TopShelfTopShelf
← Back to home

Privacy Policy

Last updated: March 2026

TopShelf ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the TopShelf mobile application (the "App"). Please read this policy carefully. By using the App, you agree to the practices described herein.

1. Information We Collect

Information You Provide Directly

  • Account information: name, email address, and profile details you provide when creating an account.
  • Skin profile data: skin type, skin concerns, known allergies, sensitivities, and skincare goals you enter.
  • Routine and product data: skincare routines, product names, ingredient scans, and usage history you log.
  • Photos: selfies or skin-progress photos you choose to capture within the App for skin tracking purposes.
  • Support communications: messages, email addresses, and attachments you send when contacting our support team.

Information Collected Automatically

  • Device information: device model, operating system version, unique device identifiers, and language settings.
  • Usage data: features used, screens viewed, session duration, and interaction patterns within the App.
  • Crash and performance logs: error reports and diagnostic data to help us identify and fix technical issues.

Information from Third-Party Sources

  • Apple: account authentication data if you sign in with Apple, and App Store transaction identifiers.
  • RevenueCat: subscription status, purchase history, and billing events related to your in-app subscriptions.

2. How We Use Your Information

We use the information we collect to:

  • Provide, personalize, and improve the App and its features.
  • Generate skincare recommendations tailored to your skin profile and goals.
  • Analyze product ingredients and flag potential concerns based on your sensitivities.
  • Process and manage your subscriptions and in-app purchases.
  • Train and improve our AI models using aggregated, de-identified data.
  • AI-powered features: when you use AI-powered features such as chat, check-ins, or product analysis, your skin profile data is sent to Google's AI for real-time processing. This data is not stored by Google and is used solely to generate your personalized response.
  • Respond to your support requests and communicate important updates.
  • Monitor and analyze usage trends to improve the user experience.
  • Detect, prevent, and address fraud, abuse, and technical issues.
  • Comply with legal obligations and enforce our terms of service.

3. Legal Bases for Processing

We process your personal data on the following legal bases, where applicable:

  • Consent: where you have given explicit consent for processing, such as enabling photo-based skin tracking.
  • Contract: where processing is necessary to fulfill our agreement with you, including providing the App's core features.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as improving the App, preventing fraud, and ensuring security.
  • Legal obligation: where processing is required to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

  • Service providers: trusted third-party vendors who assist us in operating the App (e.g., hosting, analytics, subscription management), bound by contractual obligations to protect your data.
  • Legal requirements: when required by law, regulation, legal process, or government request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, in which case your data may be transferred to the acquiring entity.
  • Aggregated or de-identified data: we may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. Third-Party Services

The App integrates with the following third-party services, each of which has its own privacy policy:

  • RevenueCat — subscription management and purchase validation. See their privacy policy.
  • Apple App Store — payment processing and app distribution. See Apple's privacy policy.
  • Google — AI-powered skincare analysis and personalized recommendations. When you use AI features, your skin profile data (skin type, conditions, medications, sensitivities, and lifestyle data) is sent to Google's AI for real-time processing. Google processes this data solely to generate your response and does not retain it. See Google's privacy policy.

We encourage you to review these third-party privacy policies to understand how your data is handled by each provider.

6. Cookies and Tracking Technologies

As a mobile application, TopShelf does not use browser cookies. However, we may use similar technologies, including:

  • Device identifiers: to recognize your device and maintain your session.
  • Analytics SDKs: to collect aggregated usage data and measure app performance.

You can limit tracking through your device's privacy settings, such as disabling "Allow Apps to Request to Track" on iOS.

7. Data Storage and Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and monitoring.

Your skin profile and routine data is stored locally on your device. When you use AI-powered features, this data is transmitted to our servers solely to process your request via Google's AI. Our servers are stateless and do not store your personal data. Google processes requests in real-time and does not retain your data after generating a response.

Your data is stored on secure servers. While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breaches.

8. Data Retention

We retain your personal data for as long as your account is active or as reasonably needed to provide you with the App's services. Specific retention periods include:

  • Account data: retained until you request account deletion.
  • Skin tracking photos: retained until you delete them or close your account.
  • Usage and analytics data: retained in aggregated, de-identified form for up to 24 months.
  • Support communications: retained for up to 12 months after resolution.

To request account deletion, contact us at support@shelf.top or use the account deletion option within the App. Upon deletion, we will remove your personal data within 30 days, except where retention is required by law.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data, subject to certain exceptions.
  • Port your data — receive your data in a structured, commonly used format.
  • Withdraw consent at any time where processing is based on consent.
  • Manage notifications by adjusting your preferences in the App settings or your device settings.

To exercise any of these rights, please contact us at support@shelf.top. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: you may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: you may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: we do not sell your personal information. No opt-out action is required.
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.

To submit a request, email us at support@shelf.top with the subject line "California Privacy Request."

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • Data controller: TopShelf is the data controller responsible for your personal data.
  • Legal bases: we process your data based on the legal grounds described in Section 3 above.
  • Your rights: in addition to the rights listed in Section 9, you have the right to lodge a complaint with your local supervisory authority.
  • International transfers: your data may be transferred to and processed in countries outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

12. Children's Privacy

TopShelf is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@shelf.top so we can investigate and remove the data.

13. Push Notifications

With your permission, we may send push notifications to remind you about your skincare routine, share product recommendations, or communicate important updates. You can manage or disable push notifications at any time through:

  • The notification settings within the App.
  • Your device's system settings under Notifications > TopShelf.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

  • Material changes: we will notify you via the App or email before the changes take effect.
  • Non-material changes: we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the App after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days. For urgent matters, please include "Urgent" in your email subject line.