Privacy Policy

1. Who We Are

loggit is the data controller for the personal data we process through our Service. We are responsible for ensuring your data is handled lawfully, transparently, and securely under UK data protection law.

Important: Participating venues are independent organisations. When a venue contacts you about a potential match or handles your item, that venue acts as a separate data controller under its own privacy policy. We are not responsible for how venues process your data outside of our Service.

2. What Data We Collect

2.1 From Customers (Lost Reports)

When you submit a lost report, we collect:

• Contact Information: Email address and/or phone number (you choose which to provide)
• Item Details: Category, description, brand/model, colour, unique features, where and when you lost it
• Photos: Optional images of your lost item to help with identification and AI matching
• Location Data: The venue or area where you lost your item (you enter this manually)

2.2 From Venues

When a venue registers with loggit, we collect:

• Venue Information: Venue name, address, type, contact details, opening hours
• Staff Information: Email addresses, names, roles (manager or staff), login codes
• Found Item Data: Details of items logged by the venue, including descriptions, categories, photos, date/time found, storage location
• Payment Information: Billing details and payment history (processed securely via third-party payment providers)
• Usage Data: Venue activity, items logged, matches confirmed, engagement with the Service

2.3 AI-Generated Data

Our AI systems generate and store:

• Photo Analysis Results: AI descriptions, object detection, colour analysis, text recognition
• Matching Scores: Confidence scores and reasoning for potential matches between lost reports and found items
• Embeddings: Mathematical representations of photos used for similarity matching

2.4 Technical and Usage Data

We automatically collect:

• Device Information: IP address, browser type, device type, operating system
• Usage Data: Pages viewed, features used, search queries, interaction patterns
• Log Data: Request identifiers, timestamps, error logs, performance metrics
• Cookies: Authentication tokens, session data, preferences (see our Cookie Notice)

3. How We Use Your Data

3.1 To Provide the Service

• Create and manage lost reports and found item records
• Run AI analysis on photos to generate descriptions and enable matching
• Calculate matching scores between lost reports and found items
• Notify venues of high-confidence matches
• Enable venues to contact you when they confirm a match
• Facilitate item return and ownership verification

3.2 To Improve the Service

• Analyse how users interact with loggit
• Improve AI accuracy and matching algorithms
• Develop new features and functionality
• Test and optimise performance

3.3 For Safety and Security

• Prevent fraud, abuse, and misuse of the Service
• Detect and respond to security incidents
• Enforce our Terms of Service
• Protect the rights and safety of loggit, users, and venues

3.4 For Communications

• Send notifications about potential matches
• Send service announcements and updates
• Respond to support requests
• For venue subscribers: send billing reminders and account information

3.5 For Legal Compliance

• Comply with legal obligations and requests from authorities
• Resolve disputes and enforce agreements
• Maintain records required by law

4. Legal Bases for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contractual Necessity: Processing is necessary to provide the Service you've requested (for lost reports) or under our contract with venue subscribers
• Legitimate Interests: We have legitimate interests in operating an efficient lost and found service, improving AI accuracy, preventing fraud, and maintaining security (balanced against your rights)
• Consent: Where you've given clear consent (for example, to receive certain communications or use optional features)
• Legal Obligations: Where required by law or to respond to legal requests

5. How We Share Your Data

5.1 With Venues

When our AI identifies a potential match, we share your contact details (email or phone number) and relevant item details with the venue so they can verify the match and arrange return. Venues are independent data controllers responsible for their own data practices.

We may also share your lost report details with venues you've selected or that are geographically relevant to your search.

5.2 With AI and Service Providers

We use third-party service providers who process data on our behalf, including:

• OpenAI: For AI photo analysis and matching (see OpenAI's privacy policy)
• Cloudflare: For image hosting and content delivery
• Hosting Providers: For data storage and computing infrastructure
• Email/SMS Providers: For sending notifications
• Payment Processors: For handling venue subscriptions
• Analytics Services: For understanding usage and improving the Service

These providers are contractually bound to process data only as instructed by us and to maintain appropriate security measures.

5.3 For Legal Reasons

We may disclose data:

• To comply with laws, regulations, legal processes, or governmental requests
• To enforce our Terms of Service
• To protect the rights, property, and safety of loggit, users, venues, or the public
• In connection with business transactions (mergers, acquisitions, asset sales)

5.4 With Your Consent

We may share data with other parties where you've given explicit consent.

6. International Data Transfers

Some of our service providers (including AI providers and cloud infrastructure) may process data outside the UK. When this happens, we ensure appropriate safeguards are in place:

• Transfers to countries with adequacy decisions from the UK government
• Standard contractual clauses approved by the UK ICO
• Other mechanisms recognised under UK data protection law

7. How Long We Keep Your Data

7.1 Lost Reports

• Active reports: Retained while you're searching and for 90 days after the last match attempt
• Matched reports: Retained for 12 months after match confirmation to handle disputes
• Unmatched reports: Archived after 90 days of inactivity, anonymised after 2 years

7.2 Venue Data

• Active subscriptions: Retained for the duration of the subscription
• Found items: Retained for 90 days after item return or disposal
• After subscription ends: Account data retained for 3 years for legal and accounting purposes, then anonymised

7.3 AI-Generated Data

• Photo analysis: Retained with the associated lost report or found item
• Embeddings and matching data: Retained for 12 months to improve AI accuracy, then anonymised for research

7.4 Technical Logs

• Log data retained for 90 days for debugging and security purposes
• Aggregated, anonymised analytics retained indefinitely

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent
• Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us using the details below. We will respond within one month.

Important limitations: Some rights may be limited by law or where retention is necessary for legal compliance, dispute resolution, or to continue providing the Service.

9. Data Security

We implement appropriate technical and organisational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication requirements
• Regular security assessments and updates
• Secure data centre infrastructure
• Staff training on data protection

While we work hard to protect your data, no system is 100% secure. We cannot guarantee absolute security, but we will notify you and relevant authorities if a data breach occurs as required by law.

10. Children's Privacy

loggit is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has submitted data to us, please contact us immediately and we will delete it.

Parents and guardians: If you need to submit a lost report on behalf of a child, please use your own contact details.

11. AI and Automated Decision-Making

Our Service uses AI to analyse photos and suggest potential matches. This is not fully automated decision-making—venues always make the final determination about whether an item matches a lost report.

AI-generated confidence scores are guidance only. You have the right to human review of any match decision.

12. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Authentication, security, and core functionality
• Analytics cookies: Understanding how users interact with loggit (with consent where required)
• Preference cookies: Remembering your settings

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top indicates the most recent version.

For material changes that significantly affect your rights, we will provide prominent notice or seek consent where required by law.

14. Contact Us

For privacy questions, to exercise your rights, or to raise concerns, please contact us:

Data Protection Contact: privacy@loggit.com

Complaints: If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Related: Terms of Service