ReclaimHQReclaimHQBack to home

Privacy Policy

Last updated: 19 March 2026

1. Who we are

ReclaimHQ is operated by ReclaimHQ LTD, a company registered in England and Wales. If you have any questions about this policy, contact us at hello@reclaimhq.uk.

2. What data we collect

When you use ReclaimHQ, we collect:

  • Account information: your name, email address, and password (hashed).
  • Amazon order data: removal order IDs, product names, ASINs, SKUs, tracking numbers, shipment dates, reimbursement records, customer return records, inventory data, and related Amazon Marketplace information that you import via the Chrome extension or that is retrieved via the Amazon Selling Partner API on your behalf after you authorise access.
  • Payment information: processed securely by Stripe. We do not store your card details.
  • AI conversation data: messages exchanged with the Tarquin claims assistant, including your inputs and AI-generated responses. Images attached to conversations are processed but not permanently stored.
  • Usage data: basic analytics such as pages visited and features used.

3. How we use your data

We use your data to:

  • Provide and improve the ReclaimHQ service.
  • Process your subscription payments via Stripe.
  • Send transactional emails (account confirmation, password resets, billing receipts).
  • Respond to support requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data storage and security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies ensuring you can only access your own data. All connections are encrypted via TLS. Passwords are hashed using bcrypt. API keys are stored as one-way hashes.

Application-level encryption:commercially sensitive fields — including cost of goods (COG), target sale prices, removal fees, recovery amounts, and invoice filenames — are encrypted at rest using AES-256-GCM with per-user encryption keys. Each user's data is encrypted with a unique key, meaning that even platform administrators browsing the database cannot read your commercial figures. Data is only decrypted in memory when served to your authenticated session.

The Chrome extension does not store your Amazon credentials — it only imports the order data you choose to send to ReclaimHQ.

5. Amazon Marketplace data

When you connect your Amazon Seller Central account to ReclaimHQ, we access your Amazon Marketplace data solely to provide the ReclaimHQ service to you. This includes removal order data, reimbursement records, inventory information, customer return records, and financial transaction data.

  • Purpose limitation: We use your Amazon data only to provide, maintain, and improve the ReclaimHQ service for your account. We do not use your Amazon data for advertising, profiling, or any purpose unrelated to the service you have authorised.
  • No sale or sharing: We do not sell, rent, license, or share your Amazon Marketplace data with any third party, except as necessary to operate the service (for example, encrypted storage via our database provider).
  • Data retention: Amazon Marketplace data that does not contain personally identifiable information is retained for no longer than 18 months from the date it was retrieved. Data associated with your active account may be retained for the duration of your subscription to provide continuity of service. When data exceeds the retention period, it is permanently deleted.
  • Revocation and deletion: If you disconnect your Amazon account or revoke authorisation, we will delete all Amazon Marketplace data associated with your account within 30 days. You may also request deletion at any time by emailing hello@reclaimhq.uk.
  • Security: All Amazon data is encrypted in transit using TLS 1.2 or higher and encrypted at rest. Commercially sensitive fields are additionally encrypted using AES-256-GCM with per-user encryption keys, as described in section 4.

6. Third-party services

We use the following third-party services:

  • Supabase — database and authentication.
  • Stripe — payment processing.
  • Vercel — application hosting.
  • Resend — transactional email delivery.
  • Upstash — rate limiting infrastructure (processes IP addresses only).
  • Anthropic — AI language model provider powering the Tarquin claims assistant. Conversation content is sent to Anthropic's API for processing.
  • Google — optional Google Drive invoice sync (only when you connect it).

Each service has its own privacy policy and processes data in accordance with GDPR.

7. Cookies

We use essential cookies only — specifically an authentication session cookie to keep you logged in. We do not use advertising or tracking cookies.

8. Your rights (GDPR)

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing of your data.

To exercise any of these rights, email hello@reclaimhq.uk. We will respond within 30 days.

9. Data retention

We retain your account data for as long as your account is active. Amazon Marketplace data that does not contain personally identifiable information is retained for no longer than 18 months. If you cancel your subscription and request account deletion, we will delete all your data within 30 days. Billing records may be retained for up to 7 years as required by UK tax law.

10. Security logging and incident response

We maintain append-only security audit logs that record authentication events, data exports, account changes, and administrative actions. These logs are retained for a minimum of 90 days and are protected by integrity controls.

In the event of a data security incident that affects your personal data, we will notify affected users within 72 hours of becoming aware of the incident, in accordance with UK GDPR requirements. We will also notify the relevant supervisory authority (the ICO) where required.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. Continued use of the service after changes constitutes acceptance of the updated policy.