Privacy Policy

No Shortfall ("we", "our", "the Service") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

Account information

• Name and email address (required to create an account)
• Password (stored as a one-way hash — we cannot read it)
• Profile image (if you sign in via Google OAuth)
• Currency and language preferences

Asset data

• Asset names, descriptions, categories, locations, and notes you enter
• Purchase prices, dates, and warranty information
• Photos and documents you upload
• AI-generated identifications and price estimates associated with your assets

Usage information

• AI feature usage counts (for quota management)
• Audit log entries for changes made to your assets
• IP addresses used for rate limiting

• To provide the Service — storing, displaying, and managing your asset records
• To power AI features — photos and asset details are sent to Anthropic's API to generate identifications
• To manage your account — authentication, password resets, email verification
• To protect the Service — rate limiting, fraud prevention, and security monitoring
• To improve the Service — aggregated, anonymised usage analytics via Vercel Analytics

We do not sell your personal information to third parties.

When you use AI identification, the relevant image(s) and asset details are transmitted to Anthropic for processing. Anthropic's handling of this data is governed by their own Privacy Policy and API usage terms. We do not store your images with Anthropic — they are sent per-request and not retained by us beyond your Vercel Blob storage.

We use the following third-party infrastructure providers:

• Vercel — web hosting, serverless functions, and file (Blob) storage
• Supabase — PostgreSQL database hosting
• Anthropic — AI model API (Claude) for asset identification
• Upstash — Redis-based rate limiting
• Google — OAuth sign-in (if you choose to use it)

Each provider operates under their own privacy policies and data processing agreements. Data may be processed in countries outside your own, including the United States.

Your data is stored in Supabase's managed PostgreSQL infrastructure and Vercel Blob storage. Both providers use encryption at rest and in transit.

We retain your data for as long as your account is active. When you delete your account, your personal data, assets, and uploaded files are permanently deleted. Audit logs may be retained for a short period for security and fraud investigation purposes.

We do not share your personal information except in the following circumstances:

• With infrastructure providers — as described in section 4, solely to operate the Service
• Account sharing — if you choose to share your account with another user via the sharing feature, that user can view your assets and worklist
• Legal requirements — if required by law, court order, or to protect the rights and safety of users

You have the right to:

• Access your data — export your asset list as CSV from the Settings page
• Correct your data — edit any asset or account detail at any time
• Delete your data — delete individual assets or your entire account from Settings
• Data portability — export your data in CSV format at any time

To request deletion of your account and all associated data, go to Settings within the app.

We use session cookies for authentication (managed by NextAuth.js) and a small number of preference cookies (e.g. sort order, theme). We use localStorage for client-side preferences such as tag colours. We do not use advertising or tracking cookies.

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or your data, please contact us via the Settings page within the app.