RepoNorth
Log inGet Started
Legal

Privacy Policy

Effective July 2026
The short version

We collect only what RepoNorth needs to run your account and hold your collection, your ZIP code, never your street address, and nothing you don’t choose to enter. We encrypt it, we never sell or share it, we never use it to train AI, and you can export or delete all of it, any time. Here’s the complete picture.

Part One

What We Collect, and Why

01

Information We Collect

Account information
Your name, email address, ZIP code, and a password, stored only as a one-way hash we can’t read or reverse, not even under a warrant. We may aggregate ZIP codes into coarse, city-level statistics for internal business reporting, never at a resolution that could identify an individual account: any area under 8 accounts is folded into a general “other regions” bucket, and raw ZIP-level data is never mapped, exported, or shared.
Collection data you choose to enter
Item details, condition, purchase price, storage location, NFA registration info, notes, and photos. Every field beyond the four account basics above is optional, what you don’t enter can’t be exposed.
Photos
Automatically stripped of GPS and other EXIF metadata on upload, so an image never carries its location.
Phone number
Only if you choose to add one for optional SMS notifications (§4), never required to use RepoNorth.
Payment information
Handled entirely by Stripe, our payment processor; we never see or store your full card number.
Usage data
Aggregate, account-level signals like plan tier and last-active date, and product-wide feature adoption rates, never a per-user record of what any single collection contains.
02

How We Use Information

To operate your account and collection, process billing through Stripe, respond to support requests, secure the Service against fraud and abuse, meet legal obligations (§9), and understand aggregate product usage so we know what to build next. We do not use your collection’s contents for anything beyond showing it back to you and anyone you deliberately share it with (§8).

03

What We Never Do

Never sell, share, or mine your data. No ads, no data brokers, no “anonymized insights” sold to insurers or retailers. Your subscription is the entire business model.
Never use your data to train AI. Your photos and collection details train no model, ours or anyone else’s.
Never share your phone number for marketing. If you opt into SMS (§4), that number is used solely to send the alerts you asked for.
Never sell usage analytics to third parties, under any circumstances.
Never hold your data hostage. Full export, in open formats, always available, on every plan, forever.
Part Two

Protected, and Yours to Control

04

Text Messages & Your Phone Number

If you add a mobile phone number and opt in, we use it only to send the account and security alerts described in our Terms of Service, never marketing, and never shared with third parties for their own purposes. We work with a messaging provider to deliver these texts; they act solely on our behalf to transmit the message and don’t use your number for anything else.

You can withdraw consent any time by replying STOP or from Account → Settings, and you can ask us to delete a stored phone number entirely, it’s also deleted automatically if you delete your account (§6).

05

How We Protect Your Data

Your collection is encrypted at rest (AES-256) and in transit (TLS). The most sensitive fields, serial numbers, NFA control numbers, storage locations, get a second layer of field-level encryption, with the key held outside the database, so a database copy alone doesn’t expose what you own.

Your password is stored only as a one-way hash, never in reversible form; authentication data lives in a separate store from your collection data. Two-factor authentication (standard TOTP) is available on every account and encouraged from day one.

06

Data Retention & Deletion

We keep your data as long as your account is active. Delete your account any time from Account → Settings and it’s gone, including from backups, within 30 days. We recommend exporting first (§7); once deleted, we can’t recover it for you.

07

Your Rights & Choices

Export your full collection in open formats (CSV/JSON), any time, on every plan.
Correct or delete any item, note, or photo directly in the app, whenever you want.
Manage two-factor authentication, Sharing, Emergency Access, and SMS opt-in, all from Account → Settings.
Delete your account entirely, per §6.

If anything here isn’t self-service yet, email [email protected] and we’ll help directly.

Part Three

Where the Boundaries Are

08

Sharing, Viewers & Emergency Access

If you invite a Viewer, they can see the parts of your collection you’ve shared, read-only, until you revoke access, we don’t use that relationship for anything beyond enabling the view you set up.

Emergency Access works the same way: your named beneficiary’s email is used solely to verify their claim if your account goes inactive past the window you chose, after repeated warnings to you first. We don’t evaluate, mediate, or make judgment calls on these handoffs beyond the automated mechanism itself.

09

Law Enforcement & Transparency

We respond to valid legal process only, a warrant or court order, never an informal request, and we notify you whenever we’re legally permitted to.

Disclosure, when legally compelled, runs through a single logged process: one named account is decrypted, the export is produced, and an immutable record is kept of who, when, and under which order. That log is exactly what populates our annual transparency report, published whether the number is zero or not.

10

Where Your Data Lives

RepoNorth is hosted on U.S.-based infrastructure. Backups are encrypted the same as primary data and retained on a 7-day rolling schedule.

11

Children’s Privacy

RepoNorth is intended for adults 18 and older, consistent with our Terms of Service, and isn’t directed at children. We don’t knowingly collect information from anyone under 18.

12

Changes to This Policy

We may update this Policy as the Service evolves. We’ll post the revised version here with a new effective date, and for material changes, we’ll make a reasonable effort to notify you directly.

13

Contact Us

Questions, or a request about your data? [email protected], or use our Contact page. For anything related to a legal request, see §9 or visit our Trust page.

Want the plain-English version?

Our Trust page and FAQ cover the same commitments in everyday language.

© 2026 RepoNorth. All rights reserved.