Privacy Policy

Last updated: December 19, 2025

Overview

AddItemTo is designed with privacy in mind. The free version stores all your data locally on your device. For Pro/Business/Enterprise users and users following shared collections, we require authentication via Sign in with Apple to enable cloud sync and collaboration features.

Data Controller

The data controller responsible for your personal information is:

Company Name: Add Item To Ltd
Company Number: 16799293
Trading Name: additem.to
Location: United Kingdom
Contact: privacy@additem.to

Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Free Tier: Legitimate interests (providing the app functionality on your device)
• Pro/Business/Enterprise: Contract performance (providing cloud sync and premium features)
• Photos: Contract performance (premium feature) and legitimate interests (service delivery)

Data Collection

Free Version (Local Only)

• All asset and location data is stored locally on your device
• No data is transmitted to our servers
• No account or personal information required
• Data remains on your device only

Authentication (Required for Cloud Features)

To access cloud sync, premium features, or follow shared collections, you must sign in. We collect:

• Apple ID: Unique user identifier provided by Apple (anonymous unless you choose to share your email)
• Email address: Only if you choose to share it with us during sign in
• Display name: Used to identify you in shared collections and collaboration features

Premium Version (Cloud Sync)

Premium features collect:

• System-generated account identifier (linked to your Apple ID)
• Asset and location data synced to our secure servers
• Transaction history for audit purposes
• Subscription status and tier information

Email Address Retention

If you provide your email address during sign in:

• Purpose: Used only for critical account communications (subscription issues, security alerts, policy changes)
• Storage: Encrypted in our PostgreSQL database with TLS encryption in transit and application-level encryption at rest
• Retention: Retained while your account is active and for 30 days after account deletion (to prevent account recreation abuse)
• Not used for: Marketing, newsletters, promotional emails, or sharing with third parties
• Your control: You can request email deletion at any time by contacting privacy@additem.to

Note: If you choose to hide your email during sign in, we receive a private relay email from Apple instead. This relay email is under Apple's control and we cannot use it to contact you directly.

NFC Tag Data

The app reads the unique identifier (UID) from NFC tags to identify assets and locations. We do not write any data to NFC tags.

Important: We do not store any personal information, asset names, descriptions, photos, or other sensitive data on NFC tags. The app only reads the tag's UID, which references data stored locally on your device (free tier) or in our cloud database (premium tiers). Anyone scanning an NFC tag will only see the UID - they cannot access your asset information without having access to your additem.to account.

Camera Usage

The camera is used for photo attachments and OCR text scanning (Scan to Fill feature). All images are processed locally on your device. Photos you choose to attach are stored locally, with cloud backup available for Pro+ users.

Location Information

When you enable GPS tracking (optional, on by default), additem.to captures your device's GPS coordinates during check-in and check-out transactions.

What we collect:

• Latitude and longitude coordinates
• GPS accuracy (in meters)
• Timestamp of GPS reading

What we DON'T collect:

• Background location tracking
• Continuous location monitoring
• Location data outside of transactions

How we use it:

• Provide an audit trail of asset movements
• Verify transaction locations for security
• Enable future features like heat maps and geofencing (premium tiers only)

Your control:

• You can disable GPS tracking in Settings at any time
• Disabling GPS will not affect any other app functionality
• GPS data is stored locally on your device (free tier) or synced to our servers (pro tier)
• You can delete transactions to remove associated GPS data

Free Tier: GPS data never leaves your device
Pro/Business/Enterprise: GPS data syncs with transactions to our secure servers

Photo Attachments

All users can attach photos to their assets. Photos are always stored locally on your device. Pro, Business, and Enterprise tier users also get cloud backup to Cloudflare R2 storage.

What we store:

• Original photos you upload (stored in R2 cloud storage)
• Compressed thumbnails for faster loading
• Photo metadata (filename, size, dimensions, upload date)
• Optional captions you add to photos

How we use it:

• Display photos alongside your assets
• Sync photos across your devices (Pro+ users only)
• Share photos with users you've granted access to
• Create thumbnails for performance optimization

Your control:

• You can delete photos at any time - they're immediately removed from cloud storage
• Deleted photos are removed from all your devices during next sync
• When your subscription expires or is cancelled, all photos are deleted from cloud storage
• Photos are also stored locally on your device for offline access

Important: Photos are subject to our content policies. See our Terms of Service for details on prohibited content and content moderation.

Content Moderation

We respect your privacy and do not proactively monitor or scan your photos. However, we reserve the right to review content if:

• Content is reported by another user
• We receive a legal request or court order
• We have reason to believe content violates our Terms of Service or applicable laws

Manual Review: Reported content is reviewed manually by our team. We do not use automated scanning or AI to monitor your photos under normal circumstances.

Illegal Content: If we discover illegal content (particularly child sexual abuse material), we are legally required to report it to the appropriate authorities:

• UK: Internet Watch Foundation (IWF) and National Crime Agency (NCA)
• International: National Center for Missing & Exploited Children (NCMEC)
• Law Enforcement: Local police authorities as required

To report abuse: If you encounter inappropriate or illegal content, please email abuse@additem.to with details. Reports are reviewed within 48 hours.

Data Storage & Security

• Local data is stored in an encrypted SQLite database on your device
• Cloud data (Premium) is stored in Cloudflare R2 (asset/location data) and PostgreSQL (metadata)
• Photos (Premium) are stored in Cloudflare R2 cloud storage with TLS encryption
• All data is encrypted in transit (HTTPS/TLS) and at rest
• We use industry-standard security practices
• No data is shared with third parties (except Cloudflare for infrastructure)

International Data Transfers

For Pro, Business, and Enterprise users, your data may be transferred and stored outside the United Kingdom and European Economic Area (EEA):

• Cloudflare R2: Data stored in Cloudflare's global network may be processed outside the UK/EEA
• Safeguards: Cloudflare provides Standard Contractual Clauses (SCCs) approved by the UK ICO
• Security: All data transfers use TLS encryption and Cloudflare's enterprise-grade security

Free tier users: Your data never leaves your device and is not transferred internationally.

Analytics

We do not use any analytics or tracking services. Your usage patterns and behavior are not monitored or collected.

Your Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

• Request a copy of your personal data
• Free tier: Data stored locally on your device only
• Premium: Export feature available in-app, or contact privacy@additem.to

Right to Rectification

• Correct inaccurate or incomplete data
• Edit assets, locations, and photos directly in the app

Right to Erasure ("Right to be Forgotten")

• Delete the app to remove all local data
• Delete individual photos (immediately removed from cloud storage)
• Delete individual assets, locations, or transactions in-app
• Premium: Request account deletion (all cloud data permanently deleted within 24 hours)

Right to Restrict Processing

• Downgrade from Premium to Free tier to stop cloud processing
• Disable GPS tracking in Settings to stop location data collection

Right to Data Portability

• Premium: Export your data in machine-readable format (JSON/CSV)
• Contact privacy@additem.to to request data export

Right to Object

• Object to processing for direct marketing (we don't do any marketing)
• Object to automated decision-making (we don't use automated decisions)

Exercising Your Rights

To exercise any of these rights, contact us at privacy@additem.to. We will respond within one month.

Right to Complain

If you're unhappy with how we handle your personal data, you have the right to complain to the UK's data protection authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Add Item To Ltd's ICO registration reference: ZC021383

Data Retention

• Free Tier: Data stored indefinitely on your device (until you delete the app)
• Premium Assets/Locations: Retained while subscription is active
• Premium Photos: Deleted from cloud storage within 24 hours after subscription expires
• After Account Deletion: All cloud data permanently deleted within 24 hours

Children's Privacy

AddItemTo is not directed to children under 13. We do not knowingly collect information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted in-app with an updated date.

Contact Us

Questions about this privacy policy?

Email: privacy@additem.to