Privacy Policy
Quvendo ("we," "us," or "our") operates the Quvendo service at quvendo.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
Effective date: June 11, 2026
Last updated: June 11, 2026
1. Who we are
The Service lets you photograph a product (typically a box or label) and receive an automated identification along with a suggested resale listing. To do this, we process the photo you submit and run it through several automated search and AI services described below.
For privacy questions or requests, contact us at [email protected].
2. Information we collect
Information you give us directly:
- Account / contact email. When you sign in with Google or request an email "magic link," we receive and store your email address. This is the address we use to send your results.
- Google account information. If you sign in with Google, we receive your email address and a verification flag (
email_verified) from Google. We do not request access to your contacts, Drive, calendar, or the content of your mailbox. - Photos you upload. The product photos you submit to be identified.
Information generated automatically when you use the Service:
- A cryptographic hash (MD5) of each uploaded image, used to recognize repeat uploads and avoid re-processing.
- Identification results, extracted product attributes (brand, model, category, codes, dimensions, etc.), suggested listing text, and the search results that produced them.
- A record of each submission (your email, the image hash, status, and outcome) and any confirmation actions you take (for example, clicking "THIS ONE" or "not it" in a result email), including which result you confirmed and when.
- Standard server and security logs (such as timestamps and error information).
3. About image metadata and image contents
Before your photo is sent to any third-party service or stored, we strip embedded metadata from the image. This removes data such as GPS coordinates, device/serial information, and capture timestamps (EXIF and similar metadata).
However, the visible contents of the photo are not altered. If your photo happens to show personal information — for example a shipping label with a name and address, a face, or a document in the background — that information is contained in the image we process and store. Please avoid including anything in frame that you do not want processed or stored. You are responsible for the content of the images you submit.
4. How we use your information
We use the information above to:
- Operate the identification pipeline and return results to you;
- Send you your results and related transactional emails;
- Cache results to make repeat and similar lookups faster and cheaper;
- Build a ground-truth layer from human confirmations to improve accuracy over time;
- Authenticate you and protect the Service from abuse and excessive cost;
- Maintain security, debug problems, and comply with legal obligations.
We do not sell your personal information, and we do not use your photos or results to serve you advertising.
5. Third-party services (subprocessors)
To deliver the Service, your photo and/or derived data are processed by the following third parties. Each has its own privacy practices, which we encourage you to review:
| Service | What it receives | Purpose |
|---|---|---|
| OpenAI | The image and extracted text | AI vision (reading the box) and listing synthesis |
| SerpAPI | Search queries derived from your image | Web, shopping, and Google Lens searches |
| imgbb | The EXIF-stripped image | Temporary public image hosting so Google Lens can perform a visual search |
| Your email/OAuth identity; the image (via Lens); outbound result emails (via Gmail) | Sign-in, visual search, and email delivery | |
| Railway | All stored data and uploaded images | Application hosting, database (PostgreSQL), and image storage (S3-compatible bucket) |
Note on imgbb: to run a Google Lens visual search, your metadata-stripped image is uploaded to imgbb, a third-party image host, and referenced by URL during the search. Although metadata is removed first, the image's visual contents are transmitted to and hosted by imgbb. We recommend you review whether this is acceptable for your use case.
We share information with these providers only as needed to operate the Service. We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of users or the public.
6. Where data is stored and how long we keep it
Uploaded images and results are stored in our hosting provider's database and storage bucket. Image links we generate expire after 7 days, but the underlying stored images and result records persist until you delete your account (or we honor a deletion request).
We retain your account, submission records, and stored images for as long as your account exists. When your account is deleted (see Section 7), we permanently delete:
- Your account record (email, name, sign-in identity);
- All of your submission records, including your identification history, listing drafts, and confirmation history;
- Your uploaded photos, from storage;
- The stored copies of the result emails we sent you;
- Your intake-survey answers and any waitlist signup.
If another user independently uploaded the identical photo, the shared stored image is kept until that user's data is also deleted.
What we retain after deletion — de-identified product data only. Identifying a product is expensive, so the Service keeps what it has learned about products even after the person who triggered that learning leaves:
- Cached product analysis. The product attributes read from your photo (brand, model number, codes, category) and the visual-search results for it, keyed only by an anonymous fingerprint of the image (a cryptographic hash). After deletion, the photo itself is gone and no record links that fingerprint to you — what remains describes the product, not you.
- Product images. Photos of the identified product collected from the public web (never your own uploaded photos) are kept where they illustrate an entry in the shared product cache below.
- Two shared caches with no personal identifiers. The text-search cache is keyed on generic product search queries (for example, a model number) and holds public web search results. The product ground-truth cache is keyed on product identifiers (UPC, ISBN, model number) and holds the identified product name and listing details — including entries that were improved by users' anonymous confirmation clicks.
None of the retained data contains your email, your photos, or anything traceable to you; deleting it would degrade the Service for everyone without removing any personal data. Reminder per Section 3: avoid photographing anything personal alongside a product — the visible contents of a photo drive the analysis above.
7. Your choices and rights
You may:
- Download a copy of the personal information we hold about you — when signed in, use "Download my data" on your listings page (or email us);
- Delete your account and all associated data yourself — when signed in, use "Delete my account" on your listings page. Deletion begins immediately and completes shortly after; it is permanent and cannot be undone (Section 6 describes exactly what is deleted and what anonymous shared data is retained);
- Request deletion or a copy by email if you can't sign in;
- Correct inaccurate information;
- Opt out of non-essential emails (transactional result emails are part of the core Service).
For email requests, contact [email protected]. We will respond within a reasonable time and as required by applicable law.
Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA/CPRA), including the rights described above and the right not to be discriminated against for exercising them. We do not sell or "share" personal information as those terms are defined under California law.
8. Children's privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.
9. Security
We use reasonable technical and organizational measures to protect your information, including access controls and an invite-based allowlist. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. International users
We operate in the United States, and your information may be processed in the U.S. and other countries where our subprocessors operate. By using the Service, you understand your information may be transferred to and processed in these locations.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date, and for material changes we will take additional steps as required by law.
12. Contact
Questions or requests: [email protected]
Quvendo, United States