support, shmlv. may receive your name, email, order details, DAW and OS information, message content, and any screenshots or files you choose to share.
- if you join the Select launch list, shmlv. processes your email address, consent record, subscription status, signup receipt, and unsubscribe state. if you apply for the sndwch beta, shmlv. also processes the DAW or host, Windows version, testing focus, optional music or profile link, and email-confirmation state for that application.
- with your separate analytics choice, the site stores first-party pseudonymous measurement data: a random visitor ID, a per-tab session ID, the first landing-page path, the referring host, UTM source, medium, campaign, content, and term values, an allowlisted experiment and variant ID when a test is active, plus allowlisted events such as landing view, product view, demo play, command selection, interest submission, primary action, compatibility, and checkout state. client analytics events do not contain your email, name, account ID, Paddle customer or transaction ID, or message text.
- if you submit a product-interest request after allowing analytics, the request may include that pseudonymous attribution so shmlv. can understand which first-touch source led to the request. if you open Paddle checkout after allowing analytics, the persistent visitor ID is also sent to Paddle in checkout custom data as a conversion ID.
- this site does not run advertising trackers.
how data is used
- to confirm Paddle and legacy Payhip purchases, grant the correct product entitlement, and deliver paid files.
- to let you sign in, recover downloads, access beta builds when provided, and view product entitlements.
- to issue short-lived download tokens and protect paid files from abuse.
- to handle license, refund, and support questions.
- to send service messages about downloads, updates, account verification, password resets, and order issues.
- to send the Select signup receipt and the one launch email you requested, process an unsubscribe, or confirm, manually review, and follow up on a sndwch beta application.
- to measure pseudonymous first-party product interactions and, after you allow analytics, relate interest or checkout outcomes to first-touch page, referrer, and campaign attribution so product explanations and checkout paths can be improved.
- to keep accounting, tax, legal, and dispute-resolution records.
shmlv. does not sell personal data and does not use these records for automated decisions about people or for advertising profiles.
how data is shared
data is shared only when needed to run the business or comply with law. that may include Paddle for current checkout, billing, tax, receipts, payment-related buyer support, refunds, order events, and—only after analytics consent—the pseudonymous conversion ID in checkout custom data; Payhip for legacy order support and records; Cloudflare for hosting, accounts, private download storage, product-interest and attribution records, pseudonymous product events, security checks, and logs; Google for optional sign-in and YouTube pages or embeds you choose to open; Resend for transactional account emails, the Select signup receipt and launch email, and sndwch application confirmation; and professional advisers or authorities where required.
retention
purchase and billing records are kept as long as reasonably needed for tax, accounting, and legal purposes. account, entitlement, session, and download records are kept only as long as reasonably needed to provide access, prevent abuse, support refunds, and maintain security. support emails are kept as long as needed to resolve the request. Select launch subscriptions are kept through the requested launch communication or until the person unsubscribes. unconfirmed sndwch applications are removed after a short confirmation period, and confirmed applications are kept only through the relevant review or beta cycle. pseudonymous product-event and attribution records are retained for a limited measurement period and may then be deleted or aggregated. browser attribution identifiers and their first-touch values expire after 90 days; if analytics remains allowed, a later visit may create a new identifier.
your rights, cookies, and contact
depending on your location, you may have rights to access, correct, delete, restrict, or port personal data. every Select signup receipt includes an unsubscribe link; you may also email [email protected] to make a request or withdraw any product-interest request. shmlv. does not use advertising cookies. the analytics choice, pseudonymous visitor ID, and first-touch attribution are stored in local browser storage; the per-tab session ID is stored in session storage. no analytics identifier is created and no analytics event is sent before you allow analytics. declining analytics or reopening Privacy choices clears the attribution identifiers stored by this site, and clearing site storage also resets them. when the browser sends Global Privacy Control, analytics remains disabled and stored attribution identifiers are cleared. if you sign in, the account system uses secure HTTP-only cookies for your account session and, during Google sign-in, a short-lived OAuth state check. third-party services such as Paddle, Cloudflare, Google, and YouTube may process request data or use their own cookies under their own policies when their resources are loaded, when checkout is opened, or when you open their pages.