Privacy Policy

This Privacy Policy explains how ClaimIt collects, uses, stores, and protects information when you use our service. ClaimIt is an AI agent system that monitors prices across retail, airline, and hotel platforms after you purchase, detects when you're eligible for a refund under each platform's price-protection policy, and generates the claim materials needed to recover the difference.

We designed ClaimIt with the understanding that the data you share — your inbox, your purchases, your claim history — is sensitive. This policy describes exactly what we collect, why we collect it, and what controls you have over it.

Account information

When you create an account, we collect your name, email address, and authentication identifier from Google Sign-In.

Purchase and claim data

• Receipts you upload directly (PDF or image)
• Purchase confirmations detected from your Gmail when you connect it
• Extracted purchase details including merchant, product, price, purchase date, and order identifier
• Price history for items we monitor, captured from public product pages
• Claim drafts, outcomes, and any user-reported follow-up

Conversation history

Messages you exchange with the ClaimIt Assistant — both general support conversations and claim-focused threads — are stored to maintain context across sessions.

Technical data

• IP address, browser user agent, and device type
• Server logs of API requests
• Diagnostic traces of AI agent runs for reliability and improvement

Connecting Gmail is optional. If you choose to connect, ClaimIt requests three OAuth scopes from Google:

• gmail.readonly — to read order confirmation emails for automatic purchase detection
• gmail.send — to send claim emails from your inbox when you approve them
• gmail.modify — to mark processed emails as read or apply organizational labels

We use these scopes only for the stated purposes. We do not read emails unrelated to purchase detection, and we do not send any email without an action you have explicitly approved or that falls within an auto-send preference you have configured.

You can disconnect Gmail at any time from your settings, which immediately revokes our access. You can also revoke access directly at myaccount.google.com/permissions.

We use the information we collect to:

• Detect purchases eligible for price-protection monitoring
• Monitor prices across supported platforms and identify drops
• Generate claim materials accurate to each platform's policy
• Send claim emails from your inbox when you have authorized us to do so
• Maintain Assistant conversation context across your sessions
• Provide customer support and respond to your requests
• Detect and prevent abuse, fraud, or security incidents
• Improve the reliability and quality of our AI agents

We do not use your information to build advertising profiles, target advertisements, or sell to third parties.

ClaimIt is built on a small set of trusted infrastructure providers. Each receives only the data needed to perform its function.

• Google Cloud Platform — application hosting, file storage, and event coordination. Your receipts and price-evidence screenshots are stored in Google Cloud Storage in the United States.
• MongoDB Atlas — primary database for accounts, purchases, claims, and conversations. Hosted in the United States.
• Google Gemini — large language model for receipt extraction, claim drafting, and Assistant reasoning.
• Arize Phoenix — observability for AI agent traces, used to diagnose failures and improve quality.
• ScraperAPI, Apify, Amadeus, and Keepa — public price-data providers for monitored platforms. These services receive only product identifiers and platform URLs, never your personal information.

We do not sell your personal information to any third party.

Your data is stored in encrypted form at rest and in transit. Connections to ClaimIt use TLS. Database and file storage encryption is managed by Google Cloud and MongoDB Atlas.

Access to production data is restricted to authorized engineers and is logged. Credentials are managed through Google Cloud Secret Manager and our service accounts follow least-privilege IAM patterns.

No system is perfectly secure. We work to protect your data but cannot guarantee absolute security.

We retain your account information for as long as your account is active.

Purchase and claim data is retained to maintain your claim history. Receipts and price-evidence screenshots are retained for 365 days, after which they are automatically deleted.

If you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required for legal, accounting, or security reasons.

You have control over your data:

• Access and export — request a copy of the data we hold about you
• Correction — update incorrect information from your settings
• Deletion — delete your account at any time from settings; this removes your personal data per the retention policy above
• Revoke Gmail access — disconnect Gmail from settings or revoke access directly at myaccount.google.com/permissions
• Pause monitoring — stop price tracking for any purchase without deleting it

Depending on your location, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA). Contact us to exercise any of these rights.

We use a small number of cookies and similar technologies:

• Authentication cookies to keep you signed in
• Functional cookies to remember your preferences such as theme selection

We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral targeting tools.

ClaimIt is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or through the product before the changes take effect.

For questions or requests about this policy, visit our contact page and we will respond.