Privacy Policy
Last updated April 1, 2026
1. Who We Are
Shelfli is a mobile application developed and operated by an independent developer based in Italy. For the purposes of the EU General Data Protection Regulation (GDPR), the developer acts as the data controller for the personal data processed through the App.
You can reach us at support@shelfli.app for any privacy-related questions.
2. What Data We Collect
We collect only the data necessary to provide you with the Shelfli service. Here is a summary:
| Data | Purpose |
|---|---|
| Email address | Account creation, login, password resets |
| Username | Display name within kitchens |
| Password (hashed) | Account authentication — we never store your password in plain text |
| Kitchen data | Kitchen names, members, invite codes — to power shared household features |
| Product data | Product names, barcodes, expiry dates, categories, notes — the core of the service |
| Preferences | Language, theme, reminder settings — stored locally on your device |
| Subscription status | Whether you are on the free or Plus tier — to manage feature access |
3. What We Do Not Collect
We do not collect your precise location, contacts, call logs, browsing history, or any data unrelated to the App's functionality. When you scan a product barcode, it is looked up against an open database (Open Food Facts) — no personal data is sent in that request. When you use the camera to read an expiry date, the text recognition happens entirely on your device and no images are sent to any server.
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data on the following legal bases:
- Contract performance — Processing your account and product data is necessary to provide you with the Shelfli service you signed up for.
- Legitimate interest — We may process limited data for service improvement and security, always balanced against your privacy rights.
- Consent — Where required (e.g., optional notifications), we ask for your explicit consent, which you can withdraw at any time.
5. Third-Party Services
Shelfli uses the following third-party services to operate. Each service has its own privacy policy governing how it handles data:
Firebase (Google)
We use Firebase for account authentication (Firebase Auth) and cloud data storage (Cloud Firestore). Your account data and kitchen/product data are stored on Firebase servers. Firebase is operated by Google and data may be processed in the EU or other regions where Google maintains infrastructure. See Firebase Privacy.
RevenueCat
If you subscribe to Shelfli Plus, RevenueCat manages the subscription lifecycle (purchase verification, renewal tracking). RevenueCat receives a pseudonymous app user ID and subscription status — it does not receive your email or personal details directly from us. See RevenueCat Privacy.
Open Food Facts
When you scan a barcode, we query the Open Food Facts open database to retrieve product information (name, category, image). Only the barcode number is sent — no personal or account data. See Open Food Facts Privacy.
Google ML Kit (on-device)
Expiry date recognition from product photos is performed entirely on your device using Google ML Kit's text recognition. No images or text data leave your device for this feature.
6. Data Storage and Transfers
Your data is stored on Firebase (Google Cloud) servers. While we aim to keep data within the European Economic Area, Google may process data in other regions in accordance with its data processing agreements and appropriate safeguards (such as Standard Contractual Clauses) as required by the GDPR.
Local preferences and reminder schedules are stored on your device only and never leave it.
7. Data Retention
We retain your data for as long as your account is active and you continue to use Shelfli. If you request account deletion, all your personal data and associated content (kitchens, products, history) will be permanently removed within 30 days of confirmation.
If you simply uninstall the App without requesting deletion, your data remains on our servers until you request its removal.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access — You can request a copy of the personal data we hold about you.
- Rectification — You can ask us to correct inaccurate data.
- Erasure — You can request deletion of your data (see our Account Deletion page).
- Restriction — You can ask us to temporarily restrict processing of your data.
- Portability — You can request your data in a structured, commonly used format.
- Objection — You can object to processing based on legitimate interest.
To exercise any of these rights, contact us at support@shelfli.app. We will respond within 30 days as required by law. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.
9. Children's Privacy
Shelfli is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@shelfli.app.
10. Security
We take reasonable measures to protect your data, including using encrypted connections (HTTPS), Firebase Security Rules to restrict data access, and hashed password storage. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within the timeframes required by the GDPR (72 hours for authority notification).
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the App or by other appropriate means. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact
For any questions, concerns, or requests related to your privacy or this policy, please contact us at support@shelfli.app.