Privacy Policy

GoFindStuff LLC (GoFindStuff) collects the minimum data required to operate the service: the email you submit (and, on the app at app.gofindstuff.com, the photos and inventory metadata you choose to upload). We do not sell your personal information, we do not share it with advertisers, and you can request export or deletion at any time by writing to privacy@gofindstuff.com.

The data controller for personal information collected through gofindstuff.com and the GoFindStuff app is GoFindStuff LLC, an Illinois limited liability company, with a mailing address at 1403 W Braymore Cir, Naperville, IL 60564, United States. Privacy questions go to privacy@gofindstuff.com.

• Early-access form (this site): the email address, ZIP code, and primary-storage selection you submit through the waitlist form on this marketing site.
• Account data (app): email address, password hash, household members you invite, and optional profile fields.
• Content you upload (app): photos and (on paid plans) videos of your boxes, plus any titles, notes, or prices you edit.
• AI-generated inventory (app): the structured item data our AI returns from your scans (item name, quantity, condition, estimated price).
• Marketplace activity (app): listings you publish, messages you exchange with buyers, and the in-product radius you select.
• Server logs: IP address, user-agent string, and request timestamps, retained for up to 30 days for security and rate-limiting purposes.

We do not knowingly collect special categories of personal data (health, biometrics, financial-account details, government IDs). Don't upload them.

• To operate the box-scanning, inventory, and marketplace features.
• To send transactional email — cohort invitations, account-security messages, listing replies.
• To respond to your support requests.
• To improve model accuracy on aggregated, de-identified data only. We do not train models on personally identifiable content without consent.
• To comply with legal obligations and enforce our Terms of Service.

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract — to provide the service you asked for (operating your account, processing scans, hosting listings).
• Legitimate interests — to keep the service secure, prevent abuse, and improve product quality. We weigh these interests against your rights and only rely on this basis where those interests are not overridden.
• Consent — for marketing email and any non-essential cookies (currently none — see our Cookie Policy). You can withdraw consent at any time.
• Legal obligation — to respond to lawful requests from public authorities.

We use the following sub-processors, each bound by data-processing terms:

• AWS (Amplify, S3) — site and app hosting; media storage. Data centers in the United States.
• Resend — transactional and waitlist email delivery. Data centers in the United States.
• Anthropic — vision and language inference on scans. Anthropic processes inputs to return inference results and does not train on customer data submitted via API.
• MongoDB Atlas — primary data store for inventory and account metadata.

We do not sell or rent your data. We do not share it with advertisers or data brokers. We may disclose information when required by law or to protect rights, property, or safety.

Our infrastructure is hosted in the United States. If you are located outside the US, your data will be transferred to and stored in the US. Where required, we rely on the European Commission's Standard Contractual Clauses (or the UK Addendum) with our sub-processors.

• Server logs: up to 30 days.
• Waitlist submissions: until you ask us to delete, or until launch + 12 months.
• Account data and uploads: while your account is active, then deleted within 30 days of account closure.
• Aggregated, de-identified analytics: retained indefinitely.
• Records we're required by law to keep (e.g., tax or dispute records): for the period required.

Wherever you live, you can ask us to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and the data tied to it.
• Export your inventory and uploads (data portability).
• Object to or restrict certain processing.
• Withdraw consent for any processing based on consent.

To exercise any of these, email privacy@gofindstuff.com. We aim to respond within 30 days. You can also use the in-app data export and account-deletion controls once the app is live.

If you are in the EEA or UK and we cannot resolve your concern, you have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you have the right to:

• Know the categories and specific pieces of personal information we have collected about you.
• Delete personal information we have collected, subject to certain exceptions.
• Correct inaccurate personal information.
• Opt out of the “sale” or “sharing” of personal information. GoFindStuff does not sell or share personal information for cross-context behavioral advertising.
• Limit use of sensitive personal information. We do not knowingly collect sensitive personal information.
• Be free from retaliation for exercising your rights.

Submit California privacy requests to privacy@gofindstuff.comwith subject line “California Privacy Request.”

GoFindStuff is intended for adults. You must be at least 18 years old to create an account, and at least 13 years old to interact with the service in any form. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information to us, email privacy@gofindstuff.com and we will delete it.

We use HTTPS in transit, encrypted storage at rest (AWS-managed encryption for S3, MongoDB Atlas-managed encryption for databases), access controls scoped to the people who need them, and standard web-application hardening. No system is perfectly secure, and we can't promise nothing will ever go wrong — but we do take this seriously. See our DMCA policy for content complaints and report security issues to legal@gofindstuff.com.

The marketing site currently does not set any analytics or advertising cookies. The app uses session cookies necessary for authentication. See our Cookie Policy for the full list and details on consent.

We may update this policy from time to time. If we make material changes, we'll update the “last updated” date at the top of the page and, where required, email registered users before the change takes effect.

GoFindStuff LLC
1403 W Braymore Cir
Naperville, IL 60564
United States
Privacy: privacy@gofindstuff.com
General: hello@gofindstuff.com