WorthIt

Privacy Policy

Effective date: May 9, 2026

This Privacy Policy describes how Colby Schenck ("WorthIt," "we," "us," or "our") collects, uses, and shares information when you use the WorthIt mobile application ("App"). We take privacy seriously and we don't sell your personal information.

If you do not agree with this Policy, please do not use the App.

1. Information We Collect

1.1 Information You Provide

• Account information — email address, display name, and authentication tokens when you sign up or sign in with email/password, Google Sign-In, or Apple Sign-In.
• Scan content — the photos you capture, the items identified from those photos, the prices and listings returned, and any collections, notes, or watchlist entries you create.
• Support communications — messages you send to us at WorthIt.app@icloud.com.

1.2 Information Collected Automatically

• Device information — device model, operating system version, app version, language, and a device identifier (used for push notifications and anti-abuse).
• Usage data — screens viewed, features used, errors encountered, scan counts, and paywall interactions. We use this to improve the App.
• Approximate location — derived from your IP address at the country/region level. We do not collect precise GPS location.

1.3 What We Do Not Collect

• We do not collect precise location, contacts, microphone audio, or health data.
• We do not access photos outside those you explicitly capture or select inside the App.
• We do not track you across other apps or websites for advertising.

2. How We Use Information

We use the information we collect to:

• Identify items in your photos and retrieve price estimates
• Sync your scans, collections, watchlist, and alerts across your devices
• Send push notifications when items on your watchlist change price (if you enable alerts)
• Manage your subscription, process purchases, and restore prior purchases
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms
• Improve the App, fix bugs, and understand which features are used
• Comply with legal obligations

3. Third-Party Services

WorthIt uses the following processors to operate the App. Each receives only the data needed for its function:

Provider	Purpose	Data Shared
Google (Firebase Authentication)	Account sign-in	Email, auth tokens
Google (Firebase Firestore + Storage)	Cloud sync of your scans and images	Scan data, photos
Google Gemini	AI item identification	The photo you captured (not your identity)
Google Books API	Book metadata lookup by ISBN	The ISBN string only — no user data
Anthropic Claude	AI item identification (fallback)	The photo you captured (not your identity)
RevenueCat	Subscription management	Firebase user ID, subscription status
Apple App Store	Subscription billing	Payment handled by Apple — we never see your card
Google Sign-In / Apple Sign-In	OAuth sign-in	Email (if you consent); Apple may provide a relay email
SerpAPI / Scrapfly	Marketplace data fetching	The item name we search for — no user data
UPCitemdb	UPC barcode → product metadata lookup	The barcode string only — no user data
eBay, Amazon, Google Shopping, Mercari, Poshmark, OfferUp	Public listing data	No user data sent — we only fetch public listings
Expo Push Service	Price alert notifications	Device push token
PostHog	Anonymized product analytics	Pseudonymous events (no photos, no scan content)
Railway	Backend hosting	All API traffic

We do not sell your personal information to third parties, and we do not share it for third-party advertising or marketing.

4. Your Photos

Photos you capture in the App are:

1. Uploaded to our AI providers (Google Gemini, and Anthropic Claude as fallback) for item identification. Providers process the image to return a result and do not use your photos to train models beyond what is covered by their enterprise data policies.
2. Stored on Firebase Storage for cross-device sync. Only you (authenticated as your WorthIt account) can retrieve them.
3. Never published publicly by WorthIt.

You can delete any scan from Home → long-press → Delete, and this removes the associated image from both your device and our storage.

5. Cookies and Tracking

The App does not use cookies or third-party advertising trackers. Our analytics provider (PostHog) uses a pseudonymous device identifier; you can reset it by signing out or deleting and reinstalling the App.

6. Data Retention

• Active account data — kept as long as your account exists.
• Deleted scans — removed from our servers within 30 days.
• Deleted accounts — all personal data is deleted within 30 days of account deletion, except records we must retain for legal, tax, or fraud-prevention purposes.
• Billing records — retained by Apple per its own policy; we retain subscription status for as long as required by law.

7. Your Rights

Depending on where you live, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your data (WorthIt provides JSON export in Settings → Data → Export Data)
• Withdraw consent to processing, where consent is the legal basis
• Object to processing, and restrict processing in certain cases
• Lodge a complaint with your local data protection authority

You can exercise most of these rights directly from the App (Settings → Account). For other requests, email WorthIt.app@icloud.com. We respond within 30 days.

California (CCPA/CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

European Economic Area / United Kingdom (GDPR)

If you are in the EEA or UK, our legal basis for processing is:

• Contract — to provide the App's core features (item identification, scan history, subscriptions)
• Legitimate interests — to secure the App, prevent fraud, and improve the product
• Consent — where you opt in to push notifications
• Legal obligation — to comply with tax, accounting, and anti-abuse laws

The data controller is Colby Schenck (based in Washington State, USA). There is no EU representative; EU/UK residents may contact WorthIt.app@icloud.com directly.

8. Children's Privacy

WorthIt is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, email WorthIt.app@icloud.com and we will delete it.

9. Security

We use industry-standard security measures including TLS encryption in transit, Firebase Authentication with secure token handling, encrypted local storage for biometric credentials (via Apple Secure Enclave / Android Keystore), and least-privilege service accounts on our backend. No system is 100% secure, but we take reasonable precautions.

10. International Transfers

Our servers and third-party processors are primarily located in the United States. If you are outside the United States, your data will be transferred to, stored, and processed in the U.S. By using the App, you consent to this transfer.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes we will notify you in the App or by email. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Colby Schenck Email: WorthIt.app@icloud.com Support: WorthIt.app@icloud.com

---

© 2026 WorthIt. All rights reserved.
Snap it. Price it. Track it.