Privacy Policy

We collect the following information when you use ShelfSafe:

• Account information — your email address and password (stored as a secure hash)
• Store information — store name, timezone, and alert preferences
• Product data — product names, expiry dates, batch quantities, and unit costs you enter
• Usage data — sales logs, waste logs, and activity within the application
• Device tokens — push notification tokens if you enable mobile alerts

We do not collect payment card details directly. Payments are processed by our payment provider and subject to their privacy policy.

Your information is used to:

• Provide and operate the ShelfSafe service
• Send expiry alert notifications and email digests
• Generate AI-powered inventory recommendations (after 30 days of data)
• Respond to support requests
• Improve the service based on aggregated, anonymised usage patterns

We will not use your data for any purpose that is incompatible with these purposes without your explicit consent.

Your data is stored securely using Supabase, a hosted database platform. Data is stored in the EU (West region) and protected by industry-standard encryption at rest and in transit.

Supabase's infrastructure is built on AWS and complies with SOC 2 Type II standards. You can review Supabase's security practices at supabase.com/security.

AI recommendation features use the Anthropic Claude API. When generating recommendations, we transmit limited, aggregated inventory data (product names and expiry windows only — no personal data) to Anthropic's API. This data is not retained by Anthropic beyond the API request.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We share data only with:

• Supabase — for database storage and authentication
• Resend — to deliver email notifications (email address only)
• Anthropic — for AI recommendations (aggregated inventory data only)
• Expo — to deliver push notifications (device tokens only)

We may disclose data if required by law or to protect the rights, property, or safety of ShelfSafe, its users, or the public.

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days and then permanently deleted. You may request earlier deletion by contacting us.

Anonymised, aggregated usage statistics may be retained indefinitely.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Export your data in a machine-readable format
• Object to or restrict certain types of processing

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

ShelfSafe uses session cookies solely to maintain your authenticated session. We do not use tracking or advertising cookies.

For privacy-related questions or to exercise your rights, contact us at support@shelfsafe.io.