Shelfdoc
Privacy

Privacy Policy

How Shelfdoc collects, uses, shares, retains, and protects information in connection with the Shelfdoc platform — written in plain English so Amazon sellers can verify it.

Effective·May 28, 2026

This Privacy Policy explains how Shelfdoc (“Shelfdoc”, “we”, “us”) collects, uses, shares, retains, and protects information in connection with the Shelfdoc software-as-a-service platform (the “Service”). The Service is operated by PGBDIC LLC (doing business as Shelfdoc), which is the legal entity that contracts with you under the Terms of Service and acts as the data controller for personal data we process about you. By using the Service you agree to the practices described here and, where relevant, to the Terms of Service.

The Service is a business-to-business tool designed for Amazon FBA sellers. If you are an Amazon seller, the information we handle about you is primarily work-related. We do not knowingly offer the Service to consumers acting outside a business capacity.

1. Information We Collect

1.1 Account Information

When you register, we collect your name, email address, and an authentication credential (password or OAuth identifier). Passwords are hashed by Supabase Auth; we never store plaintext passwords. We also store your subscription tier, billing status, two-factor configuration, and preferences (alert thresholds, auto-removal policy, etc.).

1.2 Amazon Seller Data

When you authorize Shelfdoc via Amazon's OAuth consent flow, we store your Selling Partner ID, marketplace ID, and a refresh token issued by Amazon. Refresh tokens are encrypted at rest using AES-256-GCM with a key held separately from the database. We use these credentials solely to call the Amazon Selling Partner API (SP-API) on your behalf to:

  • Fetch inventory, stranded-inventory, and inbound-plan data about your own catalog (FBA Inventory Reports, Inbound Plans);
  • Submit FEFO price updates per MSKU you configure, via the Amazon Listings Items API (patchListingsItem);
  • Submit FBA→FBM channel flips and Override price guard-price updates that you authorize, via the Amazon Feeds API (POST_FLAT_FILE_INVLOADER_DATA);
  • Submit removal (disposal / return) orders that you explicitly authorize via the FBA Removal endpoints; and
  • Read report outputs that the Service generates from your data.

We do not call Amazon Order, Customer, or buyer-facing endpoints. We do not access buyer names, addresses, phone numbers, email addresses, or other personally identifiable information about your customers. See the Security page for the exact endpoint list and the rest of our data-handling practices.

We handle Amazon data in accordance with Amazon's Data Protection Policy (DPP) for Selling Partner API and Solution Provider Network participants. We apply the technical and operational controls that policy requires — encryption at rest, access scoping, deletion on request, and incident reporting. For additional operational detail, contact security@shelfdoc.com.

1.3 Inventory Data

We store ASINs, MSKUs, FNSKUs, product titles, fulfillment channel, quantities, expiration dates, removal dates, lot numbers, purchase-order numbers, invoice numbers, FEFO-pricing configuration, and per-item activity history you or the Service produce. This data is scoped to your account via database-level Row-Level Security and is not exposed to other Shelfdoc customers.

1.4 Usage, Diagnostic, and Log Data

We collect standard server-side logs (IP address, user-agent, request path, status, and timestamp) for security, debugging, and abuse prevention. Request logs are retained for up to 90 days and then deleted on automated rotation. We do not use third-party advertising cookies or cross-site trackers.

We use Google Analytics 4 and Microsoft Clarityfor aggregate site-usage measurement (page views, navigation paths, a fixed allowlist of click events, heatmaps, and session-replay used to find broken UX). Both products are configured with privacy guardrails — IP anonymization is enabled, Google's advertising and ad-personalization signals are disabled, Clarity automatically masks form-field text, and we never send personal account identifiers, Amazon seller IDs, MSKUs, ASINs, FNSKUs, purchase-order numbers, invoice numbers, or seller-specific inventory data to either service. See Section 3.

1.5 Payment Information

We use Stripe to process payments. Shelfdoc does not store your full card number or CVC. We do store Stripe customer and subscription IDs and high-level billing status (active, past_due, cancelled, trialing). Stripe's Privacy Policy governs its handling of payment data.

1.6 Support and Communications

If you contact us at support@shelfdoc.com, we retain the content of your message, attachments, and our reply. If you interact with the optional in-app support assistant (disabled by default; only active when the seller's account explicitly enables it), we store the question, our response, and any reaction (thumbs up / down) you submit so we can improve the help center and the agent.

2. How We Use Information

  • To operate, secure, and improve the Service;
  • To fetch and act on your Amazon inventory data at your direction;
  • To deliver email alerts, weekly summaries, and receipt / subscription notices;
  • To process subscription payments through Stripe;
  • To detect, investigate, and prevent fraud, abuse, and security incidents;
  • To comply with law, legal process, or lawful requests from governmental authorities;
  • To enforce the Terms of Service;
  • To respond to your inquiries and to improve help content based on what users ask.

We do not sell personal information. We do not use Customer Data to train third-party AI models. We do not disclose Customer Data to advertisers.

3. Service Providers (Sub-processors)

We share data with a small set of service providers strictly as necessary to operate the Service:

  • Supabase (US) — PostgreSQL database hosting, authentication, row-level security.
  • Vercel (US) — application hosting, serverless functions, edge middleware.
  • Stripe (US / global) — subscription billing and payment processing.
  • Resend (US) — transactional email delivery.
  • Anthropic (US) — optional in-app support assistant (only the seller's question and up to five retrieved help-center article excerpts are sent; no Amazon data, customer data, or PII is sent).
  • Amazon Selling Partner API — only your own Amazon data, fetched on your direct OAuth authorization.
  • Google Analytics 4 (Google LLC, US) — aggregate site-usage measurement (page views, navigation paths, anonymized device/browser, referrers, and a fixed allowlist of click events such as sign_up, login, pricing_cta_click, amazon_connect_started, amazon_connect_completed, help_search, settings_2fa_started, settings_2fa_completed). We send no personal account identifiers, Amazon seller IDs, MSKUs, ASINs, FNSKUs, purchase-order or invoice numbers, or seller-specific inventory data. IP anonymization is enabled and Google's advertising signals are disabled.
  • Microsoft Clarity (Microsoft Corporation, US) — aggregate session-quality analytics (heatmaps and session-replay) used to find broken UX. Clarity automatically masks form-field text; we never identify the session by email, name, or Amazon seller ID, and we do not attach custom dimensions that could leak seller-specific data.

We require our service providers to handle data under contractual confidentiality and security terms consistent with this Policy. We may disclose information if required by law, court order, subpoena, or governmental authority, or to protect the safety, rights, or property of Shelfdoc, our users, or the public.

4. Data Retention and Deletion

  • Active accounts: we retain your data while your subscription is active.
  • Cancellation or termination: we retain your data for up to 60 days after cancellation so you can export or recover it, then permanently delete, subject to backups that are overwritten on a 30-day rotation.
  • Inventory rows in Monitoring (archived) status: the underlying inventory row is automatically deleted 18 months after archival to keep the operational tables fast. This removes the row on the Mapped / Monitoring pages; it does not remove the history — every event Shelfdoc ever logged for that MSKU stays in your Audit Log.
  • Audit Log (every mapping, Disposal Request, Bin Check, alert, override):retained for the lifetime of your subscription. No automated purge runs against your Audit Log. Export at any time from /activity → Export, or pull a full Support Packet from Settings.
  • Request logs (HTTP / server logs): retained for up to 90 days for security and debugging. Distinct from the Audit Log.
  • Support / agent conversations: retained up to 24 months for quality improvement, or less on request.
  • Legal-hold exceptions: we may retain specific records longer when required to comply with law, enforce these Terms, or defend against legal claims.

You can permanently delete your account and the data scoped to it at any time from Settings → Account → Delete my data. The action is gated by a typed confirmation dialog and is immediate and irreversible.

5. Security

We apply the following technical and organizational measures:

  • TLS 1.2+ for all data in transit.
  • AES-256-GCM encryption at rest for Amazon OAuth refresh tokens.
  • Supabase Row-Level Security ensuring a user can only read/write their own data.
  • Principle-of-least-privilege on service-role keys; the service role runs only on server-side admin paths, never exposed to the browser.
  • Two-factor authentication (TOTP) available for every account.
  • Audit logging of meaningful mutations (maps, edits, unmaps, removal requests, discrepancy resolutions, stranded-flag clears) retained for the life of the account.
  • Documented incident-response procedure and channel (see below).

No method of transmission or storage is 100% secure. If we become aware of a security incident that requires notice under applicable law, we will notify affected customers by email without undue delay. See the Security page for our incident response posture.

6. Your Rights and Choices

Depending on where you live, you may have rights to (a) access the personal data we hold about you, (b) correct inaccurate data, (c) request deletion of your data, (d) obtain a portable copy, and (e) object to or restrict certain processing. You can:

  • Export your inventory, removal, activity, and support-packet data any time from the Service.
  • Disconnect your Amazon account from Settings → Amazon Connection.
  • Delete your account and data from Settings → Danger Zone.
  • Email privacy@shelfdoc.com to exercise any right under applicable law.

7. International Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your data is transferred to, stored in, and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to lawfully transfer personal data internationally.

8. Cookies

We use first-party session cookies provided by Supabase Auth to keep you logged in and protect against CSRF. We do not use third-party advertising or cross-site tracking cookies. A small amount of data is stored in localStorage for UI preferences (table density, support-widget open state, conversation cache, dashboard section expansion state); this data never leaves the browser.

Our analytics providers (Google Analytics 4 and Microsoft Clarity) set their own first-party cookies and use client-side storage to measure site usage, navigation paths, and session quality. These cookies are scoped to shelfdoc.com, are not used for advertising, and never carry personal account identifiers or seller-specific data. You can opt out at the browser level by using a tracker-blocking extension or browser privacy setting; the Service remains fully usable with analytics blocked.

9. Children

The Service is intended exclusively for business use by Amazon sellers who are at least 18 years old. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, email privacy@shelfdoc.com and we will delete it.

10. California Privacy Rights

California residents may request details of personal information we share for direct marketing purposes under California Civil Code §1798.83. Because we do not share personal information for third-party marketing, no such information is available to disclose.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to active users at least 30 days before taking effect. The “Effective” date at the top of this Policy reflects the most recent revision.

12. Contact

Privacy questions, requests, or complaints: privacy@shelfdoc.com.
Security incident reports: security@shelfdoc.com.
General support: support@shelfdoc.com.

Related documents: Terms of Service, Security.