How does the free trial work?

The Premium plan includes a 7-day free trial with full access to all Premium features. A credit card is required but only charged after the trial ends — cancel anytime before that.

Can I import my existing inventory data?

CSV and Excel import is on our roadmap — not available yet. For now, you can add items manually or use the eBay product lookup to pull in product data automatically by barcode or keyword.

Can I cancel anytime?

Yes, you can cancel your subscription at any time. There are no long-term contracts or cancellation fees.

What API integrations are available?

Premium and Business plans currently include eBay product lookup — search for items by barcode or keyword and import product data directly into your inventory. More integrations are planned for the future.

Privacy Policy

Last updated: June 2026

This privacy policy explains how ShelfBase collects, uses, and protects your personal data when you use our website or services.

Data Controller

The controller responsible under GDPR is: Kimmel & Lingmann GbR, Lambertstraße 36, 36251 Bad Hersfeld, Germany. Email: contact@shelfbase.de

Data We Collect

When you use ShelfBase, we may collect: (a) Account data — email address, name, and password when you register; (b) Usage data — pages visited, features used, browser type, and IP address; (c) Inventory data — product information you enter into the platform; (d) Communication data — messages you send to our support team.

Purpose and Legal Basis

We process your data to provide and improve the ShelfBase service (Art. 6(1)(b) GDPR — performance of a contract); to send service-related notifications (Art. 6(1)(b) GDPR); to comply with legal obligations (Art. 6(1)(c) GDPR); and to improve our platform through usage analytics (Art. 6(1)(f) GDPR — legitimate interest).

Data Sharing

We do not sell your personal data. We share data with the following service providers: (a) Supabase Inc. – authentication and database hosting (data processor); (b) Amazon Web Services (AWS) – hosting and CDN via AWS Amplify (data processor); (c) Paddle.com – payment processing. Paddle operates as Merchant of Record and is an independent data controller for payment data. For payment data, Paddle's privacy policy applies (paddle.com/legal/privacy). All processors are bound by Data Processing Agreements (DPAs).

International Transfers

Supabase Inc. is a US-incorporated company that processes data on servers in Frankfurt, Germany (AWS region eu-central-1). For data transfers to the USA, we rely on Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR. A Data Processing Agreement with Supabase is in place. AWS processes hosting data also in the eu-central-1 region (Frankfurt); an AWS DPA is in place.

Data Retention

Account data is retained for as long as your account is active. After account deletion, personal data is removed within 30 days unless retention is required by law. Usage logs are typically retained for 90 days.

Your Rights

Under the GDPR, you have the right to access (Art. 15), correct (Art. 16), delete (Art. 17), restrict (Art. 18), and port (Art. 20) your data, as well as to object to processing based on legitimate interests (Art. 21). To exercise these rights, please use our contact form.

Cookies

ShelfBase uses only technically necessary cookies (e.g. session management, authentication tokens), which do not require consent. If we introduce optional analytics cookies in the future, we will obtain your explicit consent beforehand. You can manage cookie preferences at any time through your browser settings.

Contact & Complaints

For privacy-related inquiries, contact us at shelfbase.de/contact. If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local supervisory authority (in Germany: the relevant Landesbeauftragter für den Datenschutz).

Data Processors

We use the following data processors: • Supabase Inc., 970 Toa Payoh North, Singapore – database hosting and authentication; server location: Frankfurt (AWS eu-central-1); DPA under GDPR concluded; third-country transfers based on SCCs. • Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg – hosting and CDN (AWS Amplify); server location: Frankfurt (eu-central-1); AWS DPA concluded. • Paddle.com Market Limited, Judd House, 18-29 Mora Street, London – payment processing as Merchant of Record; acts as independent data controller for buyer data; Paddle Data Processing Addendum and Data Sharing Addendum are in place.