WorthGenius collects only the data needed to identify items, produce valuations, persist your inventory, and bill your subscription. We send the photos, barcodes, and notes you create to AI providers (Anthropic, OpenAI, Google AI Studio, optionally Alibaba Cloud DashScope) and to Google Cloud Vision so we can identify items and explain their value. We do not sell your personal information.
WorthGenius is operated by Binary Data Technology LLC ("WorthGenius", "we", "us"). For privacy inquiries email privacy@worthgenius.com. For security incidents, security@worthgenius.com. For copyright takedown notices, dmca@worthgenius.com.
Account data: email address, optional display name, account creation timestamp, last login timestamp, plan tier, subscription status, and the Stripe customer/subscription identifier when you subscribe.
Content you submit: photos of items, barcodes, descriptions, notes, asking prices, condition selections, sourcing-session locations, receipts you upload or forward to your WorthGenius alias, and any extra information you attach to an appraisal request.
AI-generated artifacts: identification results, valuation estimates, listing copy, and PDF reports we produce on your behalf.
Telemetry: app version, device model, operating-system version, locale, screen resolution, anonymous installation identifier, crash reports, and usage events such as "scan completed" or "report generated". We use Sentry for crash and error reporting and PostHog for product analytics. PostHog identifies you by your WorthGenius user ID and email so we can debug account-specific issues.
Payment data: Stripe handles credit-card / PayPal / Google Pay / Apple Pay information directly. WorthGenius never sees or stores your full payment-method details — only the Stripe-issued customer and subscription identifiers.
To provide the Service: identify items, return valuations, store your inventory, generate listings and reports, fulfill paid appraisals, and send transactional emails such as receipts and password resets.
To secure the Service: detect and respond to abuse, fraud, and security incidents, including rate-limiting, anomaly detection, and reviewing logs.
To improve the Service: aggregated and de-identified analytics, A/B tests, and model evaluation. We do not train third-party AI models on your content (see "AI processing" below).
To communicate with you: respond to support requests, send service-status notices, and (with your separate opt-in) marketing emails.
To meet legal obligations: comply with subpoenas, court orders, and applicable laws.
When you scan an item or upload a receipt we send the relevant content (photos, OCR text, item description, condition, accessories) to our multi-provider AI router. The router currently uses Google AI Studio (Gemini) as the default; Anthropic, OpenAI, OpenRouter, and Alibaba Cloud DashScope (Qwen) are configured as fallbacks. Photos for visual identification are also sent to Google Cloud Vision.
Each provider operates under its own enterprise data-processing terms. We have configured the router to use API endpoints that, per each providers public commitments, do NOT use your inputs to train their foundation models. You can review each providers data-handling terms via their websites: anthropic.com, openai.com, ai.google.dev, openrouter.ai, alibabacloud.com.
You may request that we delete the content associated with a specific scan, valuation, or report at any time by emailing privacy@worthgenius.com — see "Your rights" below.
We share information only with the third-party processors needed to operate the Service. Each processor is contractually limited to acting on our instructions:
- Google Cloud (hosting, Firebase Auth, Firestore, Cloud Storage, Cloud Vision, Cloud Run): all account data, content, and operational logs.
- Anthropic, OpenAI, Google AI Studio, OpenRouter, Alibaba Cloud DashScope: prompts derived from your scans, identifications, valuations, listings, and receipts, as needed.
- Stripe: payment-related data when you subscribe or pay for an appraisal.
- Mailgun: inbound emails forwarded to your WorthGenius receipt-import alias.
- Resend: transactional emails we send to you.
- Sentry: crash logs and error context.
- PostHog: product-analytics events tagged with your WorthGenius user ID and email.
- eBay, PriceCharting, Veryfi/Mindee (when enabled), Keepa (optional): used to look up marketplace comps or parse receipts. We send only the item descriptors needed for the lookup, not your account data.
We will share your information when required by law (for example, in response to a subpoena), to enforce our Terms, to investigate abuse or fraud, or to protect the rights, property, or safety of WorthGenius, our users, or the public.
In the event of a merger, acquisition, financing, or sale of assets, your information may be transferred to the successor entity, subject to the same protections.
WE DO NOT SELL YOUR PERSONAL INFORMATION as that term is defined under the California Consumer Privacy Act, and we do not "share" your personal information for cross-context behavioral advertising.
Account data, inventory, valuations, receipts, and reports are retained for as long as your account is active. If you delete an item, photo, receipt, or report from the app, it is removed from our active systems within thirty (30) days; backups expire on a rolling ninety (90) day cycle.
When you delete your account, we delete or de-identify your data within sixty (60) days, except where retention is required to comply with law (e.g. tax records of paid subscriptions, retained for the period required by U.S. tax law).
Caches of AI provider responses for non-personal lookups (eBay results, barcode → product mappings) are stored for up to twenty-four (24) hours.
We protect your account with TLS 1.2+ in transit and Google-managed encryption at rest. Authentication tokens on your device are stored in your operating system's secure storage (iOS Keychain / Android Keystore) where available. Backend services require Firebase ID-token verification, run with least-privilege service accounts, and use Google Secret Manager for sensitive credentials. Despite our controls, no system is perfectly secure — please report suspected vulnerabilities to security@worthgenius.com.
Access, correction, and portability: email privacy@worthgenius.com and we will verify your identity and provide a copy of your data within thirty (30) days, or within forty-five (45) days where extended by applicable law.
Deletion: you can delete individual items, photos, receipts, and reports from the app. To delete your entire account, email privacy@worthgenius.com or use the in-app account deletion option (Settings → Account). We will complete deletion within sixty (60) days.
European Economic Area / United Kingdom users: under the GDPR/UK GDPR you also have the right to object to processing, restrict processing, withdraw consent (where processing is based on consent), and lodge a complaint with your local supervisory authority.
California users (CCPA/CPRA): you have the right to know what personal information we collect, the right to delete, the right to correct, and the right to non-discrimination. You can also opt out of "sharing" — although we do not "sell" or "share" your personal information for cross-context behavioral advertising as defined by the CCPA.
Nevada users: under NRS 603A.340 you have the right to opt out of the sale of personal information. As noted above, we do not sell personal information.
WorthGenius is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact privacy@worthgenius.com and we will delete it promptly.
WorthGenius is operated from the United States and stores data in Google Cloud regions in the United States by default. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. We rely on the Standard Contractual Clauses adopted by the European Commission (and equivalent UK addenda) when transferring personal data of EEA / UK residents.
The mobile app does not use browser cookies. The mobile app uses local secure storage (iOS Keychain / Android Keystore) to remember your sign-in. Future web properties at worthgenius.com may use first-party cookies for authentication and analytics; their use will be disclosed in a separate cookie banner where required by applicable law.
We will post material changes to this Privacy Policy in-app and update the "Last updated" date above. Where required, we will obtain your renewed consent.
Email: privacy@worthgenius.com. Postal mail: Binary Data Technology LLC, attn: Privacy, [postal address to be added before launch].