TruShelf

Privacy Policy

Last updated: February 8, 2026

TruShelf ("TruShelf", "we", "us", "our") operates the TruShelf website, web portal, and related services including the TruShelf reader application for Android ("Services"). This Privacy Policy explains what personal information we collect when you use our Services and how we use it. Contact us at privacy@trushelf.io with any questions.

We may change this Privacy Policy from time to time. The effective date at the top will be updated when we do. Your continued use of the Services after a change constitutes your acceptance of the updated policy.

Definitions

  • California Consumer Privacy Act ("CCPA") — California law enhancing privacy rights and consumer protection for California residents.
  • General Data Protection Regulation ("GDPR") — EU law on data protection and privacy for individuals in the European Union.
  • Personal Data — Any information relating to an identified or identifiable natural person (e.g. name, identification number, location data, online identifier).
  • Personal Information (CCPA) — Information that identifies, relates to, or could reasonably be linked with a particular consumer or household. For this policy, Personal Data is included.
  • Account — A registered user's account with our Services.
  • Registered User(s) — Users who have an account (e.g. invited to the portal by an administrator).
  • Tenant — An organization (e.g. retail store, warehouse) that uses TruShelf; data is scoped by tenant.
  • User(s) — Anyone who visits or uses our website, portal, or related services, including Registered Users.
  • You / Your — Users.

Types of Personal Information We Collect

Information from users who contact us

When you submit our contact or demo request form, we collect:

  • Name
  • Email address
  • Company name
  • Industry
  • Number of locations
  • Message and any other information you submit

Information from registered users

Portal access is invitation-based; there is no public self-registration. When you create an account (e.g. by accepting an invitation), we collect:

  • First name and last name
  • Email address
  • Role and permissions
  • Association with a tenant and, where applicable, a branch
  • Invitation-related information (e.g. who invited you, token status)
  • Any other information you provide in the portal

We also process tenant and organization data (e.g. tenant name, branch names) as necessary to provide the Services.

Reader app (Android)

The TruShelf reader app is used to scan RFID tags and send detection data to our backend. We do not collect personal information from the app beyond what is needed to provide the service (e.g. account authentication, device identifier for scanner association). Scan and detection data (e.g. tag IDs, shelf, timestamp) are processed to provide inventory visibility and are scoped to your tenant.

Additional information from all users

When you use our website or portal, we may collect:

  • IP address
  • Browser and device information
  • Usage of our Services (e.g. pages viewed, actions taken)
  • Information stored in cookies or similar technologies (see Cookies below), including locale preference (e.g. NEXT_LOCALE cookie) for language selection

Sources of Personal Information

We may collect this information through:

  • Direct submission (contact form, account creation, portal use)
  • Automatically (cookies, logging, similar technologies)
  • Third-party services that we use (e.g. email delivery, CAPTCHA), as described in this policy

Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our Services.

  • Required (strictly necessary) — Needed to navigate and use the website and portal (e.g. authentication). You cannot opt out of these.
  • Functional — For example, we use a cookie to store your language preference (e.g. NEXT_LOCALE) so the site displays in your chosen language. You can manage or block cookies in your browser settings; doing so may affect some features.
  • Cloudflare Turnstile — Our contact form uses Cloudflare Turnstile for bot prevention. Turnstile may set cookies or use similar technologies and collect data as described in Cloudflare's privacy policy.

We do not currently use advertising or targeting cookies. If we add analytics or advertising in the future, we will update this policy and obtain consent where required.

Lawful Basis for Processing (GDPR)

We process personal information only when a lawful basis applies:

  • Service delivery and account management — Performance of a contract (providing the Services, managing your account, support).
  • Security and fraud prevention — Legitimate interests in securing our services and users, and legal obligations where applicable.
  • Contact form and communications — Legitimate interest in responding to inquiries; consent where required by law.
  • Cookies and similar technologies — Consent where required (e.g. non-essential cookies in the EU/UK); otherwise legitimate interests for essential and functional use.
  • Legal and business purposes — Compliance with legal obligations and legitimate interests in operating and developing our business (e.g. corporate transactions).

How We Use Your Personal Information

We use your information to:

  • Provide and operate the Services (website, portal, reader app)
  • Process contact form submissions and communicate with you
  • Manage invitations and account lifecycle (invitation-based access)
  • Send transactional emails (e.g. invitation links, password reset) via our email provider
  • Improve and secure our Services
  • Comply with legal obligations and enforce our terms

Sharing of Your Personal Information

We share personal information only as described in this policy:

  • Service providers — We use Resend to send transactional emails (contact form delivery, invitations, password reset). Resend processes data on our behalf under contractual safeguards. See Resend Privacy Policy.
  • Cloudflare Turnstile — For contact form CAPTCHA; Cloudflare may process data as set out in its privacy policy (linked above).
  • Infrastructure and hosting — We may use infrastructure and hosting providers that process data on our behalf to run the Services.
  • Legal, safety, and compliance — We may disclose information to authorities or third parties when required by law or necessary to protect our rights, users, or others, or to enforce our terms and policies.
  • Corporate transactions — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that process, subject to this policy.

We do not sell your personal information.

Transfer and Storage

Your information may be stored and processed in the United States or other countries where our service providers operate. Data protection laws vary by country. Where we transfer data from the EEA/UK, we apply appropriate safeguards. By using our Services, you consent to such transfer and processing.

We retain your personal information for as long as needed to provide the Services and fulfill the purposes in this policy, or as required by law. You may request deletion (see your rights below); note that deletion may prevent you from using the Services and may result in account closure. Even after we delete your data from our systems, it may remain in backup or in third-party systems for a period.

Security

We use reasonable technical and organizational measures to protect your personal information (e.g. encryption in transit via HTTPS). No website or online service is completely secure; you provide information at your own risk.

Your Rights (EU / EEA / UK – GDPR)

If you are in the EU/EEA/UK, you have the right to:

  • Access — Obtain confirmation and a copy of your personal data we process
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data (subject to legal exceptions)
  • Restriction — Request restriction of processing in certain cases
  • Data portability — Receive your data in a structured, machine-readable format and transfer it to another controller where feasible
  • Object — Object to processing based on legitimate interests or for direct marketing
  • Not be subject to automated decision-making — We do not make decisions based solely on automated processing that have a significant effect on you

You also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at privacy@trushelf.io.

California Rights (CCPA)

California residents have the right to:

  • Know — Request disclosure of the personal information we have collected, used, or disclosed in the past 12 months
  • Delete — Request deletion of your personal information, subject to exceptions
  • Opt out of sale — We do not sell personal information
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@trushelf.io. We will verify your identity (e.g. via the email associated with your account) before fulfilling requests.

Other US States

Residents of Colorado, Virginia, Connecticut, and other states with similar privacy laws may have rights to access, correct, delete, or port their personal data, or to opt out of certain processing. We do not engage in profiling that produces legal or similarly significant effects. To exercise applicable rights, contact us at privacy@trushelf.io.

Nevada

Nevada residents may opt out of the sale of personal information for monetary consideration. We do not currently sell personal information; if that changes, we will update this policy. You may submit an opt-out request to privacy@trushelf.io.

How to Stop Collection or Request Deletion

You may request that we stop collecting or delete your personal information by contacting us at privacy@trushelf.io. Deleting your account may be required to fully stop use of your data for account-related purposes. You can also limit or block cookies via your browser settings or cease using our Services.

Your Obligations

You are responsible for ensuring that the personal information you provide is accurate and for informing us of any changes.

Children

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us at privacy@trushelf.io so we can delete it.

Contact

For questions or requests about this Privacy Policy or your personal information, contact us at: privacy@trushelf.io.