ShelfLife Waitlist

Effective —

Privacy Policy

This is a placeholder. Replace with the final policy before public launch.

ShelfLife is operated by Fisherbird LLC ("we", "us"). This policy explains what personal data we collect, why, and what your rights are.

What we collect

  • Account data — email address, display name, handle, password hash (managed by Amazon Cognito).
  • Reading data — books you add to shelves, ratings, reviews, reading status, dates started/finished, your Top 12.
  • Spine images — photos you upload of book spines for the shelf canvas.
  • Social graph — who you follow and who follows you.
  • Activity — events such as adding a book, finishing a book, or posting a review, used to build your home feed.
  • Operational data — IP address (transient, for rate-limiting), basic device telemetry needed to keep the app working.

How we use it

We use this data to operate ShelfLife — to render your shelves, deliver social activity from people you follow, keep your account secure, and respond to support requests. The lawful basis for the core service is performance of a contract (GDPR Article 6(1)(b)) — we cannot provide the app without processing this data.

We do not sell your data. We do not show third-party advertising inside the app.

Sub-processors

  • Amazon Web Services (us-east-2) — application hosting, database, file storage, authentication (Cognito).
  • Cloudflare Turnstile — anti-bot challenge on the waitlist form.
  • Open Library — public book metadata. We send a book identifier; we do not send any user-identifying data.

Retention

  • Account and reading data: kept until you delete your account.
  • Database backups (point-in-time recovery): 35 days.
  • Temporary spine uploads (tmp/): 1 day.
  • Per-follower home-feed inbox copies: 90 days.
  • Reviews and spines you posted publicly: pseudonymised on account deletion (the user identifier is replaced with deleted_user); content remains visible.

Your rights

Under GDPR and similar laws (UK GDPR, CCPA, PIPEDA, NZ Privacy Act, AU Privacy Act), you have the right to:

  • Access a copy of your data (Art. 15).
  • Rectify inaccurate data (Art. 16) — most fields are editable in the app.
  • Erase your account and data (Art. 17) — see Account → Data → Delete account.
  • Port your data (Art. 20) — export coming soon.
  • Object to processing (Art. 21).
  • Lodge a complaint with your supervisory authority.

Children

ShelfLife is not directed at children under 16. If you are under 16, please do not create an account.

Contact

privacy@theshelflifeapp.com

Changes

We may update this policy. Material changes will be announced in-app and via email at least 30 days before taking effect.