TagLot Privacy Policy
Effective date: upon publication · Last updated: July 10, 2026
TagLot ("TagLot," "we," "us") is operated by ARDEO LABS LLC, a Florida limited liability company. This policy explains what we collect, why, and what your rights are. It covers theTagLot mobile and web apps, the TagLot website (including settlement share pages), and support channels.
The short version: your data is yours. We don't sell it, we don't run ads, we don't use your content to train AI models, and you can export or delete everything at any time.
1. What we collect
Account information. Email address, name, and authentication credentials (sign-in is by a one-time email code, managed by our authentication provider — we never see or store a password).
Your business content. What you enter to run your estate-sale business: sales (including the sale's street address, dates, and commission and fee terms), rooms, items, prices, sold records, settlement statements, notes, and business branding.
Your consignors' contact details. You may enter names, emails, and phone numbers of your clients — consignors, executors, or their representatives — so you can manage sales and deliver settlement statements. You are responsible for having the right to share that information with us; we use it only to provide the service to you and never for our own marketing.
Item photos. Photos you take of sale items are uploaded to catalog them (including AI cataloging you initiate). Photos may be captured offline on your device and uploaded later.
Shoppers at your sales: we collect no information about buyers. Sale-day records store only the item, sold price, and payment method you record — no buyer identity.
Payment information. Subscription payments are processed by Stripe. We receive subscription status and the last four digits/brand of your card for display — we never receive or store full card numbers. Money at your sales (buyer checkout, consignor payouts) happens entirely outside TagLot and we never see or hold those funds.
Usage and device data. Product analytics events (screens used, features triggered), device type, OS version, and approximate region, collected via PostHog. Crash and error diagnostics collected via Sentry.
Support communications. Emails you send to our support address.
2. How we use it
- Provide, maintain, and improve the service (including offline sync and backups).
- AI item cataloging: item photos you submit are sent to Anthropic's API to be drafted into item titles, categories, conditions, descriptions, and price suggestions. Results always land in a review queue for your approval — nothing is created without your confirmation, and you set every price. Under Anthropic's commercial API terms, your inputs and outputs are not used to train their models.
- Send transactional email you initiate or that the service requires (settlement deliveries, team invites, receipts, security notices) via Resend, and push notifications you enable (e.g., "photos ready to review"). If you turn on the weekly digest, we email it to you (you can unsubscribe; unsubscribing is honored in-product too).
- Measure aggregate product usage, diagnose crashes, prevent fraud and abuse, and comply with law.
We do not sell or rent personal information, and we do not share it with third parties for their own advertising.
3. Settlement share pages and links
When you share a settlement statement, TagLot creates a share page at an unguessable link. Anyone who has that link can view that settlement (itemized sale lines, gross, commission, fees, net, and your business branding). Share pages never include buyer information or your internal notes. Treat share links like the statement itself.
4. Data on your device
TagLot works offline: items, photos, and sold records you create without a connection are stored on your device and sync when you reconnect. Device-level protections (passcode, encryption) are governed by your device settings.
5. Where your data lives
Data is stored with Supabase (PostgreSQL and file storage) in the United States, encrypted in transit (TLS) and at rest. Access in our systems is enforced by row-level security scoped to your organization; team roles you assign (e.g., staff) further limit what your team members can see. Settlement share pages and PDFs are served from our site infrastructure (Fly.io, US region).
6. How long we keep it
- While your account is active: we keep your content so the service works; export is available anytime (Settings → Export, CSV/JSON), on any plan, including after you cancel a subscription.
- If you delete your account: we delete your content within 30 days, except minimal records we must keep for legal, tax, or security purposes (e.g., invoices).
- Backups age out on a rolling schedule of no more than 30 additional days.
7. Service providers (subprocessors)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage, server functions | US |
| Stripe | Subscription billing | US |
| Anthropic | AI cataloging of item photos you submit | US |
| Resend | Transactional email | US |
| PostHog | Product analytics | US |
| Sentry | Error and crash diagnostics | US |
| Fly.io | Hosting for settlement share pages, PDFs, and this website | US |
| Expo (EAS) | App builds and push-notification delivery | US |
| Cloudflare | DNS and email routing | US |
Each provider processes data only as needed to provide its service to us, under its own contractual data-protection commitments.
8. Your rights and choices
- Access & portability: export everything from Settings → Export.
- Correction: edit your content in the app.
- Deletion: delete your account in Settings, or email us and we'll do it.
- Marketing opt-out: unsubscribe links in every non-transactional email.
- State privacy rights: depending on where you live (e.g., California, Colorado, Virginia, Florida), you may have statutory rights to access, delete, correct, or obtain a copy of your personal information, and to non-discrimination for exercising them. We honor these requests for everyone, resident or not. We do not "sell" or "share" personal information as those terms are defined in the CCPA/CPRA.
To exercise any right: contact us at the address below. We verify requests via your account email and respond within the time required by applicable law (generally 45 days).
9. Children
TagLot is a business tool for adults. It is not directed at children under 13 (or under 18 for account creation), and we do not knowingly collect information from them. If you believe a child has provided us information, contact us and we will delete it.
10. Security
Row-level security on every table, TLS everywhere, encryption at rest, scoped credentials, and no card data in our systems. No method of transmission or storage is 100% secure; if we learn of a breach affecting your personal information, we will notify you as required by law.
11. Changes
We'll post changes here and update the date above. For material changes, we'll notify you in the app or by email before they take effect.
12. Contact
ARDEO LABS LLC
Mailing address:Ardeo Labs LLC
5944 Coral Ridge Dr # 1017
Coral Springs, FL 33076
United States