LOOT.WORKS

Privacy Policy

Last updated: May 23, 2026

This policy describes how loot.works (“we”, “us”) collects, uses, and protects information when you use the loot.works web application and related services.

1. Data we collect

We collect the minimum data needed to operate the service:

  • Account: email address, OAuth profile basics (name, avatar) when you sign in with Google.
  • Location: 5-digit US ZIP code you provide during onboarding and your selected search radius.
  • Activity: scans you perform, items you mark sold, watch-list keywords, and notification preferences.
  • Device: browser type, user agent, and the existence of a push-notification subscription.
  • Affiliate attribution: if you arrived via an affiliate link, a cookie storing the referrer ID for 30 days.

2. How we use it

  • To deliver scan results, deal feeds, and yard-sale routing tailored to your ZIP and radius.
  • To send the push notifications you opt into (deal alerts, watch-list matches, penny drops).
  • To process subscription payments and grant Pro feature access.
  • To aggregate anonymized sold-price data that improves pricing accuracy for all users (you contribute by marking items sold).
  • To respond to support requests and prevent fraud.

3. Third parties

We share the minimum data required to operate. Third-party processors:

  • Supabase — database + authentication. Stores account and profile rows.
  • Stripe — payment processing for subscriptions purchased directly. Card data never touches our servers.
  • Digistore24 — payment processing for subscriptions purchased through affiliate funnels. Subject to Digistore’s own privacy policy.
  • Anthropic — AI inference. Scan photos and item descriptions are sent to Anthropic’s API to generate verdicts; not used for training.
  • Vercel — hosting and edge runtime.
  • BigDataCloud — reverse-geocoding when you tap “use my location” during onboarding.

4. Cookies

  • Authentication cookies (set by Supabase) keep you signed in. Required.
  • loot_aff_source / loot_aff_id / loot_aff_campaign — 30-day attribution cookies set when you arrive via an affiliate or referral link. Used to credit the referring affiliate at checkout. Not used for advertising tracking.
  • We do not use third-party advertising or analytics cookies.

5. Your rights

You can export your scan history as CSV from the Account page. You can delete your account by emailing the contact address below; account deletion removes profile, scans, watch-list, and notification data within 30 days. Aggregate sold-price contributions are retained in anonymized form.

6. Data security

Data is encrypted in transit (HTTPS) and at rest by our hosting and database providers. We restrict employee access on a need-to-know basis. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

7. Children

loot.works is not directed to children under 13. We do not knowingly collect data from children under 13.

8. Changes

We may update this policy. Material changes will be announced in-app or by email at least 14 days before taking effect.

9. Contact

Questions or requests: lootworks.goflip@gmail.com.
Operated by TruConnect, 1020 Ezekiel Way, Locust Grove, GA 30248, USA.

Privacy·Terms·© 2026 loot.works
LOOT
scan. price. flip.