Privacy Policy

Clutteroo, Inc. ("Clutteroo," "we," "our," or "us") operates a mobile application and website (collectively, the "Platform") that enables users to buy, sell, and cross-list pre-owned goods using AI-powered tools. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use the Platform. By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

A. Information You Provide

• Account Registration: Name, email address, password (stored in encrypted form), and a selfie photograph used for profile verification.
• Profile Details: Display name, username, profile photo, bio, and location.
• Identity Verification: Government-issued identification documents submitted through our third-party identity verification provider (Stripe Identity). Clutteroo does not store raw identity documents on its own servers.
• Financial & Payment Data: Bank account or debit card information for seller payouts (processed and stored by Stripe Connect), and credit or debit card details for purchases (processed by Stripe Payments). Clutteroo does not directly access or store your full card numbers.
• Listing Content: Photographs of items, AI-generated and user-edited descriptions, pricing, condition details, brand, category, and related metadata.
• Communications: Messages exchanged with other users through in-app chat, customer support inquiries, contact form submissions, and any other correspondence you send to us.
• Shipping Information: Mailing addresses provided by buyers for order fulfillment, which are shared with sellers and our shipping label provider (EasyPost).
• Survey & Feedback Data: Responses to optional surveys, reviews, ratings, and feedback you choose to submit.

B. Information Collected Automatically

• Device & Browser Data: Device type, operating system, browser type, unique device identifiers, screen resolution, and language preferences.
• Usage Data: Pages viewed, features used, search queries, items browsed, time spent on the Platform, click patterns, and navigation paths.
• Network Information: IP address, internet service provider, and general geographic location inferred from your IP address.
• Push Notification Tokens: If you enable push notifications, we store a device-specific token to deliver notifications to your device.
• Crash & Performance Data: Application error logs and performance metrics used to diagnose and resolve technical issues.

C. Information from Third Parties

• Authentication Providers: If you register or sign in using a third-party service (e.g., Apple Sign In, Google), we receive your name and email address as permitted by that provider.
• Payment Processors: Stripe provides us with transaction confirmations, payout statuses, and limited account information necessary to facilitate payments.
• Connected Marketplaces: If you connect an external marketplace account (e.g., eBay) for cross-listing, we receive account identifiers and listing statuses necessary to synchronize your inventory.

2. How We Use Your Information

We process your information for the following purposes:

• Operate the Platform: Create and maintain your account, display your profile to other users, and enable buying and selling functionality.
• AI-Powered Features: Process photos and item data through artificial intelligence models to generate listing descriptions, pricing suggestions, condition assessments, and category recommendations. Images submitted for scanning may be processed by third-party AI providers.
• Process Transactions: Facilitate payments between buyers and sellers, generate shipping labels, issue refunds, and manage escrow holds.
• Verify Identity: Confirm your identity for seller access, payout eligibility, and compliance with applicable anti-money laundering requirements.
• Communicate with You: Send transactional emails (order confirmations, shipping updates, payout notifications), service announcements, security alerts, and customer support responses.
• Safety & Fraud Prevention: Detect, investigate, and prevent fraudulent transactions, unauthorized account access, policy violations, and other harmful or illegal activities.
• Improve the Platform: Analyze usage patterns, conduct research, test new features, and improve the overall user experience.
• Personalization: Recommend listings, sellers, and content that may be relevant to your interests based on your browsing and purchase history.
• Legal Compliance: Fulfill legal obligations, respond to lawful requests from public authorities, and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

A. With Other Users

Your public profile information (display name, username, profile photo, ratings, and listings) is visible to other Platform users. When a transaction is completed, your shipping address is shared with the seller to fulfill the order.

B. With Service Providers

We engage trusted third-party companies to perform services on our behalf, including:

• Stripe — Payment processing, seller payouts, and identity verification.
• Supabase — Authentication, database hosting, and file storage.
• EasyPost — Shipping label generation, rate comparison, and package tracking.
• Resend — Transactional email delivery.
• Expo — Push notification delivery to mobile devices.
• Vercel — Web application hosting and content delivery.

These providers are contractually obligated to use your information only to perform services for us and to maintain appropriate security measures.

C. With Connected Marketplaces

If you choose to cross-list items to external marketplaces (e.g., eBay), listing details such as title, description, photos, price, and condition are transmitted to those platforms via their APIs. Your use of those platforms is governed by their respective terms and privacy policies.

D. For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Clutteroo, our users, or the public.

E. Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4. Cookies & Tracking Technologies

We use cookies and similar technologies on the web version of the Platform for the following purposes:

• Essential Cookies: Required for authentication, session management, and security features (e.g., CSRF protection). These cannot be disabled.
• Analytics: We may use analytics tools to understand how users interact with the Platform, including page views, feature usage, and navigation patterns. Analytics data is aggregated and does not identify individual users.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent certain features from functioning properly. The Clutteroo mobile app does not use browser cookies but may collect similar usage data as described in Section 1(B).

5. Data Security

We implement commercially reasonable technical, administrative, and physical safeguards designed to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL and encryption of sensitive data at rest.
• Secure authentication through Supabase Auth with session tokens stored in device-level secure storage (iOS Keychain / Android Keystore).
• Row-level security policies on our database ensuring users can only access their own data.
• Content Security Policy (CSP) headers, CSRF protection, and additional HTTP security headers on our web application.
• Payment card data handled exclusively by PCI-DSS compliant processors (Stripe). We never receive, transmit, or store full card numbers.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide the Platform to you. When you delete your account, we anonymize your profile data and deactivate your listings. However, we retain certain records as follows:

• Transaction Records: Retained for 7 years to comply with tax, accounting, and financial reporting obligations.
• Communications: Chat messages related to completed transactions may be retained for dispute resolution purposes.
• Legal Holds: Information subject to a pending legal matter, investigation, or regulatory inquiry will be retained until the matter is resolved.
• Aggregated Data: De-identified, aggregated data that cannot reasonably be used to identify you may be retained indefinitely for analytics and product improvement purposes.

7. Your Rights & Choices

A. All Users

Regardless of your location, you may:

• Access & Update: View and edit your profile information, notification preferences, and connected accounts through the Platform's settings.
• Delete Your Account: Permanently delete your account through the settings page. This action anonymizes your profile and removes your active listings.
• Opt Out of Marketing: Unsubscribe from promotional emails using the link in any marketing message or by adjusting your notification settings. Service-related communications (e.g., order confirmations) are not optional.
• Manage Push Notifications: Enable or disable push notifications through your mobile device's system settings or the in-app notification preferences.

B. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of personal information we hold about you, subject to certain legal exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To submit a verifiable consumer request, email us at privacy@clutteroo.ai. We will respond within 45 days.

C. Other State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain processing activities. To exercise these rights, contact us at privacy@clutteroo.ai.

8. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a user under 18, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal information, please contact us at privacy@clutteroo.ai.

9. Third-Party Links & Services

The Platform may contain links to third-party websites, applications, or services that are not operated by Clutteroo. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform.

10. International Data Transfers

Clutteroo is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Platform, you consent to such transfers. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

11. Changes to This Policy

We may revise this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the address associated with your account) or through an in-app notification at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when this policy was last updated. Your continued use of the Platform after the effective date of any revised policy constitutes your acceptance of those changes.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, you may contact us at:

Clutteroo, Inc.
Email: privacy@clutteroo.ai
Website: clutteroo.ai/contact