The short version
- You can use the directory at
/estate-sale-companieswithout giving us anything. - If you upload a photo for valuation, we send it to Anthropic's Claude AIto identify the item and estimate its value. We never use your photos to train AI models, ours or anyone else's.
- If you give us your email, we use it to send you back to your list and (if you ask) to match you with a local estate sale company. We do not sell it. We do not bundle it into a newsletter you didn't sign up for.
- You can delete your account and your data any time by emailing privacy@reclaimlist.com. We respond within 30 days.
Who we are
“Reclaim” in this policy means the Reclaim service available at reclaimlist.com and the Reclaim iOS app. We are the data controller for personal data you share with us through either surface.
Questions, requests, or complaints: privacy@reclaimlist.com.
What we collect and why
Photos you upload
When you photograph an item for valuation - through the web tool at /startor the Reclaim iOS app - we collect the image bytes and store them in Supabase Storage. We send the image to Anthropic's Claude AI to identify the item and estimate a resale value range. We retain the photo so you can revisit the valuation later.
Why: identifying and valuing items is the core function of the tool. There is no version of this product without the photo.
Your email address
We collect your email when you save a valuation, sign in, or request to be matched with a local estate sale company. We use it to send you the one-tap sign-in link, recover your account, and (only if you specifically request a match) share it with the local pro we're connecting you with.
We do not send marketing emails. If we ever do, we will ask first, separately, and the opt-in will not be bundled with anything else.
Device and usage data
The web app logs basic technical information (IP address, browser type, pages viewed) for security and to understand which features get used. The iOS app records crashes and performance data through Apple's standard channels. We use PostHog for product analytics; PostHog only creates a person profile after you sign in, so anonymous visitors are never personally tracked.
Provider directory data
For estate sale companies listed in our directory, we collect publicly available business information (name, website, phone, service area, reviews). If you claim a provider listing, we also collect your name and the email address you verified ownership with.
How AI fits in
Reclaim's valuation feature uses Anthropic's Claude AI. When you upload a photo:
- The photo is sent to Anthropic's API over an encrypted connection.
- Claude reads the photo, identifies the item, and returns a value range with its reasoning.
- Anthropic retains API logs for up to 7 days for abuse detection and then deletes them. Under Anthropic's commercial terms, they do not use our API data to train their models.
- We store the photo and the valuation in our own database so you can revisit them. You can delete either by emailing us.
The value range is a good-faith estimate based on what Claude can see and the comparable sales it knows about. It is not an appraisal. For high-value items or anything where the difference matters, get a second opinion from a local specialist.
You can read Anthropic's policies at trust.anthropic.com.
Who else handles your data
We use a small number of service providers (“sub-processors”) to actually run the product. Each one only sees what it needs to do its job.
| Provider | Purpose | What it sees |
|---|---|---|
| Anthropic | AI item identification + valuation | Photos you upload, kept 7 days max on their side |
| Supabase | Database, file storage, authentication | Photos, valuations, email, account records |
| Vercel | Hosting and serverless functions | Web requests in transit; nothing persisted |
| PostHog | Product analytics (signed-in users only) | Page views, feature usage, signed-in user ID |
| Apple | iOS app distribution + crash reports | Device diagnostics if you opt in to share with developers |
| Firecrawl | Scraping public directory data only | No user data; reads public provider websites |
| Sanity | Editorial CMS for guide content | No user data |
We do not sell your data. We do not share it with advertising networks. We do not use it for cross-context behavioral advertising.
How long we keep things
- Account records: until you delete your account, then 30 days for backup cleanup.
- Photos and valuations: while your account is active. Deleted with the account, or earlier on request.
- Lead matches with providers: 24 months for support and dispute resolution.
- Anthropic API logs: 7 days on Anthropic's side, then deleted by them.
- Server access logs: 30 days.
- Anonymous analytics: aggregated and retained indefinitely.
Your rights
You have the right to access, correct, delete, or export your personal data. You can ask us to stop processing it. You can object to specific uses. You can complain to your local data protection authority if you think we got it wrong.
Email privacy@reclaimlist.com from the address on file and tell us what you want. We respond within 30 days. We may need to verify your identity for destructive requests (delete, export) - usually that just means clicking a link in a confirmation email.
California (CCPA / CPRA)
California residents have the additional right to know the specific pieces of personal information we have collected and to opt out of any “sale” or “sharing” of that data. We do not sell or share personal information as those terms are defined under California law. There is nothing to opt out of, but the email above always works if you have questions. We do not use sensitive personal information for inferring characteristics.
EEA, UK, and Switzerland (GDPR / UK GDPR)
Our legal bases for processing are: (1) performance of a contract (running the service you signed up for), (2) legitimate interests (security, fraud prevention, basic product analytics), and (3) consent (any marketing communications we send, which we do not currently send). You have the right to access, rectify, erase, restrict, port, and object to processing of your data. Contact the email above to exercise any of these.
Security
Data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted by Supabase using AES-256. Access to production systems is limited and logged. We use multi-factor authentication on every account that can touch user data. We patch security issues promptly. We are not perfect; no system is. If you discover a vulnerability, please email security@reclaimlist.com.
Children
Reclaim is for adults. We do not knowingly collect personal data from anyone under 16. If we learn we have, we delete it. If you're a parent or guardian and want us to check, email privacy@reclaimlist.com.
International transfers
Reclaim is operated from the United States. Our sub-processors (Anthropic, Supabase, Vercel, PostHog) are also primarily based in the United States. If you use the service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland.
Changes to this policy
When we make material changes, we update the effective date at the top and email anyone with an active account at least 14 days before the changes take effect. The history of past versions is available on request.
Contact
Privacy questions and requests: privacy@reclaimlist.com
Security disclosures: security@reclaimlist.com
Everything else: hello@reclaimlist.com