Legal

Privacy Policy

Effective Date: April 4, 2026 · Last Updated: April 4, 2026

Contents

Who We Are
Information We Collect
How We Use Your Information
Legal Basis for Processing (GDPR)
Cookies and Local Storage
Third-Party Services
Data Retention
Your Rights
Children's Privacy
International Transfers
Security
Changes to This Policy
Contact

Plain-language summary: NSpicker is a browser-based resale price intelligence tool. We do not require account creation for anonymous browsing and limited free scans, but connected account features use approved sign-in providers. We store some temporary search state locally on your device, and connected account data may also be synced server-side. We collect anonymous usage events to improve the platform. We use Stripe for payment processing — we never see your card details. You can delete local browser data at any time, and you can contact us to request deletion of connected account data.

Who We Are

NSpicker ("NSpicker," "we," "us," or "our") operates the website at nspicker.com and all associated subdomains. NSpicker is a resale price intelligence platform providing market valuation data for secondhand goods including antiques, collectibles, electronics, clothing, and other items.

For privacy inquiries, contact us at: support@nspicker.com

Information We Collect

Information you provide directly:

Email address — if you voluntarily create an account or contact us for support.
Payment information — processed exclusively by Stripe, Inc. We never receive, store, or have access to your full credit card number, CVV, or bank details.

Information collected automatically:

Search queries — the item names you search, stored locally on your device and optionally in anonymized usage logs.
Session identifiers — randomly generated, non-personal IDs stored in sessionStorage to link events within a single browser session.
Usage events — structured logs of actions taken on the platform (searches performed, scan mode used, results viewed). These are stored locally and, where you have an active subscription, may be transmitted to our servers in anonymous form.
Device and browser information — browser type, operating system, and screen resolution, collected for compatibility purposes and never linked to your identity.
Camera images — photos captured in Item Scan mode are processed in your browser. Images are transmitted to our AI identification service only to identify the item and are not retained after the result is returned.
Barcode data — UPC, EAN, ISBN, or QR values detected by the barcode scanner, used solely to identify the item and return pricing data.

Information we do NOT collect:

We do not collect your precise GPS location.
We do not build behavioral advertising profiles.
We do not sell your data to third parties.
We do not use tracking pixels or third-party ad networks.

How We Use Your Information

To provide the service — returning price results, operating the scanner, and maintaining your Hustle Folder.
To process payments — subscription management via Stripe. We receive confirmation of payment status only.
To improve the platform — aggregated, anonymized usage patterns help us understand which features are most valuable and identify technical issues.
To communicate with you — if you have provided an email address, we may send transactional communications (account confirmation, subscription receipts). We do not send unsolicited marketing emails without your explicit consent.
To ensure security — detecting and preventing abuse, unauthorized access, or fraudulent use of the platform.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar laws, we process personal data on the following legal bases:

Contract performance — processing necessary to provide the service you have subscribed to.
Legitimate interests — anonymized analytics to improve the platform, security monitoring, and fraud prevention, where these interests are not overridden by your rights.
Consent — for any processing not covered above, including optional account creation and marketing communications.
Legal obligation — where required by applicable law.

Cookies and Local Storage

NSpicker uses browser-native storage and first-party account/session mechanisms rather than third-party tracking cookies:

localStorage — stores temporary device-side state such as recent usage context, fallback valuation cache, scan counters, and any unsynced data that may need migration into a connected account.
sessionStorage — stores a temporary session identifier that expires when you close your browser tab. Used to group usage events within a session.
Cookies and tokens — used for authenticated account sessions, paywall verification, and protected API access after sign-in through approved identity providers.

You can clear locally stored NSpicker data at any time by clearing your browser's site data for nspicker.com. This will remove device-side cache, counters, and any unsynced data. Synced account data stored on our backend is not removed by clearing browser storage alone.

Third-Party Services

Stripe, Inc. — payment processing. Stripe's Privacy Policy governs how Stripe handles your payment data: stripe.com/privacy
Amazon Web Services (AWS) — hosting infrastructure (S3, CloudFront, API Gateway, Lambda). AWS processes data in accordance with its Data Processing Addendum.
Identity providers — Google, Apple, Amazon, Microsoft, and PayPal may process authentication data according to their own privacy terms when you choose to sign in with them.
Google Fonts — typography assets. Google may collect minimal technical data (IP address, browser user agent) when fonts are loaded. We use font preloading to minimize this exposure.
Cloudflare CDN — ZXing.js barcode library is loaded from Cloudflare's CDN for barcode scanning functionality.

We do not share personally identifiable information with any third party except as necessary to process payments (Stripe) or comply with legal obligations.

Data Retention

Local storage data — retained on your device until you clear it or uninstall your browser.
Server-side usage events — anonymized events retained for a maximum of 24 months for analytics purposes, then permanently deleted.
Account data (email) — retained for the duration of your account plus 90 days after deletion, unless longer retention is required by law.
Payment records — Stripe retains transaction records in accordance with its own retention policies and applicable financial regulations.
Camera images — not retained. Images sent to the identification API are processed and discarded immediately.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of access — request a copy of personal data we hold about you.
Right to rectification — request correction of inaccurate data.
Right to erasure — request deletion of your personal data ("right to be forgotten").
Right to restrict processing — request that we limit how we use your data.
Right to data portability — receive your data in a machine-readable format.
Right to object — object to processing based on legitimate interests.
Right to withdraw consent — withdraw consent at any time where processing is based on consent.
CCPA rights (California) — California residents have the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@nspicker.com. We will respond within 30 days. We may need to verify your identity before processing requests.

You also have the right to lodge a complaint with your local data protection authority.

Children's Privacy

NSpicker is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@nspicker.com and we will delete it promptly.

International Data Transfers

NSpicker operates globally. Your data may be processed on servers located in the United States (AWS us-west-2). If you are located in the EEA or UK, transfers to the United States are made under appropriate safeguards including Standard Contractual Clauses (SCCs) where applicable.

By using NSpicker, you acknowledge that your information may be transferred to and processed in countries outside your country of residence, which may have different data protection laws.

Security

We implement industry-standard security measures including HTTPS encryption for all data in transit, AWS security controls for data at rest, and access controls limiting who can access server infrastructure. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach affecting your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the most recent update at the top of this page. For material changes, we will provide additional notice (such as an in-app notification or email if you have an account). Your continued use of NSpicker after changes become effective constitutes your acceptance of the revised policy.

Contact

For any questions, concerns, or rights requests regarding this Privacy Policy or our data practices:

Email: support@nspicker.com
Website: nspicker.com

We aim to respond to all inquiries within 5 business days and all formal rights requests within 30 days.