Privacy Policy
Effective July 11, 2026
AllClear (“we”) screens the things you own or resell against federal recall data. This policy explains what we collect, why, and what we never do. We keep it short because our data footprint is small by design.
What we collect
- Account email — to sign you in (passwordless links) and, if you opt in, to send recall alerts. It’s the only personal identifier we store about you.
- Your watchlist — the product titles, brands, models, or UPCs you ask us to watch, and vehicles by VIN. Used solely to match against recalls and notify you.
- Screening activity — for API/business customers, a log of screens run under your key (what was screened and the verdict). This is the audit trail you can export.
- Abuse-prevention hashes — on anonymous endpoints (the public demo, certificate verification) we store a one-way salted hash of your IP for rate limiting. We do not store raw IP addresses.
- Billing — payments are processed by Stripe. We never see or store your card number; we keep only your Stripe customer and subscription identifiers and your current plan.
What we do with it
Only what the service requires: match your items against recalls, send the alerts you asked for, run and log the screens you request, process your subscription, and prevent abuse. Nothing else.
What we never do
- We do not sell, rent, or share your data with advertisers or data brokers.
- We do not use your watchlist or screening activity for anything other than providing the service to you.
- We show no ads.
Sub-processors
We rely on Supabase (database and authentication), Vercel (hosting), Stripe (payments), and an email provider to deliver alerts. Recall data comes from public U.S. federal sources: CPSC, FDA, USDA FSIS, and NHTSA.
Security & retention
API keys are stored only as hashes and can be revoked anytime. Database access is default-deny with row-level security. We keep your data while your account is active; delete your account and we remove your profile, watchlist, and keys. Signed clearance certificates are designed to stay publicly verifiable after issuance and may persist beyond deletion.
Your choices
Turn email alerts on or off in your dashboard, revoke API keys, and request deletion of your account and data by emailing us.
Contact
Privacy questions? support@useallclear.com.
Plain-language summary, not legal advice.