ReclaimHQReclaimHQBack to home

Privacy Policy

Last updated: 13 February 2026

1. Who we are

ReclaimHQ is operated by a company registered in England and Wales. If you have any questions about this policy, contact us at hello@reclaimhq.uk.

2. What data we collect

When you use ReclaimHQ, we collect:

  • Account information: your name, email address, and password (hashed).
  • Amazon order data: removal order IDs, product names, ASINs, SKUs, tracking numbers, shipment dates, and related data that you import via the Chrome extension.
  • Payment information: processed securely by Stripe. We do not store your card details.
  • AI conversation data: messages exchanged with the Tarquin claims assistant, including your inputs and AI-generated responses. Images attached to conversations are processed but not permanently stored.
  • Usage data: basic analytics such as pages visited and features used.

3. How we use your data

We use your data to:

  • Provide and improve the ReclaimHQ service.
  • Process your subscription payments via Stripe.
  • Send transactional emails (account confirmation, password resets, billing receipts).
  • Respond to support requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data storage and security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. All connections are encrypted via TLS. Passwords are hashed using bcrypt. API keys are stored as one-way hashes.

Application-level encryption: commercially sensitive fields — including cost of goods (COG), target sale prices, removal fees, recovery amounts, and invoice filenames — are encrypted at rest using AES-256-GCM with per-user encryption keys. Each user's data is encrypted with a unique key, meaning that even platform administrators browsing the database cannot read your commercial figures. Data is only decrypted in memory when served to your authenticated session.

The Chrome extension does not store your Amazon credentials — it only imports the order data you choose to send to ReclaimHQ.

5. Third-party services

We use the following third-party services:

  • Supabase — database and authentication.
  • Stripe — payment processing.
  • Vercel — application hosting.
  • Resend — transactional email delivery.
  • Upstash — rate limiting infrastructure (processes IP addresses only).
  • Anthropic — AI language model provider powering the Tarquin claims assistant. Conversation content is sent to Anthropic's API for processing.
  • Google — optional Google Drive invoice sync (only when you connect it).

Each service has its own privacy policy and processes data in accordance with GDPR.

6. Cookies

We use essential cookies only — specifically an authentication session cookie to keep you logged in. We do not use advertising or tracking cookies.

7. Your rights (GDPR)

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing of your data.

To exercise any of these rights, email hello@reclaimhq.uk. We will respond within 30 days.

8. Data retention

We retain your data for as long as your account is active. If you cancel your subscription and request account deletion, we will delete all your data within 30 days. Billing records may be retained for up to 7 years as required by UK tax law.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. Continued use of the service after changes constitutes acceptance of the updated policy.