Privacy Policy

ShelfMind ("we", "us", "our") operates the ShelfMind platform at shelfmind.io. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our service.

By using ShelfMind, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

1. Information We Collect

Account Information

When you create an account, we collect:

• Name and email address
• Company/organization name
• Password (encrypted and never stored in plain text)
• Phone number (optional)

Business Data

When you use ShelfMind, you upload:

• PSA planogram files (.psa, .zip)
• Product master files (CSV, Excel)
• Store master files (CSV, Excel)
• Column mapping configurations
• Analytics filters and saved views

This data is your proprietary business information. We treat it as confidential and use it only to provide the ShelfMind service.

Usage Data

We automatically collect:

• IP address (used for approximate geolocation and security monitoring)
• Browser type and user agent
• Pages visited and time spent
• Features used (uploads, analytics queries, exports)
• Error logs and performance metrics

This helps us improve the platform, diagnose issues, and optimize performance.

2. How We Use Your Information

We use your information to:

• Provide the Service: Process planograms, generate analytics, and deliver reports
• Maintain Your Account: Authenticate users, manage subscriptions, and provide support
• Improve the Platform: Analyze usage patterns, fix bugs, and develop new features
• Communicate: Send service updates, security alerts, and billing notifications
• Comply with Legal Obligations: Respond to lawful requests and enforce our Terms of Service

We do NOT:

• Sell your data to third parties
• Use your planogram data for our own business purposes
• Share your data with competitors
• Train AI models on your proprietary data without explicit consent

3. Data Storage and Security

Where We Store Data

All data is stored on Microsoft Azure infrastructure, with primary data centers in Central India. Backups are replicated to secondary regions for disaster recovery.

How We Protect Data

• Encryption: AES-256 at rest, TLS 1.3 in transit
• Multi-Tenant Isolation: Each customer's data is stored in a separate schema—your data never mixes with others
• Access Controls: Role-based permissions, multi-factor authentication (MFA) available
• Audit Logs: All data access is logged for compliance and security monitoring
• SOC 2 Type II Certified: Independently audited security controls

4. Data Retention

We retain your data as follows:

• Active Accounts: Data retained for the duration of your subscription
• Canceled Accounts: Data remains accessible for 30 days after cancellation, then permanently deleted
• Backups: Automated backups retained for 35 days per Azure policy
• Audit Logs: Retained for 7 years for compliance purposes (SOC 2, GDPR)

You can request immediate deletion of your data by contacting admin@shelfmind.io.

5. Data Sharing and Third Parties

We share data only in these limited circumstances:

• Service Providers: Microsoft Azure (hosting), payment processors (billing), email providers (notifications). All are bound by confidentiality agreements.
• Team Members: Users you invite to your workspace can access shared planograms and analytics per their role permissions.
• Legal Obligations: If required by law, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may transfer to the new owner (you will be notified).

We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.

6. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of all personal data we hold about you
• Correction: Update inaccurate or incomplete information in your account settings
• Deletion: Request permanent deletion of your account and all associated data
• Export: Download your planogram data, analytics, and reports in CSV/Excel format
• Portability: Receive your data in a machine-readable format for transfer to another service
• Objection: Opt out of non-essential data processing (e.g., marketing emails)

To exercise these rights, contact us at admin@shelfmind.io. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Keep you logged in securely
• Preferences: Remember your settings (theme, language, saved views)
• Analytics: Understand how users interact with the platform (via Azure Application Insights)

You can disable cookies in your browser settings, but this may limit some functionality. We do not use third-party advertising cookies.

8. International Data Transfers

ShelfMind is hosted on Microsoft Azure, which operates globally. Your data may be processed in countries outside your home jurisdiction. Azure complies with GDPR, Privacy Shield, and other international data protection frameworks.

Enterprise customers can request specific data residency (e.g., EU-only storage) by contacting sales.

9. Children's Privacy

ShelfMind is a B2B platform intended for business use. We do not knowingly collect data from individuals under 18. If you believe a minor has provided us with personal information, contact admin@shelfmind.io and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or in-app notification.

Continued use of ShelfMind after changes constitutes acceptance of the updated policy.