Passwords have aged badly. They’re forgotten, reused across sites, leaked in breaches, and stolen by phishing. For a family app, where the people signing in include grandparents and teenagers, a password is one more thing to lose.

Shoal sign-in is just an email address. We send you a link. You click it. You’re in.

How it’s implemented

  • A login token is generated, signed with HMAC, and stored in Cloudflare KV with a 15-minute TTL.
  • The link in your email contains a one-time token. Following it consumes the token immediately.
  • An “intent confirmation” page protects against email scanners that prefetch URLs — a common cause of magic links being silently consumed before the user clicks them.
  • Successful authentication issues a JWT session token, which lives on your device only.

What we track

We need to know your email and that you have access to it. That’s it. There are no analytics on your sign-in, no fingerprinting, no behavioural tracking.

Account recovery

If you lose access to your email, you’ll need to contact us — we’ll go through identity verification and help you regain access to your families. The encryption is structural, not cosmetic, so we can’t bypass it: this means a recovery process that’s deliberately slower than “click reset password,” in exchange for an account that’s actually secure.