Privacy Policy

1. Introduction

TrackYourShelves ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management platform, including our web application at trackyourshelves.com and our native mobile apps for iOS and Android.

2. Information We Collect

Personal Information

We collect information you provide directly, including:

• Name and contact information (email, phone number)
• Address information (for residential accounts)
• Company information (for commercial accounts)
• Account credentials
• Payment information (processed securely through Stripe)

Inventory Data

We collect and store inventory data you enter, including:

• Item names, descriptions, and categories
• Quantities, locations, and values
• Photos and documents you upload
• Purchase dates and warranty information

Automatically Collected Information

• Device information and browser type
• IP address and location data
• Usage patterns and preferences
• Cookies and similar technologies

Mobile App Information

When you use the TrackYourShelves mobile app for iOS or Android, we additionally collect or request access to:

• Camera access — used only when you scan a barcode to look up or add an inventory item, or when you photograph a warranty receipt. Camera frames are processed on-device; we do not upload raw video.
• Photo library access — used only when you choose to attach a photo to an inventory item, warranty, wishlist entry, or family member avatar.
• Push-notification permission — used to send reminders for expiring items, warranty expirations, maintenance tasks, medication refills, lending returns, and appointments. You can opt out in the app's Settings or in your device's notification settings.
• Push notification device token — a device-specific identifier (issued by Apple or Google) that we store only to deliver your notifications. It is not used for advertising or cross-app tracking. Revoked automatically on sign-out.
• Diagnostic and crash data — when the app hits an error we collect the error message, stack trace, route, app version, OS version, device class (e.g. iPhone 15 Pro), and a small breadcrumb trail of recent in-app actions, to help us fix bugs. We do not include inventory contents or message text in diagnostic payloads.
• Biometric authentication — if you enable Face ID, Touch ID, or Android fingerprint unlock, biometric data never leaves your device. We only receive a yes/no unlock signal from the OS.

The mobile app does not include third-party advertising SDKs, cross-app tracking, or analytics tools that share your data with external services.

2a. Sensitive Health Information

TrackYourShelves lets you record household medical information — family member profiles, allergies, medical conditions, medications, dosages, appointments, emergency contacts, insurance details, and an optional mental-health journal. Because this information is sensitive, it is handled differently from the rest of your account data.

We are not a HIPAA covered entity

The Health Insurance Portability and Accountability Act (HIPAA) regulates how healthcare providers, health plans, and their business associates handle protected health information. TrackYourShelves is a consumer software product — you record your own household information for your own reference. We are not a HIPAA covered entity, we are not acting as a business associate to any healthcare provider, and the health information you enter is not covered by HIPAA. The terms "HIPAA-compliant" or "HIPAA-certified" do not apply to our Service.

What that practically means: HIPAA protects information collected by your doctor about you; it does not regulate notes you keep about yourself in a personal app. We voluntarily apply security practices comparable to the HIPAA Security Rule's technical safeguards (described below), but that is a design choice rather than a regulatory status.

Field-level encryption

Sensitive fields in the medical module are encrypted at the application layer with AES-256-GCM before being written to our database. Specifically:

• Family profiles: allergies, medical conditions, emergency contact, insurance provider/policy/group/phone, primary doctor and doctor phone, and free-text notes.
• Pets: microchip ID, veterinarian, vet phone and address, insurance, free-text notes, allergies, medical conditions.
• Medications: dosage, dosage unit, frequency, route, prescription number, prescriber and prescriber phone, pharmacy and pharmacy phone, purpose, side effects, instructions, and notes.
• Medical appointments: location, reason, notes, and follow-up notes.
• Mental-health journal: the free-text fields (reflection, what helped, tomorrow's focus) on each entry.

Encryption keys are derived per-household using a unique salt stored on each owner's account plus a master secret held outside the database. An attacker with database read access alone cannot decrypt your medical information without also compromising the master secret and running a key-derivation step for each user. We do not have a way to read your encrypted medical fields if the master secret is destroyed; please retain your account password so we can authenticate you for exports and deletions.

Mental-health information

The optional mental-health journal is the most sensitive surface of the Service. Entries are stored only in your own account (they are not visible to other household members), they are encrypted as described above, and they are excluded from analytics, machine-learning model training, and any product summary or report that we make available to staff. We do not infer clinical conditions from your entries, and TrackYourShelves does not provide medical advice. If you are in crisis, please contact a qualified professional or, in the United States, dial or text 988.

Household sharing model

When you add a household member to a residential home, that member can see medical records associated with the household by default (e.g., a shared medication list). Personal medications and appointments marked "personal" remain private to their creator. Mental-health entries are always single-user. You can review and adjust who has access from the Family page in the residential dashboard.

Defense-in-depth on medical surfaces

• Medical web pages are served with no-store cache headers, no-referrer policy, and a stricter Content-Security-Policy than the rest of the Service — third-party scripts cannot run on medical routes.
• The mobile medical screen requires a separate biometric (Face ID, Touch ID, or fingerprint) confirmation each time it is opened, on top of the regular app unlock.
• Bulk medical exports are limited to one request per hour per household, can only be initiated by the home owner, and are recorded in an access log.
• Denied attempts (a household member trying to bulk-export or bulk-delete, a failed confirmation phrase) are logged so suspicious activity is visible.
• Push notifications about medical events (refill reminders, appointment reminders) include only the minimum information needed — e.g., the medication name and date — never dosage, prescriber, or notes.

Your control over health data

You can delete any individual medical record at any time from inside the app. You can also use the "Delete all medical data" option in your account settings to wipe medications, appointments, family profiles, pets, mental-health entries, the access log, or your consent record in one action (with a confirmation phrase to prevent accidental deletion). The export endpoint produces a complete, decrypted copy of your medical data in JSON or CSV for personal backup or transfer.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process transactions and send related information
• Send administrative messages and updates
• Respond to your inquiries and provide support
• Improve and personalize your experience
• Analyze usage patterns to enhance the Service
• Detect and prevent fraud or security issues
• Comply with legal obligations

4. Information Sharing

We do not sell your personal information. We may share information with:

• Service Providers: Third parties that help us operate the Service (payment processors, hosting providers, email services)
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize sharing

5. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.2+ encryption of all data in transit
• Encryption of data at rest on our managed Postgres provider
• Hashed-and-salted password storage (bcrypt)
• Scoped, rotating auth tokens with short expiry
• Biometric-unlock option on mobile (data stays on-device)
• Rate-limited authentication and abuse detection
• Regular dependency audits and security patching
• Access controls and audit logging for staff actions

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Breach notification

If we become aware of a breach of security that results in the unauthorized disclosure of your personal information, we will notify you without undue delay, consistent with applicable law, through the email address on your account or another prominent means.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@trackyourshelves.com with a description and proof-of-concept. We will acknowledge receipt within 72 hours and work with you in good faith on remediation. Please do not publicly disclose vulnerabilities until we have had reasonable time to respond.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention windows:

• Account profile data: when you close your account, it is deactivated immediately (sign-in disabled, sessions revoked) and queued for anonymization thirty (30) days later. You, your workspace admin, or TYS may cancel the closure within that window. After anonymization, the personally-identifying fields on your profile (name, email, phone, profile photo, linked Discord identity) are permanently wiped from live systems; encrypted backups roll out within a further 30 days. Business records you created (orders, invoices, audit log entries) remain on your workspace's books with a “[Deleted User]” placeholder so the team's books and audit trail stay intact — this is required by U.S. tax and accounting rules for retained business records, and the placeholder qualifies as “deidentified” under CCPA § 1798.140.
• Payment records: retained for 7 years to comply with U.S. tax and accounting obligations.
• Support tickets: retained for 3 years to help us improve service quality and for dispute resolution.
• Crash / diagnostic logs: retained for 90 days then purged.
• Push notification tokens: deleted when you sign out of a device or uninstall the mobile app.
• Backups: rolling encrypted backups retained for up to 90 days; deletion requests propagate to backups within that window.

We may retain de-identified or aggregated data indefinitely for analytics, product improvement, and reporting.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your personal information
• Export your data in a portable format (JSON / CSV)
• Opt out of certain data processing
• Withdraw consent for specific uses
• Lodge a complaint with a data-protection authority

To exercise these rights, contact us at privacy@trackyourshelves.com. We will verify your identity before responding and aim to respond within 30 days (or any shorter period required by law).

California residents (CCPA / CPRA)

If you are a California resident, you have the rights described in the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what categories of personal information we have collected about you, the sources, the purposes for collecting it, and with whom it is shared.
• Right to delete your personal information, subject to limited exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of personal information for cross-context behavioural advertising. We do not sell or share your personal information for advertising purposes.
• Right to limit use of sensitive personal information. We only use sensitive personal information (such as account credentials) to provide the Service as you request.
• Right to non-discrimination for exercising any of the above.

To exercise California rights, email privacy@trackyourshelves.com with the subject "CCPA Request". You may designate an authorized agent to make a request on your behalf; we will verify both your identity and the agent's authority.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, the UK, or Switzerland, the General Data Protection Regulation (or the UK GDPR) applies to our processing of your personal data. Our legal bases for processing are:

• Performance of a contract — to create your account, provide the Service, and bill for paid plans.
• Legitimate interests — to secure the Service, prevent fraud, improve quality, and analyse aggregated usage.
• Consent — where required (e.g., marketing emails, push notifications, optional cookies). You may withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and law-enforcement obligations.

You have the right to access, rectify, erase, restrict, object to, or port your personal data, and the right to lodge a complaint with a supervisory authority. For requests, email privacy@trackyourshelves.com.

Data is stored on servers in the United States. Where we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on the Standard Contractual Clauses and additional safeguards as required by applicable law.

Do-Not-Track signals

Our Service does not change its behaviour based on Do-Not-Track browser signals because we do not track users across third-party websites or services in the first place.

Automated decision-making

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

8. Cookies and Local Storage

We use only first-party cookies and browser local storage. No third-party advertising cookies, no cross-site trackers, no fingerprinting libraries. Below is a complete inventory of what we set and why.

Payments

Stripe sets its own cookies on Stripe-hosted checkout pages, payment-element iframes, and Stripe-Terminal interfaces. We do not control those cookies. See Stripe's cookie policy for details.

Analytics, advertising, and Do-Not-Track

We do not run third-party analytics (Google Analytics, Mixpanel, Segment, PostHog, etc.) or advertising cookies on the Service. Our Content-Security-Policy actively blocks third-party scripts on medical routes. Because we don't track you across other sites in the first place, Do-Not-Track browser signals have no additional behavior to change.

Controlling cookies

You can control cookies through your browser settings. Disabling the strictly-necessary cookies above will sign you out and prevent you from using the Service. Disabling preference cookies will reset your UI choices each session.

8a. Demo Workspaces

If you try the Service via a demo workspace at demos.trackyourshelves.com, the data you enter is stored in an ephemeral copy of a template workspace and is private to your visitor session — no other visitor can see it. Demo workspaces are automatically deleted after one hour of inactivity. We do not associate demo workspaces with a long-lived account unless you choose to sign up; the only personal data we collect for a demo is what you voluntarily type into the demo itself plus the standard automatically-collected information described in Section 2.

Demo workspaces are not intended for real medical data. Please do not enter actual prescriptions, medical conditions, or identifying details about household members into a demo.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we learn we have collected such information, we will delete it promptly.

10. International Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

13. Contact Us

TrackYourShelves L.L.C. is the data controller for information collected through the Service. If you have questions about this Privacy Policy or our practices, contact us at: