PrivacyPolicy

RefundHaul handles your data carefully. This page explains exactly what we collect, why, who we share it with (almost nobody), and what rights you have. Plain English. No dark patterns.

Effective May 4, 2026

The short version

TL;DR

We don't sell your data. Not to retailers, not to advertisers, not to data brokers, not to anyone. Ever.
Your receipts and items stay private. Used only to track your return windows and send your reminder emails.
Three companies process your data on our behalf: Supabase (database), Anthropic (parses receipt text), Resend (sends reminder emails). All under contract not to use your data for their own purposes.
You can delete everything. Account deletion removes your data from our systems within 30 days.
You have rights under CCPA and GDPR if those apply to you. Email hello@refundhaul.com to exercise them.

In this policy

Who we are
What we collect
How we use your data
Third-party processors
When we share data
Cookies & tracking
How long we keep data
Your rights
Account deletion
Security
Children's privacy
Policy changes
Contact us

01Who we are

RefundHaul is operated by RefundHaul, LLC, a Nebraska limited liability company. We're the "data controller" for purposes of GDPR and the "business" for purposes of CCPA. Our mailing address: 200 S 21st St, Ste 400a, Lincoln, NE 68510.

You can reach us at hello@refundhaul.com for any privacy-related question.

02What we collect

Account information

Email address. Used to log you in and send return-deadline reminders.
Password (hashed). Stored as a one-way hash by our auth provider, Supabase. We never see your plain-text password.
Display name (optional). Only if you set one in your profile.

Receipt and item data

Receipt photos. Stored only if you turn on cloud sync. Otherwise, photos stay on your device.
Parsed item data. Store name, item description, price, purchase date, return window, and your custom notes. Used to track your deadlines and send reminders.
Return outcomes. If you mark an item as "returned" or "kept," we store that record so the item leaves your active list.

Usage and technical data

IP address and device info. Collected automatically by our hosting provider (Netlify) for security and abuse prevention. Logs are retained for 30 days.
Reminder email send logs. We track when reminder emails were sent and whether they were successfully delivered, so we don't send duplicates and can troubleshoot delivery problems.

We do not collect: payment data (the app is free), location data, contacts, or any data unrelated to your purchase tracking.

03How we use your data

We use your data to:

Run the app. Authenticate you, store your tracked items, calculate deadlines.
Send the reminders you signed up for. Email alerts before your return windows expire.
Improve the app. Aggregate, anonymous metrics about feature usage. Never tied to identifiable users in our analytics.
Prevent abuse and fraud. Block bots, throttle excessive API calls, investigate security incidents.
Comply with legal obligations. Respond to valid legal process, enforce our Terms.

We don't use your data for behavioral advertising. We don't build profiles. We don't share your purchase history with retailers, advertisers, or anyone else for marketing.

04Third-party processors

We rely on a small set of vendors to operate the app. Each is bound by a data processing agreement that prohibits using your data for their own purposes.

Processor	Purpose	Data shared
Supabase	Account authentication, database, file storage	Email, hashed password, item records, optional receipt photos (only if cloud sync is on)
Anthropic	AI receipt parsing, extracts items, prices, and dates from receipt text/images	Receipt text and images at the moment of upload. Per Anthropic's commercial terms, your data is not retained for model training.
Resend	Sends reminder emails	Email address, item name, return deadline (just enough to render the email)
Netlify	Hosts the website and runs serverless functions	Standard request logs (IP, user agent, request path), retained 30 days for security

We don't use Google Analytics, Facebook Pixel, or any third-party advertising tracker on the app or this website.

06Cookies & tracking

We use a small number of cookies and similar technologies. We don't use any third-party advertising or cross-site tracking cookies.

Strictly necessary

Auth session cookies (Supabase). Keep you logged in. Required for the app to work.
localStorage tab persistence. Remembers which tab you had open last time. No personal data.

Optional

Currently none. If we add product analytics in the future, we'll update this policy and offer an opt-out.

07How long we keep data

Active account data: Kept while your account is active.
Archived items: Kept indefinitely so you can review past returns. You can delete individual archived items anytime from the Archive tab.
Receipt photos (if cloud sync on): Kept while your account is active. Deleted when you delete the receipt or your account.
Reminder email send logs: Retained 90 days for delivery troubleshooting, then automatically purged.
Server access logs: Retained 30 days by Netlify for security purposes.
After account deletion: Personal data fully removed within 30 days. Some anonymized aggregate metrics may persist.

08Your rights

Depending on where you live, you may have specific legal rights regarding your data. We honor these rights for all users regardless of location.

Rights you have

Access, request a copy of all data we hold about you.
Correction, fix inaccurate data.
Deletion, delete your account and all associated data.
Portability, receive your data in a machine-readable format.
Opt-out of "sale" or "share", under CCPA. We don't sell or share data, so this is automatic.
Withdraw consent, under GDPR, where we rely on your consent.
Lodge a complaint, with your local data protection authority.

To exercise any of these, email hello@refundhaul.com with "Privacy Request" in the subject. We respond within 30 days, usually faster.

We won't discriminate against you for exercising your rights, same service, same access, same features.

09Account deletion

You can delete your account anytime from the Profile menu in the app. Deletion does the following:

Removes your email and account record from our authentication system.
Deletes all your tracked items, archived items, and receipt photos.
Removes your name from reminder email send logs (records may persist as anonymized aggregates).
Cannot be undone. We don't have a "soft delete" or recovery period.

If you can't access the app to delete (locked out, etc.), email hello@refundhaul.com from the email address on the account and we'll process the deletion within 30 days.

10Security

We take reasonable measures to protect your data:

HTTPS encryption for all traffic between your device and our servers.
Database row-level security so users can only access their own data.
Hashed passwords (we never store plain text).
Regular security review of our codebase and dependencies.

No system is perfectly secure. If you believe your account was accessed without authorization, email us immediately.

11Children's privacy

RefundHaul is not directed to children under 13, and we do not knowingly collect data from children under 13. If you believe a child has created an account, email hello@refundhaul.com and we'll delete the account.

If you're between 13 and 18, please get a parent or guardian's permission before using RefundHaul.

12Policy changes

We may update this Privacy Policy occasionally. Material changes will be announced in the app and via email at least 30 days before they take effect. The effective date at the top of this page reflects the most recent revision.

Continued use of RefundHaul after changes take effect constitutes acceptance of the updated policy.

13Contact us

For privacy questions, data requests, or anything else covered in this policy:

Email: hello@refundhaul.com

Mail: RefundHaul, LLC
200 S 21st St, Ste 400a
Lincoln, NE 68510