Sholu

Legal

Privacy Policy

Last updated: April 2, 2026

1. Who Controls Sholu

Sholu operates the public website sholu.app. The current public operator contact for Sholu is Batyr Raiymbek, reachable at support@sholu.app. If the operating entity or contact details change, we will update this policy and the effective date on this page.

2. Data We Collect

Account Data

When you register or manage your account, we collect:

  • Email address - required for authentication and account communications
  • Password - required and stored only as a bcrypt hash
  • Display name - optional, shown with forum posts and contributions if you choose to provide one

If you do not provide the required account data, you cannot create an account or use account-only features.

Usage and Device Data

We automatically collect limited technical data, including:

  • IP address and browser user agent in server logs
  • Pages visited, features used, and basic operational events
  • Language preference stored in the NEXT_LOCALE cookie

User Content

Forum posts, article contributions, quiz activity, support requests, and Komekshi conversation history that you choose to submit may be stored on our systems.

3. Why We Process Your Data

We process personal data only for defined platform purposes. Depending on the context, our legal bases are performance of our contract with you, our legitimate interests in operating and securing Sholu, compliance with legal obligations, and your consent where a feature specifically depends on it.

  • Account creation, login, and recovery (contract) - to provide the service you request
  • Transactional emails (contract / legitimate interests) - to verify accounts, reset passwords, and send account-related notices
  • Content moderation and abuse prevention (legitimate interests) - to enforce the Terms, investigate reports, and protect the community
  • Security and service operations (legitimate interests / legal obligations) - to detect fraud, rate-limit abuse, troubleshoot incidents, and keep the platform reliable
  • Product improvement (legitimate interests) - to review aggregated usage patterns and improve navigation, content workflows, and performance
  • AI features (contract / user request) - to process prompts you intentionally send to Komekshi and return AI-generated responses
  • Legal compliance (legal obligations / legitimate interests) - to keep records, respond to lawful requests, and resolve disputes when required

4. Service Providers and Transfers

ServicePurposeData Shared
Google Gemini APIKomekshi AI responsesPrompts, conversation context, and response data needed for the feature
ResendTransactional email deliveryEmail address and message content required to send the email
Esri / OpenStreetMapMap tiles and geospatial displayIP address and standard browser request data sent during tile requests

We share only the data needed for the relevant feature. Some providers may process data outside Kazakhstan or the EEA. When cross-border processing occurs, we rely on the provider's available contractual, technical, and organizational safeguards and limit the data sent to what the feature requires.

5. Cookies and Local Storage

Sholu uses a minimal set of browser storage tools:

  • NEXT_LOCALE cookie - remembers your chosen public language
  • Browser localStorage - stores authentication tokens needed to keep you signed in

We do not currently use advertising cookies on the public site.

6. Data Retention

  • Account data - retained while your account is active and for a reasonable period afterward when needed for security, fraud prevention, dispute handling, or legal compliance
  • Forum posts and article contributions - may remain as part of the public knowledge base or moderation records unless removal is required or approved
  • Komekshi conversations - retained until removed at your request and, where available, through product controls, subject to limited retention for security or legal obligations
  • Server logs - retained only as long as operationally necessary and rotated according to infrastructure limits rather than a guaranteed fixed number of days

7. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or export your personal data, and to withdraw consent where we rely on consent. You may also have the right to complain to your local data protection authority, other competent regulator, or court.

Sholu does not currently offer a full self-service privacy dashboard. To make a rights request, email support@sholu.app from the email address tied to your account or include enough information for us to verify your identity. Some requests may be limited where the law allows or requires us to keep specific records.

8. Security

We protect your data with:

  • HTTPS encryption on all connections
  • Bcrypt password hashing
  • JWT tokens with short expiry and refresh rotation
  • Rate limiting on authentication endpoints
  • Content Security Policy headers

No internet service can guarantee absolute security, but we work to reduce risk and respond quickly to operational incidents.

9. Children's Privacy

Sholu is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child under 13 has provided personal data to Sholu, contact us at support@sholu.app and we will review and remove the data as required by applicable law.

10. Changes to This Policy

We may update this policy from time to time. We will change the "Last updated" date on this page and, for material changes, may provide additional notice such as an email or an in-product notice before the change takes effect when reasonably possible.

11. Contact

For privacy questions, rights requests, or complaints, email support@sholu.app. Please include the email address tied to your account and a short description of your request.
Terms of ServiceBack to Sholu