Security & privacy

You’re trusting us with photos of your valuables and the inside of your home. We treat that accordingly — here’s exactly how.

GPS & metadata stripped on upload

Photos of a home routinely embed the exact coordinates they were taken at. Every image is re-encoded on your device to remove EXIF — including GPS — before it ever leaves it.

Private storage, signed links only

Your photos and documents live in a private bucket. They're never publicly addressable; the app issues short-lived signed URLs only after checking you're allowed to see them.

Row-level security on everything

Default-deny database access scoped to your homes. A test suite verifies that one account cannot read or write another account's data.

We don't train AI on your stuff

Photo analysis runs on an API tier with no training and minimal retention. We send a downscaled image — never your name or address — and we never sell your data.

Strong auth

Email verification, rate-limited logins, optional two-factor authentication, and a sessions view so you can sign out other devices.

Activity log

Every create, edit, delete, and export is recorded. You can see your own account activity at any time.

Your data, your call

Export everything you've stored — records and original images — in one click. Delete your account and all associated data in one click.

On the roadmap

Optional face-blurring on photos, region-pinned storage, a public bug-bounty, and SOC 2 once we serve business customers.

Questions about how your data is handled? Email [email protected].