Privacy Policy
Effective date: 01.01.2026
This Privacy Policy explains how Shelflife ("Shelflife," "we," "us," or "our") collects, uses, and protects your information when you use the Shelflife application and website ("Service"). Shelflife is a Shopify application that monitors inventory levels and forecasts stockouts for Shopify merchants.
We respect your privacy and are committed to handling your data responsibly.
1. Who is responsible for your data
The data controller for the purposes data protection laws is:
Shelflife
Zurich, Switzerland
Email: shelflife@msfts.ch
2. What data we collect
We collect only the data necessary to provide the Service. Here is exactly what we collect and where it comes from:
Data from Shopify (via OAuth and API)
When you install Shelflife on your Shopify store, we access the following through Shopify's API:
- Store information: Store name, store URL (myshopify domain), and Shopify plan details
- Product and variant data: Product titles, variant names, SKUs, and prices
- Inventory data: Stock quantities and inventory levels across your locations
- Order data: Order history and line items (used solely for sales forecasting -- we do not access customer payment information)
Data you provide directly
- Email addresses: Alert recipient email addresses you configure within the app
- Purchase order data: Supplier names, order quantities, and expected delivery dates you enter
- Support messages: Any messages you send us through live chat (Crisp) or email
What we do NOT collect: We do not collect your customers' personal data (names, emails, payment details, or shipping addresses). We do not use tracking cookies or analytics on our website. We do not collect any data beyond what is listed above.
3. How we use your data
| Data | Purpose |
|---|---|
| Store information | Identify your account and link it to your Shopify store |
| Product and inventory data | Display your inventory status and calculate stockout forecasts |
| Order data | Generate sales forecasts to predict when products will run out |
| Email addresses | Send stockout alert emails you configured |
| Purchase order data | Track incoming orders and incorporate expected deliveries into forecasts |
| Support messages | Respond to your questions and provide customer support |
We do not use your data for advertising, profiling, or any purpose other than providing and improving the Service.
4. Legal basis for processing (FADP / GDPR)
Under the Swiss FADP and, for users in the European Economic Area (EEA) or United Kingdom, the GDPR, we process your data under the following legal bases:
- Contract performance (Article 6(1)(b) GDPR): Processing your store, product, inventory, and order data is necessary to deliver the Service you signed up for.
- Legitimate interest (Article 6(1)(f) GDPR): We may process limited data to improve the Service, ensure security, and prevent fraud. Our legitimate interests do not override your rights.
- Consent (Article 6(1)(a) GDPR): Where required, such as for optional communications. You can withdraw consent at any time.
5. Who we share data with
We do not sell, rent, or trade your data to anyone. We share data only with the following service providers, strictly to operate the Service:
| Provider | Purpose | Location |
|---|---|---|
| Shopify | Platform integration, authentication (OAuth), and billing | Canada / US |
| Railway | Application and database hosting | The Netherlands (EU) |
| Crisp | Live chat support within the app | France (EU) |
Each provider processes data under their own privacy policy and is bound by applicable data protection laws. We do not share your data with any other third parties.
We may disclose your information if required by law, regulation, or legal process (such as a court order or subpoena).
6. International data transfers
Our application and database are hosted in the European Union (the Netherlands). However, some data is transferred to Canada and the United States through Shopify (for platform integration, authentication, and billing). Where data is transferred outside Switzerland, the EEA, or the UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the service provider's compliance with applicable data protection frameworks.
7. How long we keep your data
- Active account: We retain your data for as long as Shelflife is installed on your Shopify store and your account is active.
- After uninstall: When you uninstall Shelflife from Shopify, we delete your store data, product data, inventory data, order data, and alert configurations within 30 days.
- Support conversations: Chat and email support history may be retained for up to 12 months after your last interaction for quality and training purposes.
- Legal obligations: We may retain certain data longer if required by law (for example, billing records for tax purposes).
You can request earlier deletion at any time by contacting us.
8. How we protect your data
We take reasonable technical and organizational measures to protect your data, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Encrypted database storage
- Access controls limiting who can access production systems
- Authentication via Shopify OAuth (we never see or store your Shopify password)
No system is 100% secure. If we become aware of a data breach that affects your rights, we will notify you and the relevant authorities as required by law.
9. Your rights
Depending on where you are located, you may have the following rights regarding your personal data:
For everyone
- Access: Request a copy of the data we hold about you
- Correction: Ask us to correct inaccurate data
- Deletion: Ask us to delete your data
- Data portability: Request your data in a machine-readable format
Additional rights under FADP and GDPR (Switzerland, EEA, and UK residents)
- Restrict processing: Ask us to limit how we use your data
- Object to processing: Object to processing based on legitimate interest
- Withdraw consent: Where processing is based on consent, withdraw it at any time
- Lodge a complaint: File a complaint with your local data protection authority
Additional rights under CCPA (California residents)
- Right to know: Request details about what personal information we collect, use, and disclose
- Right to delete: Request deletion of your personal information
- Right to opt-out of sale: We do not sell your personal information, so this right does not apply in practice
- Non-discrimination: We will not discriminate against you for exercising your privacy rights
To exercise any of these rights, email us at shelflife@msfts.ch. We will respond within 30 days (or sooner if required by law).
10. Cookies and tracking
Our website does not use cookies for tracking or analytics. We do not use Google Analytics or similar tools.
Shopify embedded app: When you use Shelflife within your Shopify admin, Shopify and the Crisp chat widget may set their own cookies. Shelflife itself does not set additional tracking cookies. See Crisp's Privacy Policy for details.
11. Children's privacy
Shelflife is a business-to-business service designed for Shopify merchants. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a notice in the app. The "Effective date" at the top of this page indicates when the policy was last updated.
We encourage you to review this policy periodically.
13. Contact us
If you have any questions about this Privacy Policy or how we handle your data, contact us at shelflife@msfts.ch.