Privacy policy
Effective Date: January 16, 2026 · Last Updated: February 19, 2026
1. Introduction
Welcome to Remnant Finder. We respect your privacy and are committed to protecting your personal data. This Privacy policy explains how Remnant Finder LLC ("Remnant Finder", "we", "us", or "our") collects, uses, shares, and protects information when you use our mobile application, web application, and related services (collectively, the "Service").
1.1 Who We Are
Remnant Finder LLC
Boston, MA 02664, United
States
- Data Protection Officer (DPO): privacy@remnantfinderapp.com
- General Inquiries: support@remnantfinderapp.com
1.2 Scope of This Policy
This Privacy policy applies to:
- Remnant Finder mobile apps (iOS and Android)
- Remnant Finder web application
- White-label client portals (for your customers)
- API services and integrations
- Marketing websites and communications
1.3 Compliance
We comply with:
- GDPR (EU General Data Protection Regulation)
- LGPD (Brazil Lei Geral de Proteção de Dados)
- CCPA/CPRA (California Consumer Privacy Act)
- SOC 2 Type II (data security certification)
- PCI DSS (payment card security standards)
2. Information We Collect
2.1 Information You Provide Directly
Account Information: Full name and business name, email address, phone number, business address, password (encrypted), and tax identification number.
Business Information: Client and customer data, project details, quotes and invoices, photos and documents, notes and communications, and team member information.
Payment Information: Credit/debit card details (processed by Stripe — not stored by us), billing address, payment history, and bank account information (Enterprise only).
2.2 Information Collected Automatically
Usage Data: Pages and features accessed, time spent on screens, actions taken, search queries, and navigation patterns.
Device Information: Device type and model, operating system and version, app version, screen resolution, and unique device identifiers.
Location Data: IP-based approximate location (city/region level). GPS location only with explicit consent for project mapping.
2.3 Augmented Reality and LiDAR Data
When using the Misurazione AR feature:
- Depth data is processed locally on your device in real-time
- Camera feed is used for AR overlay only — not recorded or stored
- Measurement results (length/width) may be saved if you choose
- We do NOT collect face data, biometric data, or environmental scans
- No AR or depth data is transmitted to our servers or third parties
2.4 Information from Third Parties
Social Login: Google (name, email, profile photo), Apple (name, email or masked email).
Payment Processors: Stripe (payment status, last 4 card digits, transaction IDs).
Integration Partners: QuickBooks (accounting data you sync), Google Agenda (events you create).
3. How We Use Your Information
- Create and manage your account
- Authenticate identity and secure your account
- Store and sync data across devices
- Process payments and generate invoices
- Send transactional emails (password resets, receipts)
- Provide customer support
- Improve AI features (stone cataloging, pricing recommendations)
- Understand feature usage and fix bugs
- Send marketing communications (with opt-out)
- Comply with legal obligations
- Detect and prevent fraud
4. How We Share Your Information
We never sell, rent, or trade your personal data to third parties for their marketing purposes.
We share data with:
- Cloud Infrastructure: AWS (database and file archiviazione, US region), Cloudflare (CDN), Vercel (web hosting)
- Payment Processing: Stripe (PCI DSS compliant)
- Communication: AWS SES (email), Firebase (push notifications)
- Analytics: Google Analytics (anonymized), Sentry (error tracking)
All service providers are contractually bound to use data only for providing services, implement appropriate security, and comply with privacy laws.
5. Data Security
- TLS 1.3 encryption for data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication (MFA) available
- Role-based access control (RBAC)
- Regular security audits and penetration testing
- OWASP Top 10 vulnerability prevention
- 24/7 security monitoring
In case of a data breach, we will notify you within 72 hours of discovery.
6. Data Retention
- Active accounts: Data retained while your account is active
- Canceled accounts: Data retained for 90 days (for reactivation), then permanently deleted
- Usage logs: Retained for 90 days
- Support tickets: Retained for 3 years
- Backups: Purged within 30 giorni of deletion
7. Your Privacy Rights
All Users
- Access: Request a copy of your data (JSON, CSV, PDF)
- Correction: Update inaccurate information anytime
- Deletion: Delete your account and all data
- Opt-Out: Unsubscribe from marketing at any time
GDPR (European Users)
Additional rights: restriction of processing, object to processing, data portability, right not to be subject to automated decisions, and right to lodge complaints with authorities.
LGPD (Brazilian Users)
Additional rights: anonymization, blocking, portability, explanation of processing, and consent withdrawal. Contatti: dpo-brazil@remnantfinderapp.com. Response within 15 days.
CCPA/CPRA (California Residents)
Right to know, delete, opt-out of data sale (we don't sell data), correct, and limit use of sensitive data. No discrimination for exercising rights.
How to Exercise Your Rights
- Self-Service: Account Settings → Privacy & Data
- Email: privacy@remnantfinderapp.com
- Response Time: 30 days (15 days for LGPD, 45 days for CCPA)
8. International Data Transfers
Primary data center: AWS US-East-1 (Virginia). We use Standard Contractual Clauses (SCCs) for transfers from the EEA or Brazil.
9. Children's Privacy
Remnant Finder is a B2B service for adults 18+. We do not knowingly collect data from children under 18. If discovered, such data will be deleted within 48 hours.
10. Cookies
- Essential: Authentication, security, performance (cannot disable)
- Functional: Language/theme preferences (can disable)
- Analytics: Google Analytics, product analytics (can disable)
- Marketing: Ad retargeting (optional, disabled by default)
11. Changes to This Policy
We'll notify you of material changes via email and in-app notice at least 30 days before they take effect. Continued use constitutes acceptance.
12. Contatti Us
- Privacy: privacy@remnantfinderapp.com
- Support: support@remnantfinderapp.com
- Brazil DPO: dpo-brazil@remnantfinderapp.com
Remnant Finder LLC · Boston, MA 02664, United States