Privacy Policy

This Privacy Policy describes how Context Emergence LLC, doing business as Trovari ("we," "us," "our"), collects, uses, and protects your information when you use our inventory management platform for tracking belongings, collections, and valuable items.

The short version: we collect what we need to run the service, we don't sell your data, and we don't use it for advertising. We make money from subscriptions, not from your information.

What We Collect

Information you provide

• Account information — Your email address and password (or Google account if you use OAuth). We need this to create and secure your account.
• Inventory data — Items, locations, collections, descriptions, and attributes you create. This is the core of what Trovari stores for you.
• Photos — Images you upload of your items. Photos are compressed on your device before upload and stored in three sizes (full, medium, thumbnail).
• Personal tracking data — Ratings, notes, purchase prices, and other personal fields you attach to items. This data is stored separately from shared space data and is only visible to you.

Information we generate

• Photo metadata — When you upload a photo, we extract labels, text (OCR), logos, and detected objects using Google Cloud Vision. This metadata is stored alongside the photo and helps with item identification. See How We Process Your Photos below for details.
• Activity logs — We log actions like item creation, edits, and deletions for audit purposes. These logs include timestamps and the user who performed the action.
• Usage data — Basic analytics about how you use the service — pages visited, features used, and performance metrics. We do not track you across other websites.

How We Process Your Photos

Every photo you upload is automatically processed before it reaches our storage. This serves two purposes: keeping the platform safe, and extracting useful data from your images.

Content moderation

• What happens — Your photo is sent to Google Cloud Vision's SafeSearch API, which evaluates it for explicit adult content and extreme violence. This happens before the photo is stored — if it fails, the image is rejected and never saved.
• Not optional — Content moderation applies to all uploads, for all users. There is no way to opt out.
• What we allow — We do not flag photos for being suggestive, medical in nature, or containing weapons. These are legitimate in an inventory context — you should be able to photograph your collections without false rejections.
• When an image is rejected — We log the event (your user ID, timestamp, IP address, and the SafeSearch scores) for security purposes. The image itself is never stored. Logs are retained for up to 2 years.

Metadata extraction

• What we extract — During the same scan, Google Cloud Vision identifies labels (e.g., "bottle", "vinyl record"), reads text on labels and packaging (OCR), detects brand logos, and locates objects within the image.
• How we use it — This metadata is stored alongside your photo in our database. It may be used to help identify items, improve search, and power future features. It is not shared with third parties.
• What Google sees — Google processes your image to perform the analysis but does not retain it afterward. Google does not use your images for any purpose other than providing the Vision API service. See Google's data usage FAQ.

How We Use AI

Trovari uses AI to help you add and find items. Here is specifically what that involves:

• Item identification — When you ask Trovari to identify an item from a photo or description, we send your input to Claude (by Anthropic) to analyze it and suggest item details.
• Natural language search — You can search your inventory using natural language (e.g., "find all movies with Tom Hanks"). These queries are processed by AI to construct the appropriate filters.
• What Anthropic sees — Text and photo inputs you send through AI features are processed by Anthropic to generate a response. Anthropic does not use your inputs to train AI models. See Anthropic's data usage policy.
• Accuracy — AI-generated suggestions may contain errors. You should review item details before saving, especially for information that matters for insurance, resale, or legal purposes.

How We Share Your Information

We do not sell your personal information. We do not share it with advertisers. We share data only in these specific circumstances:

• Service providers — We share data with the third-party services that power Trovari: Supabase (database, auth, storage), Google Cloud (image analysis), Anthropic (AI processing), and Stripe (payments). Each processes data only as needed to provide their service.
• Public shares — When you share a collection publicly, the items and photos in that collection are viewable by anyone with the link. Only moderation-approved photos appear in shares. You control what is shared and can disable sharing at any time.
• Space members — Within a space, members can see items, locations, and collections based on their role. Personal tracking data (ratings, notes) is visible only to you, not to other space members.
• Legal requirements — We may disclose information if required by law, subpoena, or court order, or if necessary to protect the safety of our users or the public. We will notify you when legally permitted to do so.

Data Storage & Security

Your data is stored in AWS data centers in the United States via Supabase, which maintains SOC 2 Type II certification.

• Encryption — Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Tenant isolation — Each space is isolated at the database level using PostgreSQL Row Level Security. Even if application code had a bug, the database would prevent cross-tenant data access.
• Access controls — Internal access to your data follows the principle of least privilege. We do not access your data unless required for support you've requested or to maintain the service.

For more detail, see our Security page.

Data Retention

We retain your information for as long as your account is active or as needed to provide the service. Here are the specific retention periods:

• Inventory data — Retained while your account is active. Deleted within 30 days of account closure.
• Photos — Retained while attached to an item. When a photo or its parent item is deleted, the photo is removed from active storage within 30 days.
• Activity logs — Retained for 1 year for audit and security purposes.
• Moderation event logs — When a photo is rejected by content moderation, we log the event (user ID, timestamp, IP address, SafeSearch scores) for up to 2 years. The rejected image itself is never stored.
• Backups — Encrypted database backups are retained for up to 90 days. Data deleted from active systems is permanently removed from backups when those backups expire.

Your Rights

Depending on where you live, you may have specific rights regarding your personal information. We honor these rights for all users, regardless of location:

• Access — You can request a copy of all personal information we hold about you, delivered in a machine-readable format (JSON).
• Correction — You can update your account information and inventory data at any time through the app.
• Deletion — You can request deletion of your account and personal data. We will delete it within 30 days, with the following exceptions: data may persist in encrypted backups for up to 90 days; items you created in shared spaces will be anonymized (your name removed) but retained for other space members; and we may retain certain logs where required by law.
• Data portability — You can export your data at any time. Contact us and we'll provide your information in a standard, machine-readable format.
• Opt out of marketing — We will not send you marketing emails without your consent. You can unsubscribe at any time.

For California residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@trovari.ai.

For European users

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data based on: performance of a contract (providing the service you signed up for), your consent (for optional features), and legitimate interests (security, fraud prevention, service improvement). Your data is transferred to and stored in the United States with appropriate safeguards. You have the right to lodge a complaint with your local data protection authority.

Cookies & Tracking

We use a minimal set of cookies, limited to what's necessary for the service to function:

• Authentication cookies — Required to keep you signed in. These are essential and cannot be disabled.
• Preference cookies — Store your settings like selected space and display preferences. Session-scoped or short-lived.
• Analytics — We may use privacy-focused analytics to understand how the service is used. We do not use third-party advertising trackers and do not track you across other websites.

Children's Privacy

Trovari is intended for users 16 years of age and older. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child under 16 has created an account, please contact us at privacy@trovari.ai and we will promptly delete the account and associated data.

Changes to This Policy

We may update this policy from time to time. When we make material changes, we'll notify you via email or an in-app notice at least 30 days before the changes take effect. We'll keep previous versions available so you can see what changed.

Contact

For privacy questions, data requests, or to exercise any of your rights, contact us at privacy@trovari.ai. We aim to respond to all requests within 30 days.