Privacy Policy

Effective 2026-06-29. This describes what we collect, why, who we share it with, and what rights you have.

Plain-English summary.We collect what we need to run the app — your account, your inventory data, photos you upload, your follow graph, and standard server logs. We share data only with the third-party processors we need to operate (Supabase, Vercel, Anthropic for AI vision — branded as “Thrifter Vision” in the product, Resend for email). We do not sell personal information. We do not target advertising. We do not use third-party analytics or tracking pixels. California, Virginia, Colorado, Connecticut, Utah, Texas, and a growing number of other states give you specific rights — those are explained in Section 9.

1. Who We Are

ThrifterOS (operated by [OPERATOR ENTITY NAME]) is a software service for thrifters, flippers, and resellers. References to "we," "us," and "our" mean ThrifterOS.

Contact: [OPERATOR EMAIL]

2. Information We Collect

We collect:

  • Account information. Email address, password (stored as a salted hash by our authentication provider, never in plain text), display name, optional username, optional avatar image, optional bio, account creation timestamp, and whether your profile is set public or private.
  • Invite codes. The invite code you used to sign up (for attribution and to allow the inviter to see who joined via their link, when both parties have public profiles).
  • Inventory + listing data. Item names, brands, categories, photos, barcodes you scan, condition notes, descriptions, listings on third-party marketplaces, watchlist entries, prospects, transactions you record, storage locations you create, and — when you use per-unit tracking for collectibles like trading cards — individual physical-copy records (a unit number, optional condition notes, and a sold-or-not flag per copy). Cost basis, target sell prices, current values, and private notes you record are stored privately and are never shown on public surfaces of the Service.
  • Bulk-intake staging. When you use Bulk Intake to upload many photos at once, each photo is staged in a review queue alongside its AI-suggested item fields. Staged rows include the same fields above plus your inline edits. Staged rows that you publish become regular vault items; rows you discard are marked for removal and purged on a scheduled basis.
  • UI state.Preferences that change how the Service behaves for you — persona (storefront / online seller / casual collector), "always sell at asking price" preference, dismissal of the Getting Started checklist. No personally identifying information; just behavior flags.
  • Social graph. Who you follow and who follows you. Follows are visible to viewers only when both participants have public profiles.
  • Photos. Images you upload to your vault or submit for AI processing. Stored in our storage provider with access restricted by row-level security.
  • Notifications. Events generated for you — when someone follows or likes your work, and when one of your marketplace listings sells. Each row records the event kind, timestamp, and the related user ID (for social events) or item ID (for sale events).
  • Interest categories. Categories you select in the welcome picker or on the Interests settings page (used to personalize the Discover feed).
  • External marketplace credentials.If you connect a marketplace account (eBay, Etsy, Shopify), we store the OAuth access and refresh tokens needed to call that marketplace's API on your behalf. Tokens are encrypted at rest in our database using AES (via Postgres pgcrypto), with the encryption key held in a separate managed secret store. A database snapshot alone cannot reveal them. Access is also restricted to your account by row-level security.
  • Server logs. Standard logs from our hosting and database providers, including IP address, user agent, request paths, timestamps, and error traces. Retained for security, abuse prevention, and debugging.
  • Communications with us. Email or in-app messages you send to support.

We do NOT collect:

  • Precise geolocation (we have no GPS access; any "Where are you?" field you type is free-text you enter yourself, such as "Goodwill on 4th St").
  • Biometric identifiers (no facial recognition, fingerprints, or voice prints).
  • Health or medical information.
  • Tracking pixels, third-party analytics, advertising IDs, or cross-site behavioral data.
  • Financial account numbers (we do not process payments at this time).
  • Information about people who are not ThrifterOS users.

3. How We Use Information

  • To provide and operate the Service (display your inventory, render feeds, deliver notifications, sync listings).
  • To authenticate you and secure your account.
  • To process AI features when you invoke them (sending photos to our AI vendor).
  • To communicate with you about your account or the Service.
  • To prevent fraud, abuse, and security incidents.
  • To improve the Service (debug errors, analyze aggregate usage patterns we observe in our own logs — we do not use third-party analytics).
  • To comply with legal obligations.

We do not use your information for advertising, behavioral targeting, or profiling for purposes that produce legal or similarly significant effects concerning you. We do not sell personal information.

4. Service Providers (Who We Share Data With)

We share personal information only with the service providers we need to operate the Service. Each is bound by contract to use the data only to provide their service to us and to safeguard it appropriately.

  • Supabase, Inc. — managed PostgreSQL database, authentication, and file storage (United States, AWS infrastructure).
  • Vercel, Inc. — application hosting and content delivery (global CDN, primarily United States).
  • Anthropic, PBC— AI processing of photos you submit for the item-intake, bulk intake, shelf-sweep, and listing-description-generation features (which appear in the product under the “Thrifter Vision” brand name). Per Anthropic's API terms in effect on the Effective Date, submissions are not retained for model training.
  • Resend, Inc. — transactional email delivery (only when an email is sent, e.g., invite emails or future password reset emails).
  • GitHub, Inc. — code hosting (does not process user data).

We may also disclose information when required by law (subpoena, court order, lawful government request), to protect our rights or the rights of others, or in connection with a corporate transaction (merger, acquisition, sale of assets) where the recipient agrees to honor this Policy.

We do not sell personal information. We do not share personal information with advertisers, data brokers, or other third parties for their own marketing purposes.

5. AI Features and Photo Processing

When you use any of our AI features — single-item photo intake, bulk intake, shelf sweep, or AI-generated listing descriptions (collectively branded “Thrifter Vision” in the product) — the relevant input (photo, or the structured fields you've typed) is sent to Anthropic for processing. The input and the prompt are transmitted over an encrypted connection. Anthropic returns a structured response which we display to you and may store as suggested fields you can save.

AI-generated item identifications, price estimates, condition assessments, and listing descriptions come from the AI model's training-data knowledge — they are educated guesses, not real-time market data. You are responsible for verifying any AI-generated information before acting on it.

6. Cookies and Similar Technologies

We use only what we need to operate the Service. Specifically:

  • Authentication cookies set by our auth provider to keep you signed in. Strictly necessary; cannot be disabled while using the Service.
  • Functional state stored in your browser (e.g., your preferred view on a page) — local to your device, not transmitted to us.

We do not use advertising cookies, analytics cookies, or third-party tracking pixels.

7. Data Retention & Account Deletion

We retain personal information for as long as your account is active, plus:

  • Account deletion is staged with a 7-day grace period. When you request account deletion via Settings → Delete account, your profile is marked for deletion immediately and you are signed out. For 7 days you can restore your account by signing back in and tapping the restore banner. After 7 days, a scheduled job hard-deletes everything — vault items, photos, listings, transactions, OAuth credentials, profile, and your authentication record — within roughly 24 hours of the grace-period expiration. Backup-retention windows in our hosting infrastructure may keep snapshots for an additional 7–30 days; these are purged on their own schedules and not retrievable on demand.
  • Active marketplace listings are NOT taken down by account deletion. We are not a party to those listings; if you have live items on any third-party marketplace, you must end them on the marketplace itself before deleting your ThrifterOS account if you want them removed.
  • Server logs are retained for 30-90 days for security and debugging, after which they are rotated out.
  • Notifications are retained until your account is deleted (you can mark them read but we do not auto-delete the row).
  • Aggregate, de-identified data derived from your use of the Service may be retained indefinitely for product analytics. Aggregate means it cannot be re-associated with you or any individual.

8. Security

We protect personal information with reasonable technical and organizational measures:

  • Passwords stored only as salted hashes by our authentication provider.
  • Row-level security enforced at the database layer so each user can only read and modify their own data (except for content explicitly opted into public visibility).
  • Encrypted connections (HTTPS / TLS) for all client-server traffic.
  • Service-role keys and other administrative credentials stored as environment secrets, never exposed to client code.
  • Storage buckets (photos, avatars) are private by default. Public display of items uses short-lived signed URLs (typically 1 hour) so any URL that leaks expires quickly.
  • eBay marketplace webhook signature verification. Sale-event webhooks from eBay are verified using their ECDSA-P256 cryptographic signature before any transaction record is created — this prevents an attacker from forging fake sales against your account by sending crafted POST requests to our webhook endpoint.
  • Audit log records material account events (eBay connect/disconnect, account deletion scheduled/restored/completed, admin actions). Used for forensic investigation if you ever report something suspicious on your account.
  • Principle of least privilege for human access to production systems.

No security measure is perfect. If we discover a security incident affecting your personal information, we will notify you in accordance with applicable law.

9. Your Privacy Rights

Subject to your jurisdiction, you may have the following rights:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request that we correct inaccurate information.
  • Deletion. Request that we delete your personal information, subject to certain exceptions.
  • Portability. Request a copy of your information in a structured, commonly used, machine-readable format. You can also self-serve a CSV export from Settings → Export at any time; the export includes a signed metadata header (owner, generation timestamp, schema version) so it can serve as documentation of your inventory for insurance claims, estate planning, or any other recordkeeping need.
  • Opt-out of sale or sharing. We do not sell or share your personal information for cross-context behavioral advertising. You may still exercise an opt-out preference; we will record and honor it.
  • Opt-out of profiling. We do not engage in profiling that produces legal or similarly significant effects.
  • Non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise these rights, email [OPERATOR EMAIL] from the email address associated with your account. We will verify your identity (which may require additional information) and respond within the timeframe required by applicable law (generally 45 days, with one possible 45-day extension for complex requests).

If you disagree with our decision on a request, you may appeal by replying to our response. We will respond to the appeal within 60 days or the period required by applicable law.

10. State-Specific Disclosures (United States)

The following sections supplement Section 9 for residents of specific states. The rights below apply only to residents of the named state, and only to the extent required by that state's law.

California (CCPA / CPRA)

If you are a California resident, you have the rights summarized in Section 9, plus:

  • Right to limit use of sensitive personal information.We do not process "sensitive personal information" as defined by CPRA for any purpose beyond what is necessary to provide the Service.
  • Right to know categories of information collected. See Section 2 above for a complete enumeration.
  • Right to know categories of sources. Directly from you; from your device when you use the Service; from third-party APIs (e.g., eBay) when you connect them.
  • Categories of personal information disclosed for a business purpose: identifiers (account), commercial information (inventory + listing data), internet activity (server logs), visual information (photos), inferences (interest categories you select). Disclosed only to the service providers in Section 4.
  • Categories sold or shared: none. We do not sell or share personal information for cross-context behavioral advertising.
  • Retention periods. See Section 7.
  • "Shine the Light" (Cal. Civ. Code § 1798.83). We do not share personal information with third parties for their direct-marketing purposes.
  • Minors. We do not knowingly collect personal information from anyone under 18. We do not sell or share personal information of minors under 16 without affirmative authorization.
  • Authorized agents. You may designate an authorized agent to make requests on your behalf. We will require written authorization and may verify directly with you.
  • Global Privacy Control. We honor the Global Privacy Control (GPC) browser signal as an opt-out preference, even though we do not currently sell or share personal information.

Virginia (VCDPA)

If you are a Virginia resident, you have the rights in Section 9, plus:

  • Right to confirm whether we process your personal data.
  • Right to opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions producing legal or similarly significant effects (we do not engage in any of these).
  • Right to appeal our refusal to take action on a request, within a reasonable time after your receipt of our decision.

Colorado (CPA)

If you are a Colorado resident, you have the rights in Section 9, plus the same rights as Virginia residents. We honor Universal Opt-Out Mechanisms, including the Global Privacy Control browser signal.

Connecticut (CTDPA)

If you are a Connecticut resident, you have substantially the same rights as Virginia and Colorado residents. We honor Universal Opt-Out Mechanisms.

Utah (UCPA)

If you are a Utah resident, you have rights to access, deletion, portability, and to opt out of sale of personal data and targeted advertising (we do neither).

Texas (TDPSA)

If you are a Texas resident (effective July 2024), you have rights substantially similar to Virginia, including the right to opt out of sale, targeted advertising, and profiling for significant decisions.

Nevada (SB 220)

If you are a Nevada resident, you may opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law, but you may still submit a verifiable opt-out request to [OPERATOR EMAIL].

Illinois (BIPA)

We do not collect, use, or store biometric identifiers or biometric information as those terms are defined in the Illinois Biometric Information Privacy Act (740 ILCS 14/). No facial recognition, fingerprints, retina/iris scans, or voice prints.

Washington (My Health My Data Act)

We do not collect "consumer health data" as defined by the Washington My Health My Data Act. We do not infer or process information about health conditions, treatments, biometric markers of health, reproductive or sexual health, gender-affirming care, or related categories.

New York (SHIELD Act)

We maintain reasonable safeguards (administrative, technical, and physical) to protect the security, confidentiality, and integrity of personal information of New York residents, consistent with the New York SHIELD Act. See Section 8.

Other states with comprehensive privacy laws

Residents of Oregon, Montana, Iowa, Tennessee, Indiana, New Jersey, Delaware, New Hampshire, Minnesota, Maryland, Rhode Island, Kentucky, and Nebraska have rights substantially similar to those described for Virginia residents (depending on when each state's law takes effect). Submit requests to [OPERATOR EMAIL]and we will respond consistent with your state's requirements.

Maryland (MODPA, effective Oct 2025) imposes additional data minimization requirements, which we honor by collecting only what is necessary to provide the Service.

11. Children

The Service is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete the account and information. If you believe a minor has provided us with personal information, contact [OPERATOR EMAIL].

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States. By using the Service you consent to such transfer.

We do not currently target the Service to users in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States. Before public launch we will reassess and add appropriate cross-border transfer mechanisms if needed.

13. Third-Party Marketplaces and Links

The Service integrates with third-party marketplaces via their official APIs (currently eBay, Etsy, and Shopify) and may link out to other marketplaces where you separately maintain listings. Those platforms have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of third parties. The current list of supported integrations is available in Settings → Integrations.

14. Do Not Sell or Share My Personal Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. There is therefore no opt-out mechanism required for these activities — but to record a preference on file, email [OPERATOR EMAIL]with the subject "Do Not Sell or Share — opt out." We also honor the Global Privacy Control browser signal as an opt-out preference.

15. Changes to This Policy

We may update this Policy from time to time. The "Effective" date at the top will reflect the latest version. Material changes will be notified in-app or by email at least 14 days before they take effect.

16. Contact Us

For privacy questions, requests, or appeals, contact [OPERATOR EMAIL]. Please include your account email and a clear description of your request.

Effective 2026-06-29. We'll log substantive changes in our product changelog.