FeaturesIntegrationsPricing
Log in

Privacy Policy

Last updated: March 17, 2026

1. Who We Are

ShelfFlow is a product of Green Square Enterprise LLC, a company incorporated in the State of New York. When we say “ShelfFlow,” “we,” “us,” or “our,” we mean Green Square Enterprise LLC operating the ShelfFlow platform.

For privacy-related questions, contact us at hello@cirrus9candy.com.

2. Information We Collect

Account Information

When you create an account, we collect your email address. Authentication is handled via magic link (passwordless) through our infrastructure provider, Supabase.

CRM Data

You and your team enter retailer information, contacts, activities, notes, and pipeline data into ShelfFlow. This data belongs to your team and is stored to provide the service.

Integration Data

If you connect third-party integrations (such as Faire, Airgoods, Shopify, or Gmail), we access and store data from those services on your behalf to sync retailer information, orders, messages, and other relevant records into your CRM. We store OAuth tokens securely to maintain these connections.

Usage Analytics

We use PostHog to collect anonymized usage analytics, including page views, feature usage, and session data. This helps us understand how ShelfFlow is used and improve the product. No personally identifiable CRM data is sent to PostHog.

3. How We Use Your Information

  • To provide, maintain, and improve the ShelfFlow platform
  • To authenticate your identity and secure your account
  • To sync data from connected integrations on your behalf
  • To send transactional emails related to your account (e.g., magic links, team invitations)
  • To analyze aggregate usage patterns and improve the product

4. How We Share Your Information

We do not sell, rent, or share your personal information or CRM data with third parties for their marketing purposes.

We share data only with:

  • Service providers who help us operate the platform: Supabase (database and authentication), Stripe (payment processing), PostHog (analytics), and Resend (transactional email)
  • Third-party integrations you explicitly connect (Faire, Airgoods, Shopify, Gmail) — only to the extent needed to sync your data
  • Legal compliance — if required by law, court order, or governmental request

5. Payment Information

All payment processing is handled by Stripe. We do not store credit card numbers or banking details on our servers. Stripe's privacy policy governs how your payment information is handled.

6. Data Security

Your data is stored in Supabase with row-level security policies that ensure team data is isolated — your team's data is only accessible to members of your team. All data is transmitted over HTTPS. OAuth tokens for integrations are stored securely.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account or request data deletion, we will remove your personal information and CRM data within 30 days, except where retention is required by law.

8. Your Rights

You can:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Disconnect any third-party integration at any time
  • Export your CRM data

To exercise any of these rights, contact us at hello@cirrus9candy.com.

9. Cookies

ShelfFlow uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. PostHog may use cookies or local storage for analytics purposes.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email or through a notice in the application. Continued use of ShelfFlow after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Green Square Enterprise LLC
Email: hello@cirrus9candy.com