Privacy Policy

Effective date: 9 June 2026 · Last updated: 9 June 2026

ShelfLog ("we", "us", or "our") is a social book-lending app available at myshelflog.com and as iOS and Android apps. This policy explains what personal data we collect, why, who we share it with, how long we keep it, and your rights. We try to collect as little as possible and to be straight with you about what leaves your device.

1. Who we are and which law applies

ShelfLog is operated from Israel and is available to users internationally. As our home jurisdiction, we are governed by Israel's Protection of Privacy Law, 5741-1981, as amended (including Amendment No. 13, in force since 14 August 2025). If you use ShelfLog from a country whose law grants you additional data-protection rights — for example the EU/EEA or the United Kingdom — those rights also apply to you, and you can exercise them using the contacts below. You can reach us at support@myshelflog.com or via WhatsApp at +972 58 432 7887 for any privacy question or to exercise your rights.

2. What we collect

Account information — your name, email address, and (if you register with a password) a securely hashed password. If you sign in with Google or Apple, we receive the basic profile and email address you authorise that provider to share.
Profile information — your optional username, phone number, and profile photo, if you choose to add them.
Your library and activity — the books you add (title, author, cover, genre, condition), your loans, borrow and lend requests, friend connections, ratings and reviews, wishlists, and waitlist entries.
Shelf-scan photos — if you use the AI shelf-scan feature, the photo you choose is sent to our AI provider to identify the book spines. We do not store the photo ourselves (see Section 5).
Device contacts (Android only) — only if you tap "Find friends from contacts." With your permission, the app reads the email addresses and phone numbers in your contacts, sends them to our server to check which already belong to ShelfLog users, and discards them immediately. We do not store your contacts, and we never store details of people who are not ShelfLog users. This feature is not available on iOS.
Camera — used only when you choose to scan a book barcode or take a shelf photo.
Technical and diagnostic data — your IP address, device and app information, and error/diagnostic reports. Under the amended law, IP addresses and online identifiers are personal data.
Usage counts — we record the days on which you open the app (not what you do) to measure how many people use ShelfLog. This is stored in our own database and is not shared with advertisers.

3. Why we use your data, and our legal basis

To run your account and the lending features — to perform our agreement with you.
To identify books from a shelf photo — on the basis of your consent, which you give by choosing to scan.
To send you transactional emails (welcome, borrow requests, approvals, friend requests, due-date reminders) and, on native apps, push notifications you can turn off — to perform our agreement with you and with your consent.
To keep the service secure, diagnose errors, and prevent abuse — our legitimate interest in a safe, working app.
To understand overall usage and improve the app — our legitimate interest, using minimal data.
To comply with legal obligations.

We do not sell your personal data, and we do not use it for third-party advertising or ad targeting.

4. Your library is private by default

The books on your shelf, your loans, and your activity are visible only to friends you have approved within the app. Your email address and phone number are never shown to other users; the app looks people up through restricted server functions that do not expose those details.

5. AI shelf scanning

When you scan a shelf, the photo you choose is sent to OpenAI (our AI provider) to read the book spines and return a list of titles and authors. Please be aware:

We do not store the photo on our servers after the books are identified.
OpenAI receives the photo and may retain and use it in accordance with its own policies, including to improve its AI models. We do not control how OpenAI uses data once it leaves our service.
Because of this, please photograph only your bookshelf. Avoid capturing faces, people, documents, screens, or anything else in the frame that you would not want a third-party AI service to process.
Scanning is entirely optional — you can use ShelfLog without ever scanning by adding books manually or by barcode.

6. Who we share data with

We share data only with service providers that process it on our instructions to run ShelfLog:

Supabase — our database, authentication, and account storage provider (servers currently in South Korea; see Section 7).
Cloudflare — hosting, content delivery, and the serverless functions that power book lookups, the shelf scan, and emails.
OpenAI — shelf-photo recognition, as described in Section 5.
Resend — delivers our transactional emails; receives your email address solely for that purpose.
Open Library — a public book database we query for titles and covers. We send only the search text, no personal data.
Sentry — error and crash diagnostics, which may include your IP address, device information, and technical details of an error, so we can find and fix bugs.
Apple Push Notification service / Firebase Cloud Messaging — deliver push notifications to the native apps, if you enable them.

We may also disclose data where required by law, to enforce our Terms, or to protect the rights and safety of our users and ShelfLog.

7. International data transfers

Some of our providers operate outside Israel — for example, Supabase's servers are currently in South Korea, and Cloudflare, OpenAI, Resend, and Sentry are based in the United States. This means your data may be processed in those countries. Where we transfer data across borders, we rely on the safeguards permitted by applicable law, including our providers' contractual data-protection commitments.

8. How long we keep your data

Account and library data — for as long as your account is active. You can permanently delete your account at any time from Profile → Account → Delete my account inside the app, which erases your books, loans, requests, ratings, wishlists, friend connections, and profile.
Shelf-scan photos — not retained by us; OpenAI's retention is governed by its own policy (Section 5).
Device contacts — not retained; matched and discarded in the same request (Section 2).
Diagnostic and technical data — kept only as long as needed to keep the service secure and reliable.
Ratings and reviews — may be retained in anonymised form after account deletion so that aggregate book ratings remain accurate.

9. Your rights

You have the right to access the data we hold about you, correct it, delete it, export it, object to or restrict certain processing, and withdraw consent (including consent to shelf scanning) at any time. You can delete your account and its data directly in the app via Profile → Account → Delete my account. For anything else, contact us at support@myshelflog.com. You may also lodge a complaint with the Israeli Privacy Protection Authority.

10. Children

ShelfLog is intended only for users aged 18 and over. It is not directed at, and may not be used by, anyone under 18. We do not knowingly collect personal data from anyone under 18, and we will delete such data if we become aware of it.

11. Security

We protect your data with encrypted connections (HTTPS), secure authentication, row-level security on our database, and column-level restrictions that keep your email and phone number from being read by other users. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.

12. Storage on your device

We use device storage and authentication tokens needed to keep you signed in and to run the app. Our diagnostics provider (Sentry) may set technical identifiers to group error reports. We do not use advertising cookies or trackers.

13. Business transfers

If ShelfLog is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and give reasonable notice of material changes through the app or by email.

15. Contact

For any question about this Privacy Policy or your data, contact us at support@myshelflog.com or via WhatsApp at +972 58 432 7887.