Privacy Policy

Effective Date: March 7, 2026

1. Introduction

ShelfSpace Technologies Inc. ("ShelfSpace," "we," "us," or "our") operates the ShelfSpace platform at ourshelf.space and the marketing website at shelfspace.pro (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an account — first name, last name, email address, password, business name, business type, and state
• Complete business verification — legal business name, DBA name, business address, cannabis license number, Employer Identification Number (EIN), federal tax classification, and authorized signature
• Provide banking information — bank name, routing number, account number, and account type for payment processing
• Submit tax documentation — W-9 equivalent data including EIN and tax classification. For affiliate representatives, last four digits of Social Security Number
• Provide electronic signatures — digital signatures captured via our signature pad for agreement execution
• Use the platform — product listings, inventory data, sales transactions, settlement records, purchase orders, credit memos, invoices, promotions, and other business data you enter or upload
• Upload data files — CSV files containing sales, inventory, returns, discounts, and other transaction data
• Use AI features — questions and conversations with the ShelfiQ AI assistant
• Manage contacts — names, email addresses, phone numbers, and roles of key business contacts (owners, buyers, AP/AR contacts, sales representatives)
• Contact us — name, email address, and any information you include in your communications
• Schedule a call — information collected through our Google Calendar booking integration

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device and browser information — IP address, browser type, operating system, user agent string, and device identifiers
• Usage data — pages visited, features used, time spent on pages, and referring URLs
• Authentication data — multi-factor authentication method, MFA enrollment status, login timestamps, and failed authentication attempts
• Audit data — records of actions taken on the platform including data modifications, document generation, agreement acceptance (with IP address and user agent for legal compliance)
• Error and performance data — application errors, performance metrics, and diagnostic information collected through our error monitoring service
• Cookies and similar technologies — we use cookies and similar tracking technologies to maintain sessions and improve user experience

2.3 Information from Third Parties

We may receive information from third-party services you connect to ShelfSpace, such as point-of-sale (POS) systems, for the purpose of facilitating scan-based trading transactions.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Process transactions and send related information, including settlement confirmations and invoices
• Create and manage your account
• Facilitate scan-based trading between retailers and vendors
• Calculate and process weekly settlements and payments
• Communicate with you, including responding to inquiries and sending service-related notices
• Monitor and analyze usage trends to improve the Service
• Detect, prevent, and address fraud, unauthorized access, and other illegal activities
• Comply with legal obligations

4. How We Share Your Information

We may share your information in the following circumstances:

• Between trading partners — retailers and vendors on the platform may see certain business information necessary to facilitate consignment transactions (e.g., business name, product listings, settlement data)
• Service providers — we share information with third-party vendors who perform services on our behalf, such as hosting, payment processing, and analytics
• Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request
• Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset
• With your consent — we may share information for any other purpose with your consent

We do not sell your personal information to third parties.

5. Data Security

We implement commercially reasonable technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing
• Role-based access controls
• Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Sensitive Financial Information

We collect and store certain sensitive financial information necessary to operate the Service, including:

• Banking information — bank name, routing number, and account number, used for payment processing between trading partners
• Tax identification — Employer Identification Number (EIN) and federal tax classification, used for tax reporting and W-9 compliance
• Electronic signatures — digital signatures used to execute platform agreements (Master Supply Agreement, Independent Contractor Agreement)

Banking and tax information is stored in our secured database with row-level security policies ensuring that users can only access data belonging to their organization. We maintain audit logs of all access to and modifications of sensitive financial data.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain information as necessary to comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes such as maintaining financial records.

Transaction and settlement data may be retained for a minimum of seven (7) years to comply with applicable tax and financial record-keeping requirements.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access — request a copy of the personal information we hold about you
• Correction — request that we correct inaccurate or incomplete information
• Deletion — request that we delete your personal information, subject to certain legal exceptions
• Data portability — request a copy of your data in a structured, commonly used format
• Opt-out of communications — unsubscribe from marketing emails at any time

To exercise any of these rights, please contact us at chris@shelfspace.pro.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of your personal information. As stated above, we do not sell personal information.

To exercise your California privacy rights, contact us at chris@shelfspace.pro.

10. Third-Party Services

The Service may contain links to or integrations with third-party websites and services, including but not limited to:

• Supabase — database hosting, authentication, and file storage (data stored in US data centers)
• Vercel — application hosting and deployment
• Resend — transactional email delivery (settlement notifications, invitations, verification codes)
• Sentry — error monitoring and performance tracking
• Cloudflare — security, bot verification (Turnstile), and content delivery
• Anthropic — AI model provider powering the ShelfiQ assistant
• Google Calendar — appointment scheduling
• Payment processors — third-party services for ACH and check processing (as applicable)
• POS system integrations — point-of-sale data feeds

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Effective Date" above. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

ShelfSpace Technologies Inc.
Email: chris@shelfspace.pro
Website: shelfspace.pro