Privacy Policy

I. INTRODUCTION

When you sign up with ShelfPerks, powering your business and commerce with ShelfPerks and other products of 2497 Inc., you are trusting us with your information. 2497 Inc. & ShelfPerks ("We", "Us", "Our" or "Company") understand this. We are committed and we go above and beyond to protect your information and data.
Our Privacy Policy ("Privacy Policy") is designed to help you understand how we collect, store, use and share the personal information you provide to us and to assist you in making informed decisions when using our Products and Services.

For purposes of this Agreement

• "Sites" refers to these websites, which can be accessed at https://shelfperks.com, https://www.shelfperks.in, https://2497inc.com, https://grow.shelfperks.com, https://grow.shelfperks.in
• "Apps" refers to Mobile application and Tablet application for Apple iOS devices and Android devices.
• "Services" refers to the Company's services accessed via the Sites, the Apps, other electronic, non-electronic methods.
• The terms "we," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or our App or our Service.
• "Personal Data" means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
• "Usage Data" is data collected automatically either generated by the use of the Apps or the Sites or the Services or from the Service infrastructure itself.
• "Cookies" are small files stored on your device (computer or mobile device).
• "Data Controller" means the natural or legal person who (either alone or jointly in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be processed. We are a Data Controller of your Personal Data.
• "Data Processors (or Service Providers)" means any natural or legal person who processes the data on behalf of the Data Controller. In order to process your data effectively, we may use various Service Providers.
• "Data Subject" is any living individual who is using our Service or our App or our Site and is the subject of Personal Data.
• "User" corresponds to the Data Subject.

II. INFORMATION WE COLLECT

We collect information to give better service to all our users.

When you are signed in, we collect information and store them tied to your account credentials, which we treat as Personal Data.

Categories of Personal Data Collected

Personal Data may include, but not limited to:

• Identifiers: Email Address, First Name, Last Name, Employer identifier or Taxpayer identifier, Phone number, Street Name, Door Number, Apartment Number, ZIP/Postal code, City, County, State, Province, Country, IP address, device identifiers
• Personal Information: Contact preference, Age, Date of Birth, Credit/Debit Card information, Payment Card or Contactless payment processing keys
• Commercial Information: Transaction details, sales history, purchase history, inventory details, product information
• Geolocation Data: GPS data, store location, wireless network information, Bluetooth signals
• Professional Information: Business registration details, business name, business address, supplier information, employee records
• Internet or Network Activity: Usage Data, device type, device settings, device operating system, mobile network, crash reports, system activity, system diagnostics, cookies, referrer URL, browser type, login information
• Biometric Information: (if applicable for authentication features)
• Inference Data:Product suggestions, sales analytics, business insights derived from collected data

• Government-issued identifiers:Social Security numbers, driver's license numbers, passport numbers, taxpayer identification numbers (collected only when required for account verification, tax compliance, or legal obligations)
• Financial account information:Bank account details, payment card information (processed securely through our payment processor partners)
• Precise geolocation data:GPS coordinates (collected only when you enable location services for delivery or fraud prevention purposes)
• Personal information of minors:We do not knowingly collect personal information from children under 16 unless parental consent is obtained

III. OTHER SOURCE OF PERSONAL INFORMATION

We may voluntarily or involuntarily derive information about you from third parties including but not limited to, identity verification, background information, public records of criminal convictions and arrest records, credit reports and compliance reports.

We may receive Personal Data about you when others add you to their customer data, supplier data, contacts or calendar in our Services or send messages through our Services including, but not limited to, receipt email, purchase order, invoice, gift cards or gift certificates.

We may also accumulate Personal Data and usage data when you use the Services or the Apps or the sites of our merchants and partners.

We receive information about you if you are a potential candidate for employment with ShelfPerks or with 2497Inc., or with our subsidiaries or partners. We may have received your Personal Data directly or through third parties such as recruiters or external websites. We might use the Personal Data we receive or gather to contact you about a job opportunity or in evaluating your candidacy. If you did not provide us with your Personal Data, you may ask and we may let you know the source of data when we first contact you.

All or some of the information we collect in Section III may fall into the following categories of personal data according to California Consumer Privacy Act (CCPA):

• Identifiers
• Personal Information
• Professional Information
• Internet or other electronic network activity information

IV. HOW WE USE YOUR DATA

Purposes of Processing

We use your data for the following purposes:

Account Management: To create and update your account, verify your identity, verify your customer's identity, verify your employees' identity.

Service Delivery:To enable your commerce experience, point of sale, deliveries, and other related and non-related services. This may include, but not limited to, dynamic real-time inventory management, purchase orders, order tracking, shipment, invoicing, receipt generation, product suggestions and product offerings.

Business Operations: To help you successfully track your sales, customer visits, supplier fulfilments, partner deliveries or fulfillment progress.

Personalization and Improvement: To optimize and personalize the products and services we offer. In real-time or in a scheduled manner, we aggregate all the information we collect about you from our Apps, our Services, our Sites, and our partners to provide more tailored and consistent commerce experience.

Product Development: We may use some information we stored to develop, test and improve new or existing Apps, Sites and Services.

Security and Fraud Prevention: To maintain safety and security of our services and users. This may include, but not limited to, detecting, deterring and combating fraud or unsafe activities, unsafe products and unauthorized practices.

Communications: We may provide you with news, special offers, perks, general information, user manual, usage alerts about our Apps, our Services and our Sites. We may provide you with news, special offers, perks, general information, user manual, usage alerts about other goods, services and events we offer that are similar to those you are using now unless you have opted not to receive such information.

Customer Support: To provide customer support and to notify about changes to our Services or our Apps or our Sites.

Legal Compliance:To comply with legal obligations under applicable laws (including tax laws, GST regulations, RBI guidelines, GDPR, CCPA and other regulatory requirements).

Legal Basis for Processing

Our processing of personal data is based on the following legal grounds:

Performance of Contract:To provide the Services you have requested and agreed to through our Terms of Service.

Legal Compliance:To comply with applicable laws and regulations, including tax laws, payment card industry standards, consumer protection laws, and data protection requirements.

Legitimate Interests:For fraud prevention, security, service improvement, business operations, and analytics (where not overridden by your rights and interests).

Consent:For marketing communications, optional features, and processing of sensitive personal information (which can be withdrawn at any time).

V. COOKIES AND OTHER TECHNOLOGIES

We may collect information about the way you interact with our Services or our Apps or our Sites. We may enable third parties to collect data about the way you interact across sites outside of our Services. We use cookies and similar tracking technologies to track the activity of our Services or our Apps or our Sites and we may hold certain information.

Types of Cookies and Technologies

Session Cookies: Temporary cookies that expire when you close your browser, used to maintain your session.

Preference Cookies: Store your settings and preferences to enhance your experience.

Security Cookies: Help us identify and prevent security risks.

Analytics Cookies: Help us understand how users interact with our services to improve functionality and user experience.

Advertising Cookies: Used by third-party partners to deliver relevant advertisements (subject to your consent).

Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Services. Web beacons are electronic images that may be used in our Services or our Apps or emails. We may use these Web beacons to track the number of visits to our Sites or our Apps or our Services.

Your Cookie Choices

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some or all portions of our Sites or our Services or our Apps.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control signals from your browser. When we detect a GPC signal, we will treat it as a valid request to opt out of the sale and sharing of your personal information.

Opt-Out Confirmation: When you submit an opt-out request through our cookie banner, a link, or a universal opt-out signal like GPC, we will display an "Opt-Out Request Honored" message or update your privacy settings to confirm that your request has been processed.

You can learn more about cookies by visiting http://www.allaboutcookies.org

VI. DISCLOSURE TO THIRD PARTIES

With Whom We Share Your Information

Service Users: We may share your information with other users of our Services with whom you interact with. Users may include, but not limited to, the merchants, the stores, the warehouses, the customers, the suppliers, potential suppliers or product manufacturers.

Business Affiliates: We may share your information with our affiliates to accept payments, schedule appointments, send invoices, process checks, fulfill orders, deliver the orders and provide customer support.

Service Providers and Partners: We may share your information with third parties to provide, maintain and improve our Services, our Apps, our Sites, and your operations. We may also share your information with third parties that run advertising campaigns, contests, coupons, special offers, gift cards or related services.

Analytics Partners: We may share your information with partners who use our analytics services. We provide aggregate statistics and insights to our partners. It will not include your Personal Data.

Vendors and Suppliers: We may provide your information to vendors and suppliers who support us by providing technical services, audit, payments, fraud detection, marketing and infrastructure.

Payment Processors: Stripe, Fiserv, Helcim, Stax, Coinbase Commerce, Apple (for App Store subscriptions), Google (for Play Store subscriptions), and other payment processing partners (for payment processing only).

Cloud Service Providers: For data storage and backup (under strict data processing agreements with encryption and security requirements).

Legal Authorities: When required by law, court order, or to prevent illegal activities. We use data for security, fraud prevention and investigations. We share data with law enforcement in response to legal requests.

Business Transfers: In case of merger, acquisition, or asset sale (with appropriate safeguards to protect your data).

Third-Party Partners: Payment partners, shipping and delivery partners, hardware partners, and cloud infrastructure partners as described in our Terms of Service.

We do not sell your personal information to third parties for marketing purposes. All data sharing is governed by strict contractual obligations requiring equivalent data protection standards. Your customer data is never shared with other merchants or third parties without your explicit consent or as required by law.

VII. SALE AND SHARING OF PERSONAL DATA

California Residents: ShelfPerks does not sell or broker your personal information for monetary or other valuable consideration. However, we may "share" personal information as that term is defined under the CCPA (for example, through third-party analytics and advertising services). You have the right to opt out of such sharing.

We have NOT sold any Personal Data of our consumers and merchants in the twelve months prior to the effective date of this Privacy Policy. We do not and will not sell personal data of consumers under 16 years of age.

Do Not Sell or Share My Personal Information: A "Do Not Sell or Share My Personal Information" link is available in the footer of all ShelfPerks websites and applications. You may also exercise this right by contacting us at privacy@shelfperks.com.

VIII. RETENTION OF PERSONAL DATA

We retain Personal Data and other information according to the following schedule:

Active Accounts: For the duration of your account plus a reasonable period after termination (typically 6 months) to allow for account reactivation and to resolve disputes.

Transaction Records: 8 years (as required by applicable tax laws, IRS regulations, and financial record-keeping requirements).

Customer Data: Duration of merchant account plus 3 years after termination (or as required by applicable consumer protection laws).

User Activity Logs: 90 days for security and troubleshooting purposes.

Support Tickets: 2 years to maintain service quality and resolve recurring issues.

Backup Data: 6 months after account termination for disaster recovery purposes.

Marketing Communications: Until you unsubscribe or request deletion.

We may retain transactions, location, usage and other information to address any regulatory, tax, insurance or other statutory requirements in the places we operate. We may delete or anonymize any such data in accordance with applicable law after any retention period.

You may request deletion of your Personal Data and your account at any time by contacting us at privacy@shelfperks.com or privacy@2497inc.com. Please note that certain information may be retained as required by law or for legitimate business purposes.

IX. POLICY ON "DO NOT TRACK" SIGNALS

Global Privacy Control (GPC): As of 2026, we recognize and honor Global Privacy Control signals. When we detect a valid GPC signal from your browser, we will:

• Treat it as a request to opt out of the sale and sharing of your personal information
• Display confirmation that your opt-out request has been honored
• Apply your preference across our services

X. FOR EUROPEAN ECONOMIC AREA RESIDENTS

If you reside in countries in the European Union, European Economic Area (EEA), and Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR). 2497 Inc. and ShelfPerks aims to take reasonable steps to allow you to correct, amend and delete the use of your Personal Data.

Your GDPR Rights

Right of Access: Obtain confirmation of processing and a copy of your personal data.

Right to Rectification: Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (subject to legal exceptions).

Right to Restriction of Processing: Limit how we use your personal data in certain circumstances.

Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.

Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

Right to Lodge a Complaint: File a complaint with your local data protection authority.

Right Not to Be Subject to Automated Decision-Making: Right to not be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

International Data Transfers

Your data may be processed in countries outside the European Economic Area, including the United States. Such transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• Adequacy decisions from EU data protection authorities
• Your explicit consent where legally required

XI. CHILDREN'S PRIVACY

Our Sites, Our Apps and our Services are not directed to anyone under the age of 13 and we request that they not provide Personal Data to us. We do not knowingly collect personal information from children under 13 years of age.

Ages 13-15: You may use our Services only with the involvement of a parent or guardian if you are between 13 and 15 years of age.

Ages 16-17: You may use our Services with parental or guardian involvement if you are between 16 and 17 years of age.

Ages 18+: If you are 18 years of age or older, you may use our Services independently.

Personal Information of Minors Under 16 (California): Under California law, personal information of consumers under 16 years of age is considered "sensitive personal information." If we have actual knowledge that we collect, sell, or share personal information of minors under 16, we will not do so without affirmative authorization (from the minor if between 13-15, or from a parent/guardian if under 13).

In the event that we learn that we have gathered personal information from anyone under the age of 13 without parental consent, we will take steps to remove that information from our servers as quickly as possible.

Parental Rights: Parents or guardians may contact us at privacy@shelfperks.com. to:

• Review personal information collected from their child
• Request deletion of their child's personal information
• Refuse to permit further collection or use of their child's information

XII. REQUEST ACCESS TO OR DELETION OF PERSONAL INFORMATION

If you have an account with us as a merchant or a consumer, you can access your following information and update it under your profile settings:

• Name
• Address
• Email address
• Phone number
• Password to ShelfPerks account
• Your credit card or bank account information linked to your ShelfPerks accounts
• Business information and tax identifiers

• request access to your other personal information, which we may have, but you cannot access under your account profile settings
• request deletion of your personal information
• Request deletion of your personal information
• Request correction of inaccurate personal information
• Request restriction of processing of your personal information
• Request a copy of your personal information in a portable format
• Object to processing of your personal information
• Opt out of the sale or sharing of your personal information
• Limit the use of your sensitive personal information

• Matching information you provide with information we have on file
• Requiring you to log into your account
• Requesting government-issued identification in certain circumstances

• 45 days for most requests (with a possible 45-day extension if necessary, with notice to you)
• 30 days for data subject requests under GDPR
• 15 days for grievance complaints under certain jurisdictions

• Written permission from you authorizing the agent to act on your behalf
• Verification of your identity
• Verification of the agent's authority

• Deny you goods or services
• Charge you different prices or rates
• Provide you a different level or quality of goods or services
• Suggest that you will receive a different price or quality of goods or services

XIII. DATA SECURITY

Security Measures

We implement industry-standard technical and organizational measures to protect your data:

Encryption:

• AES-256 encryption for data at rest
• TLS 1.3 or higher for data in transit
• End-to-end encryption for sensitive communications

• Role-based access controls with principle of least privilege
• Multi-factor authentication for employee access to systems containing personal data
• Regular access reviews and immediate revocation upon termination

• 24/7 security monitoring and incident response
• Intrusion detection and prevention systems
• Regular vulnerability assessments and penetration testing

• Due diligence on third-party service providers
• Contractual requirements for equivalent data protection standards
• Regular audits of service provider security practices

• Annual data privacy and security training for all employees
• Specialized training for employees handling sensitive data
• Confidentiality agreements and data handling procedures

• Documented incident response procedures
• Data breach notification processes in compliance with applicable laws
• Regular testing of incident response capabilities

• While we take reasonable precautions to protect your data, no system can guarantee 100% security. In the event of a data breach affecting your personal information, we will:
  
• Notify you without undue delay (within 72 hours under GDPR, or as required by applicable law)
• Notify relevant supervisory authorities as required by law
• Provide information about the nature of the breach, the data affected, and steps being taken to address it
• Offer guidance on steps you can take to protect yourself

XIV. MOBILE APP SPECIFIC PRIVACY INFORMATION

iOS App (Apple App Store)

Privacy Nutrition Label: Our app listing in the Apple App Store includes a Privacy Nutrition Label that discloses the types of data our app collects and how it's used. This information is kept up to date with our current data practices.

Privacy Manifest: Our iOS app includes a privacy manifest file that declares the types of data collected and the required reasons for using certain APIs.

App Tracking Transparency: If our app engages in tracking as defined by Apple, we will request your permission through Apple's App Tracking Transparency framework before tracking your activity across other companies' apps and websites.

Privacy Policy Access: You can access this privacy policy from:

• Our App Store listing (in the app information section)
• Within the app settings menu
• Our website at https://shelfperks.com/privacy-policy

• Our Google Play Store listing
• Within the app settings menu
• Our website at https://shelfperks.com/privacy-policy

• Device information (model, OS version, device identifiers)
• App usage data (features used, crash reports, performance data)
• Location data (if you enable location services)
• Camera/photo library access (only when you use features that require it)
• Push notification tokens (if you enable notifications)

XV. CALIFORNIA-SPECIFIC PRIVACY RIGHTS

California Consumer Privacy Act (CCPA) Rights

California residents have specific rights under the CCPA, including:

Right to Know: You have the right to request disclosure of:

• Categories of personal information we collect
• Categories of sources from which personal information is collected
• Business or commercial purpose for collecting personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we've collected about you

XVI. OPT-OUTS AND COMMUNICATION PREFERENCES

Marketing Communications
You can opt out of receiving marketing communications from us by:

• Clicking the "unsubscribe" link in any marketing email
• Adjusting your communication preferences in your account settings
• Contacting us at privacy@shelfperks.com
• For SMS messages, replying "STOP" to any message

• Our cookie banner when you first visit our website
• Your browser settings
• Third-party opt-out tools such as http://optout.networkadvertising.org/

XVII. UPDATES TO THIS POLICY

We may update, amend our Privacy Policy from time to time. The "Last Updated" date at the top of this document indicates the most recent revision. Material changes will be communicated via:

• Email notice to the address in your account
• Prominent notice on our Sites
• In-app notifications
• Notice in your account dashboard

XVIII. INTERNATIONAL USERS

Data Transfers
ShelfPerks is based in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. However, we take steps to ensure that your personal information receives an adequate level of protection in all locations where we process it.

European Economic Area (EEA) For transfers of personal data from the EEA, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Your explicit consent for the transfer

XIX. ADDITIONAL DISCLOSURES

Automated Decision-Making
We may use automated decision-making and profiling for:

• Fraud detection and prevention
• Product recommendations
• Business analytics and reporting
• Risk assessment

• Be informed about the logic involved in automated decision-making
• Contest decisions made solely by automated means
• Request human review of automated decisions
• Express your point of view regarding automated decisions

• Email: privacy@2497inc.com
• Alternative Email: privacy@shelfperks.com

• Email: dpo@shelfperks.com

• Email: privacy@shelfperks.com
• Subject Line: "California Privacy Rights Request"

• Email: support@shelfperks.com
• Website: https://support.shelfperks.com

• 45 days for CCPA requests
• 30 days for GDPR requests
• 5 business days for general privacy inquiries