HeyElroy ("we", "us", "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes what data we collect, how we use it, how we protect it, and your rights regarding your information.
When you create an account, we collect your email address, display name, and profile photo as provided through Google Sign-In. We also store your Stripe customer ID and subscription details for billing purposes.
When you use HeyElroy to scan items, we collect the images you upload, AI-generated identification results, pricing analysis, comparable sales data, and listing content. All product data is stored separately from your personal information using anonymized identifiers from the moment it is created.
If you operate a storefront, we store buyer information (name, email, shipping address) as provided during checkout, solely for order fulfillment purposes.
We collect scan counts, feature usage patterns, and error telemetry to improve service reliability and performance. Error logs are automatically deleted after 60 days.
We collect your IP address for rate limiting and abuse prevention purposes. IP addresses are anonymized using one-way hashing before storage in our analytics systems and are not linked to your account profile or shared with third parties. Rate limiting records containing IP-derived identifiers are automatically deleted after 60 days.
All payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information. We store only Stripe reference IDs necessary to manage your subscription and transaction history.
HeyElroy maintains a strict separation between personal data and market intelligence data.
Personal data (your name, email, payment references) is stored in your user profile and is fully under your control. You can delete it at any time by deleting your account through the Settings page.
Market intelligence data (product images, scan results, pricing history, authentication evidence, comparable sales data) is anonymized at the point of collection. Your identity is never attached to market data in our analytics systems. Seller activity is tracked using irreversible cryptographic hashes (SHA-256) that cannot be traced back to any individual.
This separation means that even if you delete your account, no remaining data in our systems can identify you.
Product images you upload are retained to support ongoing services including item identification, authentication verification, market value tracking, pricing accuracy over time, and listing regeneration. Images are stored securely in cloud storage and are not shared publicly unless you choose to publish them to your storefront.
Upon account deletion, images are disassociated from your identity and retained as anonymous market data to support our authentication database, counterfeit detection systems, and market analytics. This anonymized image data cannot be linked back to any individual user.
We use the following categories of third-party services to operate HeyElroy:
We do not sell your personal data. We share data only in the following circumstances:
You can view your account data, subscription details, and usage information through the Settings page at any time. You can also download a machine-readable copy of all your personal data (profile, inventory, orders, and messages) in JSON format from the Settings page.
You can delete your account at any time through the Settings page. This permanently removes all personal data, including your profile, email, and payment references. Anonymized market data is retained as described in this policy.
If you made a purchase through a HeyElroy storefront and wish to have your personal data (name, email, shipping address) removed from our order records, you may submit a request through our Contact page. Select "Data Deletion Request" as the category.
You can update your display name and profile photo through your Google account settings, which will be reflected in HeyElroy on your next sign-in.
If you have concerns about how your data is used, please contact us through the Contact page.
| Data Type | Retention Period |
|---|---|
| Account profile | Until account deletion |
| Product images | Indefinite (anonymized on account deletion) |
| Scan results and market data | Indefinite (anonymized from creation) |
| Comparable sales data | Indefinite (no personal data attached) |
| Storefront order data | Indefinite (buyer data deleted upon valid request) |
| Error telemetry | 60 days (auto-deleted) |
| Rollover credits | 90 days after subscription cancellation |
We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication with cryptographic session validation, and role-based access controls. However, no system is completely secure, and we cannot guarantee absolute security of your data.
HeyElroy uses a single essential session cookie (__session) to maintain your authenticated session. This cookie is httpOnly, secure, and required for the service to function. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
HeyElroy is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the service after any changes constitutes your acceptance of the updated policy.
For privacy inquiries, data access requests, or data deletion requests, please use our Contact page.