Legal · Last updated May 2026

Privacy Policy

This Privacy Policy is provided for transparency about how Shelfdrive handles your information. It is a general description of our practices and is not legal advice.

This Privacy Policy explains how Green Mountain Ventures LLC ("Green Mountain Ventures," "we," "us," or "our") collects, uses, stores, and protects information in connection with Shelfdrive, the web application available at shelfdrive.com (the "Service"). By creating an account or using the Service, you agree to the practices described in this Policy.

1. Who we are

Shelfdrive is operated by Green Mountain Ventures LLC, a limited liability company organized in the United States. Shelfdrive is a wiki and knowledge-base interface for Google Drive: it adds folder-tree navigation, search, and document access on top of the Google Drive you already have. It does not replace Google Drive, and your documents continue to live in Google Drive at all times.

This Policy applies to the Shelfdrive website and application. It does not apply to Google Drive, Google Workspace, or any other third-party service, each of which is governed by its own privacy policy.

2. Information we collect

We collect only the information needed to provide the Service:

  • Account information. When you sign in with Google, we receive and store your Google account's unique identifier, your email address, your name, and your profile-picture URL.
  • Google authorization token. We store a Google OAuth refresh token so the Service can access the Google Drive API on your behalf. This token is encrypted at rest and is never exposed to your browser or to other users.
  • Workspace data. Information you create when configuring a workspace: its name, URL slug, display and appearance settings, which Google Drive or folder is connected as the workspace root, visibility and read-only settings, and your plan tier.
  • Team data. When you invite someone to a workspace, we store their email address, their role and membership status, and an invitation token.
  • Custom domains. If you connect a custom domain to a workspace, we store the domain name and its DNS verification status.
  • Billing data. If you subscribe to a paid plan, we store a Stripe customer identifier and subscription identifier. Payment card details are collected and processed entirely by Stripe; we never receive or store your full card number.
  • Technical and log data. Our hosting providers generate standard server logs, which may include your IP address, browser type, and request timestamps, used for security, debugging, and abuse prevention.

3. Information we do not collect or store

Shelfdrive is built so that your documents stay in Google Drive. In particular:

  • We do not store your documents. Shelfdrive never copies your Google Drive files, Docs, Sheets, or Slides into a database of its own, and never writes their contents to disk. Documents open directly from Google in your browser.
  • Drive structure is read live. File and folder names and structure are read on demand from the Google Drive API to render your navigation tree. This data may be held only briefly in a short-lived, in-memory cache on our servers to keep the interface responsive; it is cleared automatically and is never written to a database.
  • Search previews are short-lived. To make search results readable, Shelfdrive may generate a brief plain-text excerpt of a document (a few hundred characters) and hold it in a short-lived, in-memory cache on our servers for a few minutes. These excerpts are never written to disk or to a database, and are cleared automatically.
  • We do not store passwords. Sign-in is exclusively through Google OAuth. Shelfdrive never creates, sees, or stores a password.
  • We do not store payment card numbers. Card data is handled solely by Stripe.

4. How we use information

We use the information we collect to provide, operate, and maintain the Service; to authenticate you and connect to your Google Drive; to render your workspace, navigation tree, and search results; to send transactional email such as workspace invitations and account notices; to process subscription billing; to provide support; to monitor, secure, and improve the Service; and to comply with legal obligations. We do not use your information for advertising, and we do not sell it.

5. Google user data and Limited Use

To provide the Service, Shelfdrive requests access to your Google Drive — to read your folder structure and to open and edit documents — and to basic profile information, namely your email address, name, and profile picture. You grant this access through Google's standard OAuth consent screen, and you may revoke it at any time from your Google account settings.

Shelfdrive's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve user-facing features of the Service; we do not transfer it except as necessary to provide those features, to comply with applicable law, or as part of a merger or acquisition; and we do not use it for advertising or sell it. Humans do not read your Google user data except with your explicit consent for support, where required for security or to comply with law, or in aggregated and anonymized form.

6. How we share information

We do not sell your personal information. We share information only with the service providers ("sub-processors") necessary to run the Service:

  • Google LLC — Google OAuth authentication and the Google Drive API.
  • Supabase — managed database hosting for account, workspace, membership, and domain records.
  • Vercel — application hosting and content delivery.
  • Stripe — payment processing and subscription billing.
  • Resend — delivery of transactional email.
  • Sentry — application error and performance monitoring. Stack traces may include limited identifiers such as your user id, IP address, and the request path that produced the error.
  • Plain — in-product customer-support chat. When you open a chat, your email and name are shared so support staff can identify you and view your conversation history; the contents of your chat messages are processed by Plain to deliver them to us.
  • Slack — internal operational alerts (new sign-ups, workspace activations, subscription events). We never send the contents of your documents; the alerts contain your name, email, plan, and similar account-level information so we can monitor the health of the Service.
  • Upstash — short-lived rate-limit counters keyed to your account, used to protect the Service from abuse. Used only when configured.

Each sub-processor is permitted to handle data only as needed to provide its service to us. We may also disclose information where we believe in good faith it is required by law, subpoena, or other legal process, or necessary to protect the rights, property, or safety of Green Mountain Ventures LLC, our users, or the public. If Green Mountain Ventures LLC is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, and it will remain subject to the commitments in this Policy.

7. Data retention

We retain account, workspace, team, domain, and billing records for as long as your account is active. If you delete your account or ask us to delete your data, we will delete or de-identify it within a reasonable period, except where we are required to retain certain records to comply with legal, tax, accounting, or security obligations. Routine encrypted backups may persist for a limited time before being overwritten in the ordinary course. Because document contents are never stored by Shelfdrive, closing your account has no effect on the documents in your Google Drive.

8. Data security

We take reasonable and appropriate technical and organizational measures to protect your information. Google OAuth tokens are encrypted at rest. Database access is restricted and protected with row-level security. All traffic between you and the Service is encrypted in transit using HTTPS/TLS. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your Google account secure, because access to your Google account is, in effect, access to Shelfdrive.

9. Your rights and choices

You can review and update your account information from within the Service, and you can revoke Shelfdrive's access to your Google Drive at any time through your Google account's security settings. You may request access to, correction of, or deletion of your personal information by contacting us at privacy@shelfdrive.com.

If you are in the European Economic Area or the United Kingdom, you have rights under the GDPR, including the rights to access, rectify, erase, restrict, and port your data and to object to certain processing. If you are a California resident, you have rights under the CCPA/CPRA, including the rights to know, delete, and correct your personal information, and the right not to receive discriminatory treatment for exercising them. We do not sell or "share" personal information as those terms are defined under California law. To exercise any of these rights, contact privacy@shelfdrive.com; we will verify your request and respond as required by applicable law.

10. Cookies and similar technologies

Shelfdrive uses a small number of strictly necessary cookies to keep you signed in and to operate the Service securely. We also set a first-party attribution cookie (named sd_attr) on the marketing site that records the UTM parameters, referrer, and landing page of your first visit so we can understand which marketing channel led to a sign-up. The cookie expires after 90 days, is set only on shelfdrive.com, and is never shared with third parties or used for advertising. You can clear it at any time from your browser. We do not use advertising cookies and do not use third-party tracking for advertising purposes. Disabling essential cookies will prevent the Service from functioning.

11. International data transfers

Shelfdrive is operated from the United States, and our sub-processors may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your jurisdiction.

12. Children's privacy

Shelfdrive is a business productivity tool intended for adults. The Service is not directed to children, and you must be at least 18 years old to use it. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after a change takes effect constitutes acceptance of the updated Policy.

14. Contact us

For questions about this Privacy Policy or your data, contact us at privacy@shelfdrive.com. For the terms that govern your use of the Service, see our Terms of Service, or return to the Shelfdrive home page. Green Mountain Ventures LLC, Colorado, United States.