Account Information

When you create an account, we collect:

• Email address
• Display name
• Profile photo (optional)
• Authentication method (email/password, Apple Sign-In, or Google Sign-In)

App Usage Data

• Barcode Scans: Product barcodes you scan and associated search queries
• Pantry Items: Items you add and track in your pantry
• Search History: Stored locally on your device (not on our servers unless you select "Share" functionality)
• Community Reports: Reports you submit about product changes (may include photos from your library)

Camera and Photo Library

• Camera Access: Used exclusively for barcode scanning. Camera images are not stored or transmitted.
• Photo Library Access: Used only when you choose to upload photos with community reports or set a profile photo. Photos are not stored without your explicit action to upload them.

Automatically Collected Information

• Device information (device type, OS version, app version)
• Analytics data through optional PostHog integration (if you consent)
• Crash reports through Sentry integration (used for app stability)
• IP address (automatically logged by our servers)

We use the information we collect for the following purposes:

• Account Management: To create and maintain your account, authenticate your identity, and provide customer support
• Service Provision: To deliver barcode scanning, pantry management, product information, and community report features
• Product Improvement: To analyze app usage patterns and improve features (with optional analytics)
• Bug Fixes: To diagnose and fix app crashes and performance issues
• Subscription Management: To manage your subscription tier, process payments (via RevenueCat), and send billing information
• Communications: To send service updates, security alerts, and support responses
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Fraud Prevention: To detect and prevent fraud, abuse, and security violations

Third-Party Service Providers

We share information with the following service providers who help us operate the App:

• Supabase: Our backend database and authentication provider (PostgreSQL hosted in the US)
• RevenueCat: Subscription management and payment processing
• Expo: Push notification service
• PostHog: Optional analytics (only if you consent to analytics)
• Sentry: Crash reporting and error tracking

These service providers are contractually obligated to use your information only as necessary to provide services to us and are required to maintain the confidentiality and security of your information.

Community Reports

When you submit a community report about product changes:

• Your display name is publicly visible with your report
• Photos you upload are stored and displayed with your report
• You retain a license to the content, and grant us permission to display, reproduce, and distribute your report

No Sale of Personal Information

We do not sell, trade, or rent your personal information to third parties. We do not disclose personal information to third parties for their marketing purposes.

Legal Requirements

We may disclose your information if required by law, such as in response to a subpoena, court order, or other legal process, or to protect the rights, privacy, safety, or property of ShelfTruth, our users, or the public.

We implement appropriate technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication mechanisms (OAuth 2.0, email/password hashing)
• Access controls limiting employee access to personal data
• Regular security audits and vulnerability assessments

However, no security system is impenetrable. We cannot guarantee absolute security of your information. If you believe your account has been compromised, please contact us immediately at support@shelftruth.app.

We retain your personal information for as long as your account is active or as needed to provide services to you. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.

Community reports and associated photos may remain visible on the platform even after account deletion, but will be anonymized and dissociated from your account.

Account Deletion

You can delete your ShelfTruth account at any time through the app settings. Upon deletion, all associated personal data will be removed from our systems within 30 days.

CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information is being collected, used, and shared
• Request deletion of your personal information
• Opt-out of the sale or sharing of your personal information

To exercise these rights, please contact us at support@shelftruth.app.

GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request erasure of your data
• Restrict processing of your data
• Request portability of your data
• Object to processing
• Lodge a complaint with your local data protection authority

To exercise these rights, please contact us at support@shelftruth.app.

ShelfTruth offers two subscription tiers:

• Free Tier: 3 scans per day, 5 pantry items maximum
• Premium Tier: $4.99/month or $39.99/year, unlimited scans and pantry items

Subscriptions are managed through the Apple App Store (for iOS users). Your subscription information, including payment method and billing history, is processed by Apple and managed by RevenueCat on our behalf. We do not directly store your payment card information.

For subscription questions or cancellations, please refer to your device's app store settings or contact support@shelftruth.app.

PostHog Analytics

We use PostHog for optional analytics to understand how users interact with ShelfTruth. PostHog analytics is opt-in and does not track you by default. You can enable or disable analytics in the app settings at any time.

Sentry Error Tracking

We use Sentry to collect crash reports and error logs to improve app stability. This helps us identify and fix bugs quickly. Sentry automatically collects minimal diagnostic information when the app crashes.

No Cookie Tracking

ShelfTruth does not use cookies for tracking purposes in the mobile app.

ShelfTruth is based in the United States, and your information is processed and stored on servers located in the United States through Supabase. If you are accessing ShelfTruth from outside the United States, you understand and consent to the transfer of your personal information to the United States for processing in accordance with this Privacy Policy.

We implement appropriate safeguards for international data transfers, including standard contractual clauses where required by law.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy in the App and updating the "Last Updated" date. Your continued use of ShelfTruth after changes become effective constitutes your acceptance of the updated Privacy Policy.

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:

Email: support@shelftruth.app
Website: shelftruth.app

We will respond to your request within 30 days of receipt.