Privacy Policy
Rory Clark LLC ("Shelvado," "we," "us," or "our") operates the shelvado.com website and the Shelvado retail media platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website or use our platform.
If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
1. Information We Collect
Information You Provide Directly
Marketing Site (shelvado.com)
- Email address and role selection (Retailer or Brand/Agency) when you submit the early access request form
- Any information you include in emails sent to hello@shelvado.com
Platform (Shelvado Retail Media Portal)
- Account information: name, email address, organization name, job title, and password
- Billing information: company name, address, contact name, contact email, contact phone, payment terms, and purchase order numbers
- Business data: tactics, programs, inventory configurations, pricing, approval workflows, invoices, and communications you create or manage within the platform
- Brand and product data: brand names, UPC/SKU numbers, promotional pricing details, product attributes, and store targeting selections
- Creative assets: images and files uploaded for programs, creative review, or custom program proposals
- Communications: messages, comments, and feedback submitted through the platform, including approval comment threads and bug reports
Information Collected Automatically
- Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
- Session data: authentication tokens (JWT), session duration, and idle timeout events
- Usage data: feature interactions, navigation patterns, and notification read/unread status
- Error and performance data: when errors occur, we may capture session replay data including page interactions and screen content to diagnose and resolve issues. Replays mask text input and block media to protect sensitive information.
- Email interaction data: we may track whether transactional emails (such as approval notifications and program updates) are opened and whether links within them are clicked, to ensure reliable delivery and improve communications
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process early access requests and communicate with prospective customers
- Create and manage user accounts with appropriate role-based permissions
- Facilitate retail media workflows between retailers and CPG brands/agencies
- Generate invoices, track billing, and manage financial records within the platform
- Send transactional emails including password resets, approval notifications, and program status updates
- Send communications initiated by retailer administrators to their CPG partners
- Monitor platform security, enforce rate limiting, and maintain audit logs
- Improve the Service based on usage patterns and feedback
- Respond to inquiries and provide customer support
3. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
Between Platform Users: The platform is designed to facilitate collaboration between retailers and CPG brands. Information you enter — such as program participation, booking requests, comments, and billing details — is visible to authorized users on the other side of the relationship, consistent with the platform's role-based permission system.
Service Providers: We use third-party service providers to operate the Service, including providers for application hosting, database hosting, file storage, email delivery, website hosting, and form processing. These providers access only the data necessary to perform their functions and are bound by their own privacy policies and data protection obligations.
Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: If Shelvado is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Data Retention
- Early access form submissions: Retained in our form processing service until manually deleted by us
- Platform account data: Retained for the duration of your account's existence and a reasonable period thereafter for record-keeping and legal compliance
- Audit logs: Retained for a minimum of one year
- Transactional email records: Retained by our email delivery provider per their retention policy
You may request deletion of your personal data by emailing hello@shelvado.com. We will process deletion requests within 30 days, subject to any legal retention obligations.
5. Data Security
We implement reasonable technical and organizational measures to protect your information. See our Security page for details on specific controls, including encryption in transit, role-based access controls, session management, and audit logging.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Request that we delete your personal information
- Portability: Request a copy of your data in a structured, machine-readable format
To exercise any of these rights, email hello@shelvado.com. We will respond within 30 days.
7. Cookies and Local Storage
The marketing site (shelvado.com) does not use cookies or third-party analytics trackers.
The platform uses:
- Session storage: To cache retailer branding and prevent UI flicker on page load
- Local storage: To store user theme preferences (light/dark mode) scoped to the user's email address
- JWT tokens: For session authentication, stored in an HTTP-only cookie managed by our authentication system
We do not use advertising cookies or cross-site tracking.
8. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
10. Contact Us
If you have questions about this Privacy Policy, contact us at:
Rory Clark LLC (d/b/a Shelvado)
Email: hello@shelvado.com