Last updated: February 27, 2026
We collect information you provide directly: your name, email address, password (stored hashed, never in plain text), and organization name. We also collect inventory data you enter (item names, descriptions, barcodes, photos, quantities) and usage data (login times, device fingerprints, IP addresses) to provide and secure the Service.
We use your data to: provide and maintain the Service; process transactions; send service-related communications (invites, password resets); improve the Service; and protect against fraud and abuse. We do not sell your personal data.
We share limited data with the following providers to deliver the Service:
OpenAI — When you add items via barcode scan, URL import, or receipt scanning, product names and descriptions are sent to OpenAI's API for data cleanup and categorization. Receipt images are processed for text extraction. We do not send your email, name, or account information to OpenAI.
Stripe — When you subscribe to a paid plan, Stripe processes your payment information. We never see or store your full card number. Stripe's privacy policy governs their handling of payment data.
Resend — We use Resend to deliver transactional emails (invitations, password resets). Your email address is shared with Resend for this purpose only.
UPCitemdb — Barcode numbers are sent to UPCitemdb's API to look up product information. No personal data is included in these requests.
DigitalOcean — The Service is hosted on DigitalOcean's infrastructure. Your data is stored in their managed database and application platform.
We use industry-standard measures to protect your data: encrypted connections (TLS), hashed passwords (bcrypt), encrypted sensitive fields (Fernet/AES), session token management with expiration and device limits, and role-based access controls within organizations.
We retain your data for as long as your account is active. When you delete your account or organization, we delete associated data from our database. Backup copies may persist for up to 30 days in our infrastructure provider's backup system. To request data deletion, use the delete function in your account settings or contact us.
We use a single session cookie to keep you logged in. It is HTTP-only, secure, and strictly same-site. We do not use advertising cookies or third-party tracking cookies.
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us.
Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal data; export your data; object to or restrict processing; and withdraw consent. To exercise these rights, contact us at the address below or use the relevant features in your account settings.
If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information (we do not sell your data). To make a request, contact us at the address below.
We may update this policy from time to time. We will notify you of material changes via email or through the Service.
Questions or requests? Contact us at [email protected].