← Back to Login

Privacy Policy

Last updated: April 2026

1. Introduction

ShelfLyf ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our shelf life management platform.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, phone number, organisation details)
  • Product and inventory data (SKU codes, batch information, expiry dates)
  • Transaction and negotiation data between manufacturers and liquidation partners
  • Usage data and platform interaction logs

3. How We Use Your Information

  • To provide and maintain our shelf life management services
  • To process transactions and facilitate connections between manufacturers and partners
  • To send spoilage alerts, notifications, and service-related communications
  • To generate analytics and reports for your organisation
  • To improve our platform and develop new features

4. Data Sharing

We do not sell your personal information. We may share your data with:

  • Connected partners and manufacturers on the platform (only data you choose to share)
  • Service providers who assist in operating our platform (hosting, email, analytics)
  • Law enforcement or regulatory bodies when required by law

5. Data Security & Zero-Knowledge Encryption

Your business data — pricing, deal terms, bids, negotiations, invoices, inventory and PII — is encrypted with AES-256-GCM using a per-organisation Data Encryption Key (DEK) before it is written to our database. Each DEK is wrapped (envelope encryption) by Google Cloud KMS, whose master key is held in FIPS 140-2 validated hardware security modules and cannot be exported, even by Google engineers.

ShelfLyf staff cannot read your encrypted data. One organisation's key cannot decrypt another organisation's data ("Chinese Wall"), and access to a key is gated by request-scoped ACLs. This is enforced by the platform architecture — by design, not by policy.

In addition we maintain TLS 1.3 for data in transit, role-based access controls under least-privilege, antivirus scanning on uploads, and continuous audit logging (with sensitive values redacted). For the full technical description, see our Security page.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data by contacting our support team.

7. Your Rights

You have the right to access, correct, or delete your personal data. You may also object to processing or request data portability. Contact us at privacy@shelflyf.in to exercise these rights.

8. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@shelflyf.in.