Privacy Policy

1. Information We Collect

Shelfd may collect the following categories of information.

Account information

When you sign in with Google, Apple, email/password, or another supported login provider, we may receive:

• Name
• Email address
• Profile photo
• Login/authentication ID
• Basic account information needed to sign you in

Profile information

You may choose to provide:

• Display name and username
• Profile picture
• Bio or profile details
• Social and export links (e.g. Instagram, X, IMDb, Spotify, Apple Music handles you choose to display)
• Theme and interface preferences
• Showcase items (top picks pinned to your profile)

Media tracking information

Shelfd stores information you add or interact with, including:

• Movies, TV shows, anime, video games, music, books, and manga in your lists
• Ratings, half-point ratings, and tier-list placements
• Watch, play, listen, read, and completion status (including statuses like Watching, Watched, Watchlist, Paused, Playing, Backlog, Played, Wishlist, Live, Competitive)
• Episode progress and play hours
• Favorites, comments, notes, tags, and list organization
• Imported titles, ratings, or progress data from third-party services you connect
• Competitive game profile data you choose to add (peak rank, current rank, K/D, season K/D, platform, hours, stats tracker links, highlight links)

Social and community information

Shelfd may collect and store:

• Friend requests and friend list
• Mutual connections
• Shared watch/play/read activity
• Public comments and replies
• Direct messages and message requests
• Profile views or interactions where needed for app functionality
• Activity feed events such as added titles, ratings, reviews, tier-list updates, completed titles, and progress milestones

Technical and usage information

Shelfd may collect:

• Device type and model
• Operating system and OS version
• Browser type (web) or app version (iOS)
• IP address (used for security, abuse prevention, and approximate region)
• App pages viewed and feature usage
• Login and session data
• Error logs, crash reports, and security logs
• Performance metrics

This information helps us operate, secure, debug, and improve the Service.

Cookies, local storage, and similar technologies

Shelfd may use cookies, localStorage, IndexedDB, service-worker caches, and similar technologies to:

• Keep you signed in
• Save preferences and interface settings
• Support offline or cached app behavior
• Improve loading and performance
• Prevent fraud, spam, and abuse
• Maintain security

You can clear cookies or local storage through your browser or device settings, but some features may stop working correctly.

2. How We Use Information

Shelfd uses information to:

• Create and manage your account
• Sign you in and authenticate you
• Let you track media, games, books, ratings, and progress
• Display your profile, lists, comments, ratings, and activity
• Power friend, social, activity feed, and messaging features
• Save preferences and app settings
• Process imports and match titles with media metadata from third-party providers
• Display media posters, covers, descriptions, and third-party metadata
• Deliver push notifications you've opted into
• Debug errors, monitor performance, and improve the Service
• Prevent spam, abuse, fraud, and security threats
• Moderate content and enforce our Terms
• Respond to support, privacy, and deletion requests
• Comply with legal obligations

3. Legal Bases for Processing

Where required by law, Shelfd processes personal information based on one or more of the following legal bases:

• Your consent
• Performance of a contract with you
• Legitimate interests, such as operating, improving, securing, and protecting Shelfd
• Legal compliance
• Protection of users, Shelfd, or the public

4. Public and Social Visibility

Shelfd is social by design. Depending on your settings and the feature used, other users may see:

• Display name and username
• Profile picture and bio
• Public profile content (showcase, linked profiles, stats)
• Ratings and tier lists
• Lists and library items
• Public comments
• Watch / play / read status
• Episode progress
• Activity feed items
• Friend-related activity

Private or restricted features may limit visibility, but no system is guaranteed to be perfect. Do not add content you would not want visible to others.

5. Direct Messages

Direct messages are stored so the messaging feature can work.

Shelfd may access, review, restrict, or remove messages when necessary for safety, abuse prevention, moderation, technical support, legal compliance, or enforcement of the Terms.

6. Push Notifications and APNs

If you grant permission, Shelfd can send push notifications to your iOS device about activity relevant to you (friend activity, comments, replies, completed titles, etc.).

To deliver push notifications, Shelfd stores:

• Your Apple Push Notification service (APNs) device token
• The user ID the token is linked to
• Last-seen timestamp and platform identifier
• Last successful or failed delivery attempt for diagnostics

APNs tokens are stored in a server-side key-value store hosted by Cloudflare. We do not share APNs tokens with any party other than Apple's push delivery network, which is required to deliver the notification.

You can disable push notifications at any time through iOS Settings → Shelfd → Notifications. Disabling notifications stops new pushes but does not delete the stored token immediately; tokens are removed during regular cleanup or when you delete your account.

7. Third-Party Services

Shelfd uses third-party services to operate the app, including:

• Google Sign-In — account authentication
• Apple Sign-In — account authentication on iOS
• Firebase (Google) — authentication, database (Firestore), and related infrastructure
• Cloudflare — hosting, Workers, KV storage, security, and performance services
• Apple Push Notification service (APNs) — delivers push notifications to iOS devices
• Media and game data providers such as TMDB, OMDb, RAWG, IGDB, MusicBrainz, YouTube, or similar APIs for posters, covers, descriptions, release dates, and related metadata

These services may process information according to their own privacy policies and terms. Shelfd does not control third-party services, websites, APIs, or platforms.

8. Google User Data

If you sign in with Google, Shelfd uses Google account information only to authenticate your account, identify you in the app, display your profile information, and operate Shelfd features.

• Shelfd does not sell Google user data.
• Shelfd does not use Google user data for unrelated advertising.
• Shelfd does not transfer Google user data except as necessary to operate the app, comply with law, protect users, or with your consent.

9. How We Share Information

Shelfd does not sell your personal information.

Shelfd may share information only when needed to:

• Operate the app through service providers (Firebase, Cloudflare, APNs)
• Display public, social, friend, or messaging features
• Store data through authentication, database, hosting, and infrastructure providers
• Comply with laws, legal requests, or court orders
• Protect Shelfd, users, or the public
• Investigate abuse, spam, fraud, security incidents, or Terms violations
• Complete a business transfer, merger, restructuring, or similar event, if applicable

10. Sale, Sharing, and Targeted Advertising

Shelfd does not currently sell personal information.

Shelfd does not currently share personal information for cross-context behavioral advertising or targeted advertising.

Shelfd does not currently display third-party advertising inside the app.

If Shelfd ever adds advertising, analytics, or data-sharing practices that legally require opt-out rights, this Privacy Policy will be updated and applicable opt-out tools will be provided.

11. Data Retention

Shelfd keeps information for as long as needed to:

• Provide the service
• Maintain your account
• Operate social and tracking features
• Resolve disputes
• Enforce our Terms
• Prevent abuse
• Maintain security
• Comply with legal obligations

When information is deleted, some data may remain for a limited time in backups, logs, cache, moderation records, legal records, or where another user's content or activity includes it.

12. Security

Shelfd uses reasonable technical and organizational safeguards to help protect user information, including encryption in transit (HTTPS/TLS), access controls, and infrastructure provided by trusted vendors (Cloudflare, Google Firebase, Apple).

However, no website, app, database, or internet transmission is completely secure. You use Shelfd at your own risk.

13. International Users

Shelfd may be accessed from different countries. Your information may be processed in the United States or other countries where Shelfd's service providers operate.

By using Shelfd, you understand that your information may be transferred to and processed in countries that may have different privacy laws than your country.

Where required, Shelfd will rely on appropriate legal mechanisms for international data transfers.

14. Your Privacy Rights

Depending on where you live, you may have rights to:

• Access personal information we have about you
• Request correction of inaccurate information
• Request deletion of your information
• Request a copy of your information
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent
• Opt out of sale, sharing, targeted advertising, or certain profiling where applicable
• Appeal a denied privacy request where required by law
• Not be discriminated against for exercising privacy rights

To make a privacy request, email shelfd@proton.me. We may need to verify your identity before completing a request.

15. California Privacy Notice

If you are a California resident, you may have rights under California privacy law (including the CCPA and CPRA), including the right to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive personal information uses where applicable, and not be discriminated against for exercising your rights.

Shelfd does not currently sell personal information.

Shelfd does not currently share personal information for cross-context behavioral advertising.

To exercise California privacy rights, email shelfd@proton.me.

16. U.S. State Privacy Rights

Residents of certain U.S. states (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with applicable consumer privacy laws) may have additional privacy rights. These may include rights to access, delete, correct, obtain a copy of personal information, opt out of certain processing, opt out of targeted advertising, opt out of sale of personal information, opt out of certain profiling, and appeal a privacy decision.

To exercise these rights, email shelfd@proton.me.

17. European Union, United Kingdom, and Similar International Rights

If you are in the European Union, United Kingdom, European Economic Area, Switzerland, or another region with similar privacy laws (including the GDPR and UK GDPR), you may have rights to access, rectify, erase, restrict, object to processing, request portability, withdraw consent, and lodge a complaint with a data protection authority.

To exercise these rights, email shelfd@proton.me.

18. Children's Privacy

Shelfd is not intended for children under 13.

Shelfd does not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will take reasonable steps to delete it.

Users under 18 should use Shelfd only with permission from a parent or legal guardian.

19. Sensitive Information

Do not submit sensitive personal information through Shelfd, including government ID numbers, financial account numbers, medical information, precise location information, passwords for other services, or private personal details.

Shelfd is not designed to store sensitive personal information.

20. Account Deletion

You may request account deletion at any time by emailing shelfd@proton.me with the subject "Account deletion request" from the email address tied to your account.

We will confirm and permanently remove your account, profile, library, ratings, tier lists, friend connections, direct messages, and APNs push tokens within 30 days of a verified request.

After deletion, some information may remain where allowed or required, including backups, logs, fraud prevention records, legal records, moderation records, cached data, or content already shared with or visible to other users.

21. Do Not Track and Global Privacy Controls

Some browsers send "Do Not Track" or Global Privacy Control signals.

Shelfd does not currently sell personal information or share personal information for cross-context behavioral advertising. If Shelfd begins using practices that require honoring opt-out signals, this Privacy Policy will be updated.

22. iOS App–Specific Disclosures

For the Shelfd iOS app distributed via Apple's App Store and TestFlight:

Apple App Privacy

The data categories disclosed in Shelfd's App Store "App Privacy" section align with the categories described in this Privacy Policy.

Permissions we may request

• Notifications — required to send activity, friend, and reply alerts. You may decline or revoke at any time in iOS Settings.
• Photos — only when you choose to upload a profile picture or attach a photo. Shelfd never accesses your photo library without a deliberate action by you.

Permissions we do NOT request

• Precise or coarse location
• Contacts
• Microphone
• Camera (outside the standard photo picker)
• Health, fitness, or motion data
• Calendar, reminders, or other system data

Identifiers

Shelfd does not use the iOS Advertising Identifier (IDFA), the App Tracking Transparency framework, or any cross-app tracking SDKs.

In-App Purchases

The core Shelfd experience is free. A future Pro tier is planned; if and when offered, it will use Apple's standard In-App Purchase system and any purchase information will be processed by Apple under Apple's terms.

23. Changes to This Privacy Policy

Shelfd may update this Privacy Policy from time to time. If changes are important, we may notify users through the app, website, or updated effective date.

Continuing to use Shelfd after changes means you accept the updated Privacy Policy.

24. Contact

For privacy questions, account deletion, or data requests, contact us: