Shelf Privacy Policy

Last updated 28th of May, 2021


GemShelf Inc. dba Shelf (“Shelf” or “we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy describes the information we collect from you, how we use that information, and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us. Please read this privacy policy carefully.


Shelf is committed to meet all European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA or CaCPA) requirements.


We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. We will notify you of changes to the data processing activities described in this Privacy Policy by email or by posting a prominent notice on the Site. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.


In order to create a Shelf account and use our services, we need to collect and process certain information. We collect and receive this information in a variety of ways and may include:


          • Personal Data

            Personally identifiable information, such as your name, shipping address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us when you register with the Site or when you choose to participate in various activities related to the Site, such as online chat and message boards. You are under no obligation to provide us with personal information of any kind, however, your refusal to do so may prevent you from using certain features of the Site.

          • Derivative and Usage Data

            Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site; Information about the ways people visit and interact with our Site, in the form of traffic analytics. You can opt out of being included in Google Analytics here.

          • Financial Data

            Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site. Shelf partners with Stripe for payment processing and the payment you submit is collected and used by them in accordance with their privacy policies, which are available here. Shelf does not store your payment information apart from the type of credit or debit card, the last four digits of the card, the expiration date of the card, and the name associated with the card.

          • Data From Social Networks

            User information from social networking sites, such as LinkedIn and Facebook including your first and last name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks.

          • Mobile Device Data

            Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.

          • Communications

            Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem); and Information that you submit on or to Shelf in the form of comments, contributions to discussions, or messages to other users.


Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:

          • Assist law enforcement and respond to subpoena.

          • Compile anonymous statistical data and analysis for use internally or with third parties.

          • Create and manage your account.

          • Email you regarding your account or order.

          • Enable user-to-user communications.

          • Fulfill and manage purchases, orders, payments, and other transactions related to the Site.

          • Generate a personal profile about you to make future visits to the Site more personalized.

          • Increase the efficiency and operation of the Site.

          • Monitor and analyze usage and trends to improve your experience with the Site.

          • Notify you of updates to the Site.

          • Perform other business activities as needed.

          • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.

          • Process payments and refunds.

          • Request feedback and contact you about your use of the Site.

          • Resolve disputes and troubleshoot problems.

          • Respond to product and customer service requests.


We may share information we have collected about you in certain situations. Your information may be disclosed as follows:


            By Law or to Protect Rights

            If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

            Third-Party Service Providers

            We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance, etc.

            Third-Party Subprocessors list

Subprocessor Address of subprocessor Country Purpose of Use
Amazon Web Services 410 Terry Avenue N, Seattle, WA 98109 USA IaaS Cloud Platform that is used by Shelf for hosting and maintaining Shelf infrastructure and other AWS services, such as Dynamo DB, etc.
Auth0 10900 NE 8th Street, Bellevue, WA 98004 USA Identity management services that Shelf uses to authenticate and authorize users to the Shelf application. 
MongoDB 1633 Broadway, 38th Floor, New York, NY 10019 USA The Database-as-a-Service solution is used by Shelf to store metadata of user’s documents, events, and other client-related information.
Elastic Cloud 800 West Camino Real, Suite 350, Mountain View, CA 94040 USA Shelf uses the vendor services to host ElasticSearch clusters, which therefore provide users with advanced search capabilities within the Shelf application.
Intercom 55 Second Street, Suite 400, San Francisco, CA 94105 USA Customer Support platform that is used by Shelf Marketing and Sales teams to maintain communication with clients.
Stripe 185 Berry Street #550, San Francisco, CA 94107 USA Shelf uses the vendor services to be compliant with the PCI DSS standard to process payments securely. 
Google Analytics 1600 Amphitheatre Parkway, Mountain View, CA 94043  USA Web Analytics services that Shelf uses to track web traffic on Shelf’s website.
DataDog 620 8th Avenue, 45th Floor, New York, NY 10018 USA Monitoring and centralized logging solution that Shelf uses to determine performance metrics as well as event monitoring for infrastructure and cloud services
Atlassian 341 George Street, Sydney, NSW 2000 Australia Shelf uses the vendor services for Asset Management and Team Collaboration.

The Landmark at One Market,

Suite 300,

San Francisco, CA 94105

USA Marketing Automation solution that Shelf uses for creating marketing strategies, automating newsletters, and engagement tracking.
Iubenda Via Torino, 2 – 20123 Milan  Italy Shelf uses the vendor services to be compliant with GDPR regulation and provide EU residents with cookie consent solution on the Shelf’s website.
Mixpanel 405 Howard Street San Francisco, CA 94105 USA Application Analytics services that Shelf uses to track Product metrics, such as most visited features, etc.


    If you are in the EU, have users of your Shelf account based in the EU, have customers in the EU, or need to be GDPR compliant, you may additionally contact to sign Shelf’s Data Processing agreement (DPA).

              Marketing Communications

              With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law. Marketing emails from Shelf give you the ability to “opt out”. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to our customers.

              Interactions with Other Users

              If you interact with other users of the Site, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

              Third-Party Advertisers

              We may use third-party advertising companies to serve ads when you visit the Site. These companies may use information about your visits to the Site and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.


              We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

              Business Partners

              We may share your information with our business partners to offer you certain products, services or promotions.

              Other Third Parties

              We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.

              Sale or Bankruptcy

              If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.
              We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.


    Shelf securely stores your data at AWS file system storage and databases, which are encrypted by Transparent Data Encryption standard (TDE) and Advanced Encryption Standard (AES) technologies in accordance.
    We will retain your personal information for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
    Where we have no ongoing legitimate business need to process your personal information, we will either delete, aggregate or otherwise anonymize it.


            • Cookies and Web Beacons

              We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site to help customize the Site and improve your experience. When you access the Site, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

            • Website Analytics

              We may also partner with selected third-party vendors, such as Google Analytics, and Mixpanel and others, to allow tracking technologies and remarketing services on the Site through the use of first-party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Site, determine the popularity of certain content and better understand online activity. By accessing the Site, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor or the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.
              You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

            • Third-party websites

              The Site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.


    We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps, including contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies, to secure the personal information you provide to us.

    Please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

    Regardless of that, Shelf takes reasonable and appropriate measures to protect data from loss, misuse and unauthorized access, disclosure, alteration and destruction.


    We do not knowingly solicit information from or market to children under the age of 16. If you become aware of any data we have collected from children under age 16, please contact us using the contact information provided below.


    Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.


            • Account Information

              You may at any time review or change the information in your account or terminate your account by:

                • Logging into your account settings and updating your account

                • Contacting us using the contact information provided below

              Upon your request to terminate your account, we will deactivate your account. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

            • Emails and Communications

              If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:

                • Logging into your account settings and updating your preferences.

                • Contacting us using the contact information provided below.

              If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

            • Personal Information

              You may send requests about personal information You can request to change contact choices, opt-out of our sharing with others, and update your personal information.
              We strive to provide you the tools to update your personal information. If you are unable to correct inaccurate information on your own, you may request our assistance to update such information by contacting

    Shelf is relying on SCCs (Standard Contractual Clauses) as a framework for allowing lawful export of personal data from European Economic Area, Switzerland and the U.K. to the U.S.

    You can obtain Shelf’s current Data Protection Agreement, including the Standard Contractual Clauses by sending an email to If you need to have a DPA signed, please reach out to the very same address noted above. Please allow up to 45 hours for us to respond to your request.

    Shelf continues to closely monitor the situation in the EU with regard to personal data transfers.


    Since security and data integrity and openness of data usage are important to Shelf, the company complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Shelf will do its best to ensure accuracy and to protect personal information from loss, misuse, or unauthorized access or disclosure.
    The Privacy Shield Framework consists of such Privacy Shield Principles.

    NOTICE: Everything that an individual should be informed about his personal data and the purpose of using this data was already above-mentioned in Shelf’s privacy policy.

    CHOICE: You, as an individual, is the owner of your Personal Information. Shelf offers individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

    ACCOUNTABILITY FOR ONWARD TRANSFER: Shelf remains accountable for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party agent or controller.
    In particular, Shelf remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Shelf proves that it is not responsible for the event giving rise to the damage.

    SECURITY: Shelf takes reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data. You can refer to the “Security of Your Information” section of this Privacy Policy for more details.

    ACCESS: Shelf users have access to personal information about them that Shelf holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

    DATA INTEGRITY: Shelf will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.
    Shelf will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

    RECOURSE, ENFORCEMENT AND LIABILITY: To comply with the Privacy Shield Principles, Shelf commits to resolve complaints about the collection or usage of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Shelf at: Please allow us up to 45 hours to respond to your request.

    Shelf has committed to cooperate with the panel established by the EU data protection authorities (DPAs) for referring unresolved privacy complaints under the Privacy Shield Principles. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. Also, Shelf cooperates with Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from Switzerland, please visit for details. More importantly, DPAs and FDPICs services are provided at no cost to you.

    Under certain circumstances, EU individuals may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of their complaint. This procedure will be held through The Privacy Shield Framework and Annex I. More information on the binding arbitration procedure can be obtained from here.

    For further information, please see the Privacy Shield website To learn more about the Privacy Shield Framework, please visit In addition, to find out more about the arbitration procedure, you can read the Annex I

    Shelf is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

    Shelf complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

    Shelf has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit


    If you have questions or comments about this Privacy Policy, please contact us at

    GemShelf Inc.
    Attn: Data Protection Officer
    Address: 175 Atlantic St., Stamford, CT 06901, USA
    Phone number: + 1(833) 200 8222 (toll free)