Skip to main content
ShelfLife
featuresscreensour story Join the waitlist
Waitlist

Effective June 17, 2026

Privacy Policy

ShelfLife is operated by Fisherbird LLC ("Fisherbird", "we", "us", or "our"). This Privacy Policy explains what personal information we collect when you use ShelfLife (the "Service") — through our iOS app, Android app, web app, or marketing website — how we use it, who we share it with, how long we keep it, and the rights you have over it.

By using the Service you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Service.

1. Who we are and how to reach us

The data controller for personal information processed through the Service is Fisherbird LLC. You can reach our privacy team at admins@theshelflifeapp.com.

We have not appointed a statutory Data Protection Officer because we are not required to under GDPR Article 37, but the privacy mailbox above is monitored and we respond to rights requests within the timelines described in Section 9.

2. Information we collect

We collect personal information in three ways: you give it to us, it is generated by your use of the Service, and a small amount is generated automatically when your device connects to our servers.

For California residents, this Section together with Section 3 ("How we use personal information") and Section 5 ("Disclosure of personal information") constitutes our Notice at Collection under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

2.1 Information you provide

  • Account information — email address, password (stored only as a hash managed by Amazon Cognito; we never see the plaintext), display name, and chosen handle.
  • Profile information — optional avatar, bio, and pronouns.
  • Reading data — the books you add to shelves, your ratings, written reviews, reading status, dates started and finished, and the books you pin to your Top 12.
  • Spine images — photos you upload of book spines so the Service can render them on the shelf canvas. These are processed to extract a silhouette, palette, and (where permitted) a stylized render.
  • Social graph — the accounts you follow and the accounts that follow you.
  • Support correspondence — messages you send us by email and any attachments you choose to include.
  • Waitlist submissions — if you join the waitlist on our marketing site, your email address, any optional survey responses, and — only if you tick the optional box — your consent to receive occasional marketing emails from Fisherbird LLC about our other products. This consent is separate from the invitation email the waitlist itself sends you, and you can withdraw it at any time using the unsubscribe link in those emails or by emailing us.

2.2 Information generated by your use of the Service

  • Activity events — when you add a book, change reading status, finish a book, post a review, update your Top 12, or create a shelf, we record an activity event. These events are used to build your home feed and the home feeds of accounts that follow you.
  • Aggregate review statistics — per-book averages and rating distributions are derived from individual reviews.

2.3 Information collected automatically

  • Operational metadata — IP address and basic request metadata (user-agent, timestamp, route) are processed transiently by our hosting providers for rate-limiting, abuse prevention, and to deliver the response. We do not retain raw access logs containing IP addresses for longer than 14 days.
  • Local storage on your device — we store an authentication token (Amazon Cognito refresh token) in your device's secure storage (iOS Keychain, Android Keystore, or the browser's localStorage) so that you stay signed in. We do not use third-party advertising cookies or cross-site tracking pixels.
  • Crash and error diagnostics — when the app hits an unexpected error or crash, a diagnostic report is sent to our error-monitoring provider so we can fix it. It contains the error message and stack trace, the app version, your device or browser type and operating-system version, and the screen or route where the error happened. We configure this provider not to collect your IP address and do not attach your account identity to these reports. See the Sentry entry in Section 5.1.

We do not knowingly collect precise geolocation data, contacts, or microphone audio. We do not collect biometric data; see Section 2.4 below for the specific way biometric unlock works on your device.

2.4 Biometric authentication

ShelfLife offers an optional biometric-unlock feature on devices that have Face ID, Touch ID, fingerprint, or another on-device biometric method enrolled with the operating system. You can turn this on or off at any time from Account in the app; it is off by default.

When the feature is enabled, biometric verification is performed entirely by your device's operating system — Apple's Local Authentication framework on iOS, and the Android BiometricPrompt API on Android. We receive only a yes/no result from the operating system, indicating whether verification succeeded.

We do not collect, receive, transmit, or store any biometric identifier or biometric information about you. Specifically, we do not have access to any fingerprint scan, facial geometry, voiceprint, retina or iris scan, hand-geometry scan, or any other unique biological pattern or characteristic. No biometric template ever leaves your device. Nothing biometric is transmitted to our servers, to Amazon Web Services, or to any third party.

The only thing the app stores in connection with this feature is a boolean preference, kept in your device's secure storage, that records whether you opted in. Disabling the feature deletes that preference; deleting the app removes it along with everything else the app stored locally.

Because no biometric identifier or biometric information ever reaches us, we do not engage in conduct regulated by the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, the Washington Biometric Privacy Act, or the biometric provisions of comprehensive state privacy laws — all biometric handling occurs in your device's secure enclave under the operating system's policies, not ours.

3. How we use personal information

We use personal information to:

  • Operate, maintain, and improve the Service, including rendering your shelves, delivering your home feed, and showing profiles of accounts you follow.
  • Authenticate you and keep your account secure.
  • Detect, investigate, and prevent fraudulent, abusive, or unlawful activity, and enforce our Terms of Service.
  • Send transactional communications such as account verification, password reset, security alerts, policy updates, and confirmations of actions you took (for example, account deletion).
  • Respond to your support requests, rights requests, and other correspondence.
  • Comply with our legal obligations, including responding to lawful requests by public authorities and preserving evidence where required.

We do not use your personal information to serve third-party advertising, to build cross-site advertising profiles, or to sell it to data brokers.

4. Legal bases for processing (UK and EEA users)

If you are in the United Kingdom, the European Economic Area, or Switzerland, we rely on the following legal bases under the UK GDPR and EU GDPR:

  • Performance of a contract (Article 6(1)(b)) — to provide the core Service to you under our Terms of Service. We cannot operate your account without processing the data described in Section 2.1 and Section 2.2.
  • Legitimate interests (Article 6(1)(f)) — to keep the Service secure, prevent abuse, debug operational problems, and protect our rights. Where we rely on legitimate interests, we have weighed those against your privacy interests; you can object at any time (see Section 9).
  • Consent (Article 6(1)(a)) — where required by law for cookies and similar technologies that are not strictly necessary, and for any optional marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation (Article 6(1)(c)) — when we must process data to comply with a legal requirement, such as responding to a valid court order.

We do not engage in solely automated decision-making with legal or similarly significant effects on you (Article 22).

5. Disclosure of personal information

We disclose personal information only in the following circumstances:

5.1 Service providers (sub-processors)

We use a small number of vendors to operate the Service. They process personal information on our behalf under written agreements that bind them to confidentiality and security obligations.

  • Amazon Web Services, Inc. — application hosting, database (DynamoDB), object storage (S3), authentication (Cognito), email delivery (Simple Email Service), and serverless compute (Lambda). Processing region: us-east-2 (Ohio, United States).
  • 650 Industries, Inc. (d/b/a Expo) — push-notification delivery. When we send you a notification (such as a Book Signal response or a new follower), we pass a device push token and the notification's contents to Expo's push service, which relays it to Apple (APNs) or Google (FCM).
  • Cloudflare, Inc. — Cloudflare Turnstile, an anti-bot challenge used on our waitlist form.
  • Functional Software, Inc. (d/b/a Sentry) — application error and crash monitoring for our web and mobile apps. When the app encounters an error, a diagnostic report (error message, stack trace, app version, device/browser type, and the URL of the screen where it happened) is sent to Sentry so we can fix it. We configure Sentry not to collect your IP address and do not attach your account identity to these reports.
  • Open Library / Internet Archive — public book metadata lookups. We send a book identifier (such as an OLID or ISBN). We do not send any data that identifies you to Open Library.

We will publish an up-to-date list of material sub-processors at theshelflifeapp.com/subprocessors before any general public launch and will give at least 30 days' notice of changes that materially affect the categories of data processed.

5.2 Publicly visible content

Some information you provide is, by design, visible to others:

  • Your handle, display name, avatar, and bio are visible to anyone who views your profile.
  • Reviews you post are publicly visible alongside the book.
  • Shelves you create are visible to followers and, depending on your privacy setting, may be visible to other signed-in users.
  • Spine photos you upload may appear in the community spine pool for the same book, where other users can choose them for their own shelves.

5.3 Legal disclosures

We may disclose personal information if we believe in good faith that disclosure is necessary to (a) comply with a subpoena, court order, or other valid legal process; (b) protect the safety of any person; (c) investigate, prevent, or respond to suspected fraud, security, or technical issues; or (d) enforce our Terms of Service.

5.4 Business transfers

If Fisherbird is acquired, merges with another entity, or sells substantially all of its assets, your information may be transferred as part of the transaction. We will notify you (by email and an in-app notice) before your information becomes subject to a different privacy policy.

We do not sell personal information for monetary or other valuable consideration, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act.

6. International data transfers

We are based in the United States and our servers are located in the United States (AWS us-east-2). If you access the Service from outside the United States, your personal information will be transferred to, stored, and processed in the United States. The sub-processors listed in Section 5.1 (including our error-monitoring provider, Sentry) are likewise located in the United States.

For transfers from the United Kingdom, the European Economic Area, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and, for transfers from the UK, the UK International Data Transfer Addendum to those clauses. Where required, we conduct transfer impact assessments and apply supplementary safeguards (encryption in transit and at rest, restricted access, no government data-sharing programs that we are aware of). You can request a copy of the relevant safeguards by emailing the privacy contact in Section 1.

7. Retention

We keep personal information only for as long as we need it for the purposes described in this Policy or as required by law.

  • Account and reading data — kept until you delete your account.
  • Spine images and stylized renders — kept until you delete the upload, you delete your account, or, for temporary uploads in the tmp/ prefix that were never finalised, seven days from upload.
  • Per-follower home-feed inbox copies — 90 days (the source-of-truth activity log on the actor is retained until the actor deletes their account).
  • Database point-in-time recovery backups — 35 days on a rolling basis.
  • Access logs containing IP addresses — no more than 14 days.
  • Crash and error diagnostic reports — retained by our error-monitoring provider for up to 90 days, then automatically deleted.
  • Support correspondence — up to two years from the date of the last message, then deleted.
  • Waitlist submissions — until you ask us to remove them, or for two years from submission if the public launch has not occurred by then.
  • Publicly posted reviews and spine images on a deleted account — the user identifier is replaced with deleted_user so the content is no longer linked to you; the content itself may remain visible because removing it would erase part of the public discussion of a book.

If you would prefer that public reviews you posted be deleted rather than pseudonymized, you can ask us by emailing the privacy contact and we will honor the request within the timelines in Section 9.

8. Security

We protect personal information with technical and organizational measures appropriate to the risk, including:

  • Encryption in transit (TLS 1.2 or higher) for all traffic between your device and our servers, and between our servers and our service providers.
  • Encryption at rest for the database and object storage.
  • Strict access controls. Only a small number of administrators have production access, gated by multi-factor authentication.
  • Separation of password hashing (Cognito) from application logic.
  • Continuous monitoring, automated patching of dependencies, and a dependency-scanning pipeline in continuous integration.

No service can guarantee perfect security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in line with Articles 33 and 34 of the GDPR.

9. Your rights

Subject to applicable law, you have the following rights over the personal information we hold about you.

9.1 Rights available to everyone

  • Access — request a copy of the personal information we hold about you.
  • Rectification — correct inaccurate information. Most fields are editable directly in the app (profile, reviews, reading data).
  • Erasure — delete your account and the personal information associated with it. You can start the process in the app at Account → Data → Delete account. Some information may be retained in backups for up to 35 days, in access logs for up to 14 days, and as pseudonymized public content as described in Section 7.
  • Portability — receive a copy of your reading data in a structured, machine-readable format. An in-app export feature is in development; in the meantime, email the privacy contact and we will provide an export within 30 days.
  • Objection — object to processing based on our legitimate interests.
  • Restriction — ask us to restrict processing while we consider an objection or rectification request.
  • Withdraw consent — where we rely on consent, withdraw it at any time.

9.2 California residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights above and the additional right to know the categories of personal information we collect, the categories of sources, the business purposes for which we collect or share it, and the categories of third parties with which we share it (all described in this Policy).

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. Because we do not sell or share in that sense, we are not required to offer a "Do Not Sell or Share My Personal Information" link, and we have no financial incentive program to offer.

Sensitive personal information. The only category of "sensitive personal information" as defined by Cal. Civ. Code § 1798.140(ae) that we collect is your account log-in credentials (your email address together with your hashed password). We use this category only for the purposes that the CCPA exempts from the right to limit — namely, performing the services you reasonably expect, verifying or maintaining the quality or safety of the Service, and detecting, preventing, or responding to security incidents (Cal. Civ. Code § 1798.121(a) and the corresponding regulations). We do not use sensitive personal information to infer characteristics about you. Because we use it solely for those exempt purposes, the right to limit the use of sensitive personal information does not apply.

You may exercise your rights by emailing the privacy contact in Section 1. You may use an authorized agent to make a request; we will verify the agent's authority and your identity before responding. We will not discriminate against you for exercising your rights.

9.3 Other jurisdictions

If you live in Colorado, Connecticut, Utah, Virginia, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, you have substantially the same rights described above, exercised in the same way.

If you live in Canada, Australia, New Zealand, the United Kingdom, the European Economic Area, or Switzerland, the rights described in Section 9.1 apply to you under the law of your jurisdiction.

9.4 How to exercise your rights, and our timelines

Email admins@theshelflifeapp.com. We will respond within 30 days for GDPR/UK GDPR requests and within 45 days for CCPA requests, with one extension where the request is complex. We may need to verify your identity before acting.

9.5 Right to complain

If you believe we have not handled your personal information properly, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with your local data protection supervisory authority — for example, the UK Information Commissioner's Office or your country's national data protection authority in the EEA.

10. Children

ShelfLife is not directed at children under 16, and we do not knowingly collect personal information from children under 16. If you become aware that a child under 16 has provided personal information to us, please contact the privacy address and we will delete the information promptly. For the avoidance of doubt, ShelfLife is not directed at children under 13 within the meaning of the US Children's Online Privacy Protection Act.

11. Cookies and similar technologies

The web app uses localStorage to store an authentication token and a small number of UI preferences, and a session-scoped CSRF token cookie where required. These are strictly necessary to operate the Service and do not require consent under the EU ePrivacy Directive. The marketing site uses Cloudflare Turnstile, which sets a short-lived first-party cookie strictly necessary to perform the anti-bot challenge.

We do not use analytics, advertising, or social-media-tracking cookies.

Opt-out preference signals (Global Privacy Control)

A growing number of US state privacy laws require businesses to honor universal opt-out preference signals — most commonly the Global Privacy Control (GPC) browser signal — as a valid request to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Because we do not sell personal information and do not share personal information for cross-context behavioral advertising in the first place, a GPC signal does not change how we process your data. If we ever begin practices that would qualify as "sale" or "sharing" under those laws, we will treat a GPC signal from your browser as a valid opt-out without requiring any further action from you, and we will update this Policy first.

We do not respond to legacy "Do Not Track" signals because there is no industry consensus on what they require, but our practices already meet the common intent: we do not engage in cross-site tracking.

12. Third-party links

The Service may contain links to third-party websites (for example, Open Library pages for books). We are not responsible for the privacy practices of those websites. We encourage you to read their privacy notices before providing them with any personal information.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will:

  • Update the Effective date at the top of this document;
  • Increment the version identifier; and
  • Notify you by email and in-app notice at least 30 days before the changes take effect.

Continued use of the Service after the new effective date constitutes acceptance of the updated Policy. If you do not agree, you may delete your account before the new date.

14. Contact

For any question, request, or concern about this Policy or our handling of personal information, contact:

admins@theshelflifeapp.com

ShelfLife

Your taste, in print.

Made by Fisherbird Software · an indie studio in Northern Virginia

Product

Features Screenshots Waitlist

Studio

Fisherbird Contact

Legal

Privacy Terms Sub-processors

© 2026 Fisherbird LLC.