Privacy

Everything you import. Chats, screenshots, links, files, prompts, and the project memory Shelvia builds from them. Lives in a Supabase Postgres database tied to your account. Storage uploads (screenshots, files) are kept in private buckets accessed only via signed URLs.

Each row is workspace-scoped. Row-Level Security (RLS) policies ensure no user can read or modify another user's data. Enforced at the database layer, not just the app.

We use your content to power the features you see. Source detection, summary, prompt extraction, comparisons, recommendations, and search. AI processing happens via the providers you've configured (Anthropic for summaries, OpenAI for embeddings). The providers process content only to return a result; Shelvia doesn't allow them to retain it for training.

We don't sell your content. We don't share it with third parties beyond the AI providers above. We don't train any model on it.

Mark any import as sensitive in the import dialog and Shelvia skips AI summary, prompt extraction, embeddings, and the agent pipeline for that item. The content stays private to your workspace.

In Settings → Privacy & Data you can:

• Download every project / import / prompt / source / decision / comparison as JSON
• Manage active share links
• Request account deletion via support email (manual review by design)

Auth uses Supabase session cookies (HttpOnly, SameSite=Lax). The sidebar collapse state is saved in your browser's localStorage. We don't use third-party tracking.

Questions about data, deletion, or compliance: team@shelvia.net.