Privacy Policy

Effective Date: March 18, 2026
Last Updated: March 18, 2026

1. Introduction

ShelfSpace Technologies Inc. ("ShelfSpace," "we," "us," or "our") operates the ShelfSpace platform at ourshelf.space and the marketing website at shelfspace.pro (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an account — first name, last name, email address, password, business name, business type, and state
• Complete business verification — legal business name, DBA name, business address, cannabis license number, Employer Identification Number (EIN), federal tax classification, and authorized signature
• Authorize payment processing — bank name, routing number, account number, and account type. By providing this information, you authorize ShelfSpace to initiate Remotely Created Checks (RCCs), ACH transfers, and other electronic payment instruments on your behalf as described in our Terms of Service
• Submit tax documentation — W-9 equivalent data including EIN and tax classification. For affiliate representatives, last four digits of Social Security Number
• Provide electronic signatures — digital signatures captured via our signature pad for agreement execution
• Use the platform — product listings, inventory data, sales transactions, settlement records, purchase orders, credit memos, invoices, promotions, and other business data you enter or upload
• Upload data files — CSV files containing sales, inventory, returns, discounts, and other transaction data
• Use AI features — questions and conversations with the ShelfiQ AI assistant
• Manage contacts — names, email addresses, phone numbers, and roles of key business contacts (owners, buyers, AP/AR contacts, sales representatives)
• Contact us — name, email address, and any information you include in your communications
• Schedule a call — information collected through our Google Calendar booking integration

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device and browser information — IP address, browser type, operating system, user agent string, and device identifiers
• Usage data — pages visited, features used, time spent on pages, and referring URLs
• Authentication data — multi-factor authentication method, MFA enrollment status, login timestamps, and failed authentication attempts
• Audit data — records of actions taken on the platform including data modifications, document generation, agreement acceptance (with IP address and user agent for legal compliance)
• Error and performance data — application errors, performance metrics, and diagnostic information collected through our error monitoring service
• Cookies and similar technologies — we use cookies and similar tracking technologies to maintain sessions and improve user experience

2.3 Information from Third Parties

We may receive information from third-party services you connect to ShelfSpace, such as point-of-sale (POS) systems, for the purpose of facilitating scan-based trading transactions.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Process transactions and send related information, including settlement confirmations and invoices
• Create and manage your account
• Facilitate scan-based trading between retailers and vendors
• Calculate and process weekly settlements and payments
• Communicate with you, including responding to inquiries and sending service-related notices
• Monitor and analyze usage trends to improve the Service
• Detect, prevent, and address fraud, unauthorized access, and other illegal activities
• Comply with legal obligations
• Create aggregate and de-identified datasets for analytics, product improvement, and industry benchmarking (such data will not identify you or your business)
• Facilitate dispute resolution between trading partners, including sharing relevant transaction records with both parties to a dispute
• Maintain audit logs and compliance records as required by applicable financial regulations
• Create and maintain electronic records of agreements, authorizations, and consents as permitted under ESIGN and UETA

4. How We Share Your Information

We may share your information in the following circumstances:

• Between trading partners — retailers and vendors on the platform may see certain business information necessary to facilitate consignment and wholesale transactions (e.g., business name, product listings, settlement data, credit memo details)
• Service providers — we share information with third-party vendors who perform services on our behalf, such as hosting, payment processing, and analytics
• Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request
• Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset
• With your consent — we may share information for any other purpose with your consent
• Aggregated data — we may share aggregated, de-identified data that cannot reasonably be used to identify you or your business with third parties for industry analysis, benchmarking, and research purposes
• Cannabis regulatory authorities — we may share transaction and compliance data with state cannabis regulatory bodies when required by applicable state cannabis regulations or in response to regulatory audits
• Dispute resolution — in the event of a payment dispute, credit memo dispute, or settlement discrepancy, we may share relevant transaction records, audit logs, and communication history with both parties involved in the dispute and, if applicable, with mediators or arbitrators

Between trading partners — data scope limitations. When you transact with another User through the Platform, your counterparty's access to your data is strictly limited. Vendors may only access data relating to their own products, including sales data, inventory levels, settlement history, and discount reporting for their products. Vendors cannot access: (a) sales or inventory data for products supplied by other vendors; (b) your aggregate financial performance, margin data, or overall revenue; (c) your customer data or consumer personally identifiable information; (d) the commercial terms of your relationships with other vendors. ShelfSpace may provide vendors with anonymized, aggregated market data (such as category-level sales trends) as part of analytics services, provided such data does not identify specific retailers or competing vendors.

We do not sell your personal information to third parties.

5. Data Security

We implement commercially reasonable technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing
• Role-based access controls
• Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Breach Notification. In the event of a data breach that affects your personal information, we will notify affected users within seventy-two (72) hours of becoming aware of the breach, or as otherwise required by applicable law. Notification will be provided via email to the address associated with your account and, where appropriate, through an in-platform notification. Breach notifications will describe the nature of the breach, the types of information affected, steps we are taking in response, and steps you can take to protect yourself.

6. Sensitive Financial Information

We collect and store certain sensitive financial information necessary to operate the Service, including:

• Banking information — bank name, routing number, and account number, used for payment processing between trading partners
• Tax identification — Employer Identification Number (EIN) and federal tax classification, used for tax reporting and W-9 compliance
• Electronic signatures — digital signatures used to accept platform terms and authorize transactions within the Platform
• Payment authorizations — records of your consent to payment instruments including Remotely Created Checks (RCCs) and ACH transfers, including timestamps, IP addresses, and user agent strings associated with each authorization event

Banking and tax information is stored in our secured database with row-level security policies ensuring that users can only access data belonging to their organization. We maintain audit logs of all access to and modifications of sensitive financial data.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods vary by data type:

• Transaction and settlement records — minimum seven (7) years, to comply with applicable tax and financial record-keeping requirements
• Authentication and audit logs — minimum three (3) years, for security, fraud prevention, and regulatory compliance purposes
• AI conversation data — twelve (12) months from creation, unless you request earlier deletion
• Agreement and signature records — indefinite retention, as these constitute legal records of executed contracts
• Banking and payment authorization records — twelve (12) months after account closure or termination of the applicable payment authorization, whichever is later
• De-identified and aggregated data — may be retained indefinitely, as it cannot be used to identify you

When your account is closed, we will retain data in accordance with the periods above and delete or de-identify remaining personal information within ninety (90) days, except where longer retention is required by law or necessary to resolve disputes.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access — request a copy of the personal information we hold about you
• Correction — request that we correct inaccurate or incomplete information
• Deletion — request that we delete your personal information, subject to certain legal exceptions
• Data portability — request a copy of your data in a structured, commonly used format
• Opt-out of communications — unsubscribe from marketing emails at any time

To exercise any of these rights, please contact us at chris@shelfspace.pro.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of your personal information. As stated above, we do not sell personal information.

To exercise your California privacy rights, contact us at chris@shelfspace.pro.

9.3 AI Data Usage

The ShelfiQ AI assistant is powered by Anthropic's Claude API under a commercial agreement that includes Anthropic's Data Processing Addendum (DPA). Under this agreement, your conversations with ShelfiQ are processed solely to generate responses and are not used by Anthropic to train or improve their AI models. ShelfSpace may retain AI conversation logs for the purpose of improving the ShelfiQ feature, debugging, and compliance monitoring, subject to the retention periods described in Section 7.

10. Third-Party Services

The Service may contain links to or integrations with third-party websites and services, including but not limited to:

• Supabase — database hosting, authentication, and file storage (data stored in US data centers)
• Vercel — application hosting and deployment
• Resend — transactional email delivery (settlement notifications, invitations, verification codes)
• Sentry — error monitoring and performance tracking
• Cloudflare — security, bot verification (Turnstile), and content delivery
• Anthropic — AI model provider powering the ShelfiQ assistant. Anthropic processes your ShelfiQ conversations under a zero-data-retention API policy — your inputs and outputs are not stored by Anthropic after processing and are not used for model training. For details, see Anthropic's Privacy Policy
• Google Calendar — appointment scheduling
• Payment processors — third-party services for ACH and check processing (as applicable)
• POS system integrations — point-of-sale data feeds

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access.

11. International Data Processing

ShelfSpace is based in the United States and processes all data within the United States. Our third-party service providers (listed in Section 10) may process data in their own US-based data centers. By using the Service, you consent to the transfer and processing of your information within the United States. We do not knowingly transfer personal data outside the United States. If this changes in the future, we will update this Privacy Policy and implement appropriate safeguards.

12. Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT signals. We will update this section if a uniform standard is established.

13. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Effective Date" above. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

ShelfSpace Technologies Inc.
Email: chris@shelfspace.pro
Website: shelfspace.pro