Data handling

What we see, what we strip, what we never touch.

Shelf is built around data minimization. The less data we hold, the less there is to protect — and the less there is to explain when a technical lead asks how we handle it.

What Shelf collects

Two categories of data. Nothing else.

  • Your public product catalog — the same product JSON your theme renders, received via Shopify's product webhooks (see Shopify integration).
  • Public pages of the brands you follow — collected by a separate background pipeline in a separate network segment. Product pages, homepages, email-capture flows, banners.

Anonymization before AI

Before anything leaves our systems for AI processing, identifying information is stripped out.

  • Brand names are replaced with anonymous keys. The AI provider sees brand_a, not the brand's actual name.
  • Store URLs are stripped. Your store's domain is never included in prompt input.
  • Re-mapping happens locally. After the AI response comes back, we map the anonymous keys back to brand names inside our own systems — never on the provider's side.

What we never send to AI providers

  • Customer names, emails, addresses, or any PII
  • Order history, carts, or transaction data
  • Your store name, URL, or any identifying information
  • API keys, access tokens, or credentials of any kind

We've never read it. We've never asked Shopify for it. We're never going to.

Shelf works purely with publicly available data about the brands in your industry, plus your own product catalog so we can adapt intelligence to your store.

Retention

Data retention policies scale with tier. Starter keeps a shorter rolling history; Pro keeps more for trend depth; Enterprise retention is configurable. For specifics on how retention works on your plan, or for a written retention policy for a security review, reach out at security@shelfplugin.com.

Regardless of tier: uninstall triggers cascade delete. Nothing is retained after an app uninstall.