Privacy Policy

1. Introduction

TrackYourShelves ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management platform, including our web application at trackyourshelves.com and our native mobile apps for iOS and Android.

2. Information We Collect

Personal Information

We collect information you provide directly, including:

• Name and contact information (email, phone number)
• Address information (for residential accounts)
• Company information (for commercial accounts)
• Account credentials
• Payment information (processed securely through Stripe)

Inventory Data

We collect and store inventory data you enter, including:

• Item names, descriptions, and categories
• Quantities, locations, and values
• Photos and documents you upload
• Purchase dates and warranty information

Automatically Collected Information

• Device information and browser type
• IP address and location data
• Usage patterns and preferences
• Cookies and similar technologies

Mobile App Information

When you use the TrackYourShelves mobile app for iOS or Android, we additionally collect or request access to:

• Camera access — used only when you scan a barcode to look up or add an inventory item, or when you photograph a warranty receipt. Camera frames are processed on-device; we do not upload raw video.
• Photo library access — used only when you choose to attach a photo to an inventory item, warranty, wishlist entry, or family member avatar.
• Push-notification permission — used to send reminders for expiring items, warranty expirations, maintenance tasks, medication refills, lending returns, and appointments. You can opt out in the app's Settings or in your device's notification settings.
• Push notification device token — a device-specific identifier (issued by Apple or Google) that we store only to deliver your notifications. It is not used for advertising or cross-app tracking. Revoked automatically on sign-out.
• Diagnostic and crash data — when the app hits an error we collect the error message, stack trace, route, app version, OS version, device class (e.g. iPhone 15 Pro), and a small breadcrumb trail of recent in-app actions, to help us fix bugs. We do not include inventory contents or message text in diagnostic payloads.
• Biometric authentication — if you enable Face ID, Touch ID, or Android fingerprint unlock, biometric data never leaves your device. We only receive a yes/no unlock signal from the OS.

The mobile app does not include third-party advertising SDKs, cross-app tracking, or analytics tools that share your data with external services.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process transactions and send related information
• Send administrative messages and updates
• Respond to your inquiries and provide support
• Improve and personalize your experience
• Analyze usage patterns to enhance the Service
• Detect and prevent fraud or security issues
• Comply with legal obligations

4. Information Sharing

We do not sell your personal information. We may share information with:

• Service Providers: Third parties that help us operate the Service (payment processors, hosting providers, email services)
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize sharing

5. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.2+ encryption of all data in transit
• Encryption of data at rest on our managed Postgres provider
• Hashed-and-salted password storage (bcrypt)
• Scoped, rotating auth tokens with short expiry
• Biometric-unlock option on mobile (data stays on-device)
• Rate-limited authentication and abuse detection
• Regular dependency audits and security patching
• Access controls and audit logging for staff actions

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Breach notification

If we become aware of a breach of security that results in the unauthorized disclosure of your personal information, we will notify you without undue delay, consistent with applicable law, through the email address on your account or another prominent means.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@trackyourshelves.com with a description and proof-of-concept. We will acknowledge receipt within 72 hours and work with you in good faith on remediation. Please do not publicly disclose vulnerabilities until we have had reasonable time to respond.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention windows:

• Account profile & inventory data: retained until you request deletion, then permanently removed within 30 days.
• Payment records: retained for 7 years to comply with U.S. tax and accounting obligations.
• Support tickets: retained for 3 years to help us improve service quality and for dispute resolution.
• Crash / diagnostic logs: retained for 90 days then purged.
• Push notification tokens: deleted when you sign out of a device or uninstall the mobile app.
• Backups: rolling encrypted backups retained for up to 90 days; deletion requests propagate to backups within that window.

We may retain de-identified or aggregated data indefinitely for analytics, product improvement, and reporting.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your personal information
• Export your data in a portable format (JSON / CSV)
• Opt out of certain data processing
• Withdraw consent for specific uses
• Lodge a complaint with a data-protection authority

To exercise these rights, contact us at privacy@trackyourshelves.com. We will verify your identity before responding and aim to respond within 30 days (or any shorter period required by law).

California residents (CCPA / CPRA)

If you are a California resident, you have the rights described in the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what categories of personal information we have collected about you, the sources, the purposes for collecting it, and with whom it is shared.
• Right to delete your personal information, subject to limited exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of personal information for cross-context behavioural advertising. We do not sell or share your personal information for advertising purposes.
• Right to limit use of sensitive personal information. We only use sensitive personal information (such as account credentials) to provide the Service as you request.
• Right to non-discrimination for exercising any of the above.

To exercise California rights, email privacy@trackyourshelves.com with the subject "CCPA Request". You may designate an authorized agent to make a request on your behalf; we will verify both your identity and the agent's authority.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, the UK, or Switzerland, the General Data Protection Regulation (or the UK GDPR) applies to our processing of your personal data. Our legal bases for processing are:

• Performance of a contract — to create your account, provide the Service, and bill for paid plans.
• Legitimate interests — to secure the Service, prevent fraud, improve quality, and analyse aggregated usage.
• Consent — where required (e.g., marketing emails, push notifications, optional cookies). You may withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and law-enforcement obligations.

You have the right to access, rectify, erase, restrict, object to, or port your personal data, and the right to lodge a complaint with a supervisory authority. For requests, email privacy@trackyourshelves.com.

Data is stored on servers in the United States. Where we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on the Standard Contractual Clauses and additional safeguards as required by applicable law.

Do-Not-Track signals

Our Service does not change its behaviour based on Do-Not-Track browser signals because we do not track users across third-party websites or services in the first place.

Automated decision-making

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze how the Service is used
• Improve performance

You can control cookies through your browser settings, but disabling them may affect functionality.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we learn we have collected such information, we will delete it promptly.

10. International Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

13. Contact Us

TrackYourShelves L.L.C. is the data controller for information collected through the Service. If you have questions about this Privacy Policy or our practices, contact us at: