Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our link collection and sharing platform.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our service, we collect:

Account Information: Name, email address, profile picture, and authentication credentials
Profile Data: Bio, social links, and preferences
Content: Collections, links, descriptions, tags, and custom metadata you create
Communications: Support tickets, feedback, and correspondence with us
Payment Information: Billing details and transaction history (processed securely through our payment providers)

1.2 Information We Collect Automatically

When you use our service, we automatically collect:

Usage Data: Features used, actions taken, clicks, and interaction patterns
Device Information: Browser type, operating system, device identifiers, and screen resolution
Connection Data: IP address, location data (country/region level), and timezone
Analytics Data: Page views, session duration, referral sources, and navigation paths
Collection Analytics: View counts, click-through rates, and voting data on public collections

1.3 Information from Third Parties

We may receive information from:

OAuth Providers: Basic profile information when you sign in with Google, GitHub, or other providers
Link Metadata: Titles, descriptions, and thumbnails automatically extracted from linked content
Team Members: Information shared by team administrators when adding you to team accounts

2. How We Use Your Information

2.1 To Provide Our Service

Create and manage your account
Store and organize your collections and links
Enable sharing and collaboration features
Process transactions and manage subscriptions
Provide customer support and respond to inquiries

2.2 To Improve and Develop

Analyze usage patterns to improve features
Develop new functionality and services
Conduct research and analytics
Test and troubleshoot issues
Personalize your experience and recommendations

2.3 To Communicate

Send service updates and important notices
Provide security alerts and authentication codes
Share product announcements and feature updates (with your consent)
Send marketing communications (you can opt-out anytime)

2.4 For Safety and Security

Detect and prevent fraud, abuse, and security incidents
Verify accounts and authenticate users
Enforce our terms of service and policies
Comply with legal obligations and protect rights

3. How We Share Your Information

3.1 With Your Consent

We share information when you explicitly authorize us to do so:

Public collections are visible to anyone with the link
Shared collections are accessible to specified users
Team data is shared with team members based on permissions
Profile information may be visible on public collections you create

3.2 With Service Providers

We work with trusted third-party services that help us operate:

Infrastructure: Cloud hosting and content delivery networks
Authentication: Supabase for secure user authentication
Payments: Stripe or similar processors for billing
Analytics: Tools to understand usage and improve service
Communications: Email and notification delivery services

These providers are contractually obligated to protect your information and only use it as directed by us.

3.3 For Legal Reasons

We may disclose information when required to:

Comply with legal obligations and court orders
Respond to lawful requests from public authorities
Protect our rights, property, and safety
Investigate potential violations of our terms

3.4 Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We'll notify you of any change in ownership or control.

4. Data Retention

We retain your information for as long as necessary to:

Provide you with our services
Comply with legal obligations
Resolve disputes and enforce agreements
Maintain security and prevent fraud

When you delete your account, we remove your personal information within 30 days, except where we're required to retain it for legal purposes. Some anonymized data may be retained for analytics.

5. Your Privacy Rights

You have the right to:

5.1 Access and Portability

Request a copy of your personal information
Export your collections and links in standard formats
Access your data through our API

5.2 Correction and Deletion

Update or correct your information through account settings
Delete specific collections, links, or content
Request deletion of your entire account

5.3 Control and Consent

Manage privacy settings for collections (public/private/shared)
Opt-out of marketing communications
Control cookie preferences
Withdraw consent for data processing where applicable

5.4 Restriction and Objection

Request restriction of processing in certain circumstances
Object to processing based on legitimate interests
Lodge complaints with supervisory authorities

6. Security Measures

We implement comprehensive security measures to protect your data:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Access Controls: Role-based permissions and multi-factor authentication
Infrastructure: Secure cloud hosting with regular security updates
Monitoring: Continuous security monitoring and intrusion detection
Auditing: Regular security assessments and penetration testing
Employee Training: Security awareness and data handling procedures
Incident Response: Established procedures for security incidents

Despite our efforts, no system is completely secure. We encourage you to use strong passwords and enable two-factor authentication.

7. Cookies and Tracking

7.1 Essential Cookies

Required for the service to function properly:

Authentication and session management
Security tokens and CSRF protection
Language and accessibility preferences

7.2 Analytics Cookies

Help us understand usage and improve the service:

Page views and navigation paths
Feature usage and interaction patterns
Performance monitoring and error tracking

7.3 Marketing Cookies

Used with your consent for:

Measuring advertising effectiveness
Remarketing and personalized ads
Social media integration

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may limit functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Standard contractual clauses approved by regulatory authorities
Data processing agreements with all service providers
Compliance with applicable data protection frameworks
Selection of providers with strong privacy practices

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

For users aged 13-18, we recommend parental guidance and may require parental consent in certain jurisdictions.

10. Third-Party Links and Services

Our service allows you to save and share links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

When you use integrations or connect third-party services, you authorize limited data sharing necessary for the integration to function.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information we collect and how it's used
Right to delete personal information (with exceptions)
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at hello@shelfy.today.

12. European Privacy Rights (GDPR)

If you're located in the European Economic Area, you have additional rights under GDPR:

Legal Basis: We process data based on consent, contract performance, legitimate interests, or legal obligations
Data Protection Officer: Contact our DPO at hello@shelfy.today
Supervisory Authority: You may lodge complaints with your local data protection authority
Data Portability: Request your data in a structured, machine-readable format

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We'll notify you of material changes via:

Email notification to your registered address
Prominent notice within the service
Update to the "Last updated" date

We encourage you to review this policy periodically. Continued use after changes indicates acceptance of the updated policy.

14. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us:

Email: hello@shelfy.today
Support: hello@shelfy.today
Data Protection Officer: hello@shelfy.today
Address: [Your Company Address]

We aim to respond to all privacy-related inquiries within 30 days.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our service, we collect:

Account Information: Name, email address, profile picture, and authentication credentials
Profile Data: Bio, social links, and preferences
Content: Collections, links, descriptions, tags, and custom metadata you create
Communications: Support tickets, feedback, and correspondence with us
Payment Information: Billing details and transaction history (processed securely through our payment providers)

1.2 Information We Collect Automatically

When you use our service, we automatically collect:

Usage Data: Features used, actions taken, clicks, and interaction patterns
Device Information: Browser type, operating system, device identifiers, and screen resolution
Connection Data: IP address, location data (country/region level), and timezone
Analytics Data: Page views, session duration, referral sources, and navigation paths
Collection Analytics: View counts, click-through rates, and voting data on public collections

1.3 Information from Third Parties

We may receive information from:

OAuth Providers: Basic profile information when you sign in with Google, GitHub, or other providers
Link Metadata: Titles, descriptions, and thumbnails automatically extracted from linked content
Team Members: Information shared by team administrators when adding you to team accounts

2. How We Use Your Information

2.1 To Provide Our Service

Create and manage your account
Store and organize your collections and links
Enable sharing and collaboration features
Process transactions and manage subscriptions
Provide customer support and respond to inquiries

2.2 To Improve and Develop

Analyze usage patterns to improve features
Develop new functionality and services
Conduct research and analytics
Test and troubleshoot issues
Personalize your experience and recommendations

2.3 To Communicate

Send service updates and important notices
Provide security alerts and authentication codes
Share product announcements and feature updates (with your consent)
Send marketing communications (you can opt-out anytime)

2.4 For Safety and Security

Detect and prevent fraud, abuse, and security incidents
Verify accounts and authenticate users
Enforce our terms of service and policies
Comply with legal obligations and protect rights

3. How We Share Your Information

3.1 With Your Consent

We share information when you explicitly authorize us to do so:

Public collections are visible to anyone with the link
Shared collections are accessible to specified users
Team data is shared with team members based on permissions
Profile information may be visible on public collections you create

3.2 With Service Providers

We work with trusted third-party services that help us operate:

Infrastructure: Cloud hosting and content delivery networks
Authentication: Supabase for secure user authentication
Payments: Stripe or similar processors for billing
Analytics: Tools to understand usage and improve service
Communications: Email and notification delivery services

These providers are contractually obligated to protect your information and only use it as directed by us.

3.3 For Legal Reasons

We may disclose information when required to:

Comply with legal obligations and court orders
Respond to lawful requests from public authorities
Protect our rights, property, and safety
Investigate potential violations of our terms

3.4 Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We'll notify you of any change in ownership or control.

4. Data Retention

We retain your information for as long as necessary to:

Provide you with our services
Comply with legal obligations
Resolve disputes and enforce agreements
Maintain security and prevent fraud

When you delete your account, we remove your personal information within 30 days, except where we're required to retain it for legal purposes. Some anonymized data may be retained for analytics.

5. Your Privacy Rights

You have the right to:

5.1 Access and Portability

Request a copy of your personal information
Export your collections and links in standard formats
Access your data through our API

5.2 Correction and Deletion

Update or correct your information through account settings
Delete specific collections, links, or content
Request deletion of your entire account

5.3 Control and Consent

Manage privacy settings for collections (public/private/shared)
Opt-out of marketing communications
Control cookie preferences
Withdraw consent for data processing where applicable

5.4 Restriction and Objection

Request restriction of processing in certain circumstances
Object to processing based on legitimate interests
Lodge complaints with supervisory authorities

6. Security Measures

We implement comprehensive security measures to protect your data:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Access Controls: Role-based permissions and multi-factor authentication
Infrastructure: Secure cloud hosting with regular security updates
Monitoring: Continuous security monitoring and intrusion detection
Auditing: Regular security assessments and penetration testing
Employee Training: Security awareness and data handling procedures
Incident Response: Established procedures for security incidents

Despite our efforts, no system is completely secure. We encourage you to use strong passwords and enable two-factor authentication.

7. Cookies and Tracking

7.1 Essential Cookies

Required for the service to function properly:

Authentication and session management
Security tokens and CSRF protection
Language and accessibility preferences

7.2 Analytics Cookies

Help us understand usage and improve the service:

Page views and navigation paths
Feature usage and interaction patterns
Performance monitoring and error tracking

7.3 Marketing Cookies

Used with your consent for:

Measuring advertising effectiveness
Remarketing and personalized ads
Social media integration

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may limit functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Standard contractual clauses approved by regulatory authorities
Data processing agreements with all service providers
Compliance with applicable data protection frameworks
Selection of providers with strong privacy practices

9. Children's Privacy

For users aged 13-18, we recommend parental guidance and may require parental consent in certain jurisdictions.

10. Third-Party Links and Services

Our service allows you to save and share links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

When you use integrations or connect third-party services, you authorize limited data sharing necessary for the integration to function.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information we collect and how it's used
Right to delete personal information (with exceptions)
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at hello@shelfy.today.

12. European Privacy Rights (GDPR)

If you're located in the European Economic Area, you have additional rights under GDPR:

Legal Basis: We process data based on consent, contract performance, legitimate interests, or legal obligations
Data Protection Officer: Contact our DPO at hello@shelfy.today
Supervisory Authority: You may lodge complaints with your local data protection authority
Data Portability: Request your data in a structured, machine-readable format

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We'll notify you of material changes via:

Email notification to your registered address
Prominent notice within the service
Update to the "Last updated" date

We encourage you to review this policy periodically. Continued use after changes indicates acceptance of the updated policy.

14. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us:

Email: hello@shelfy.today
Support: hello@shelfy.today
Data Protection Officer: hello@shelfy.today
Address: [Your Company Address]

We aim to respond to all privacy-related inquiries within 30 days.

Privacy Policy

Last updated: January 3, 2025

1. Information We Collect

1.1 Information You Provide

1.2 Information We Collect Automatically

1.3 Information from Third Parties

2. How We Use Your Information

2.1 To Provide Our Service

2.2 To Improve and Develop

2.3 To Communicate

2.4 For Safety and Security

3. How We Share Your Information

3.1 With Your Consent

3.2 With Service Providers

3.3 For Legal Reasons

3.4 Business Transfers

4. Data Retention

5. Your Privacy Rights

5.1 Access and Portability

5.2 Correction and Deletion

5.3 Control and Consent

5.4 Restriction and Objection

6. Security Measures

7. Cookies and Tracking

7.1 Essential Cookies

7.2 Analytics Cookies

7.3 Marketing Cookies

8. International Data Transfers

9. Children's Privacy

10. Third-Party Links and Services

11. California Privacy Rights (CCPA)

12. European Privacy Rights (GDPR)

13. Changes to This Policy

14. Contact Us

Privacy Policy

Last updated: January 3, 2025

1. Information We Collect

1.1 Information You Provide

1.2 Information We Collect Automatically

1.3 Information from Third Parties

2. How We Use Your Information

2.1 To Provide Our Service

2.2 To Improve and Develop

2.3 To Communicate

2.4 For Safety and Security

3. How We Share Your Information

3.1 With Your Consent

3.2 With Service Providers

3.3 For Legal Reasons

3.4 Business Transfers

4. Data Retention

5. Your Privacy Rights

5.1 Access and Portability

5.2 Correction and Deletion

5.3 Control and Consent

5.4 Restriction and Objection

6. Security Measures

7. Cookies and Tracking

7.1 Essential Cookies

7.2 Analytics Cookies

7.3 Marketing Cookies

8. International Data Transfers

9. Children's Privacy

10. Third-Party Links and Services

11. California Privacy Rights (CCPA)

12. European Privacy Rights (GDPR)

13. Changes to This Policy

14. Contact Us