Privacy

Last updated: 2026-04-28

Short version: your library is yours. We store the minimum we need to make Shelfie work, we don't sell anything to anyone, and you can export or delete your account any time.

What we collect

• Email address -- the only identifier we ask for. We use it for sign-in (magic links) and the occasional account email.
• Username + display name -- whatever you choose to put on your public profile if you turn one on.
• Books, photos, ratings, notes, lent-out tracking -- what you put in your library. Stored in your private library by default.
• Shelf photos -- the pictures you upload to identify spines. Used only to read book titles and authors and then attached to the books we found.
• Sign-in cookies -- one essential cookie that keeps you logged in. Cannot be disabled because it is what authentication uses.
• Anonymous analytics -- aggregate page-view counts so we can see if people are using the product. Disabled by default in the EU/UK until you say yes.

What we don't collect

• No advertising trackers. Ever.
• No third-party cookies that follow you around the web.
• No payment card numbers -- Stripe handles that, we never see your card.

Where your data lives

• Database: Supabase (Postgres) in N. Virginia (US-East), with row-level security so only your own account can read your library.
• Photos: stored alongside your library in Supabase, encrypted at rest.
• Email delivery: Resend (US).
• Hosting: Vercel (global edge network).
• Spine reading: each shelf photo is processed by a third-party recognition service (Anthropic) for OCR. The provider does not retain or train on this content per their commercial terms.
• Metadata enrichment: title and author strings are sent to OpenLibrary and Google Books to fetch covers and subjects. These are public APIs.

Your rights (GDPR, CCPA, and just generally)

• Access -- you can export your full library any time at Library → Export in CSV, Excel, Goodreads, or BibTeX format.
• Rectification -- edit any book, change your username, update your profile from Settings.
• Erasure -- delete your account and every related row by emailing edward@dawnwardpr.com. We comply within 30 days; usually within 24 hours.
• Portability -- the export formats above are machine-readable. Take them anywhere.
• Objection / withdrawal -- decline analytics in the cookie banner; sign out of your account whenever you like.
• Complaint -- if you're in the EU/UK and unhappy with how we handle your data, you have the right to complain to your data protection authority. We'd really rather you tell us first.

Cookies

We use exactly one always-on cookie: an authentication session cookie that keeps you signed in. We don't need consent for it because without it you can't log in.

If you opt in to analytics, we add one more anonymized cookie that helps us count visitors and see which pages people use. You can decline; the product works the same way.

Children

Shelfie is not directed at people under 13. If you believe we have data about a child, email us and we'll delete it.

Changes to this policy

We'll post material changes here and email any registered user before they take effect.

Contact

Edward Roske / Dawnward LLC
edward@dawnwardpr.com