itemzz.ioEverything in its place.
Preise

Privacy Policy

Version 1.3 — Last updated: May 2026

1. Who We Are

itemzz.io is operated by:

itemsnest GmbH
Görschstr. 38, 13187 Berlin, Germany
VAT: DE348793078
privacy@itemzz.io

itemsnest GmbH is the data controller for personal data processed through itemzz.io.

2. What Data We Collect

Account data
Email address and display name when you register. Optional profile photo.

Board and home data
Data you enter: inventory, spaces, members, contacts, contracts, finances, budgets, home profile (including address where you provide it), and related records.

Uploaded files
Photos and documents you upload.

Usage data
In-app activity and events needed to run the service. We do not use third-party analytics trackers.

Payment and subscription data
When you subscribe, Stripe Payments Europe, Ltd. processes payment. We do not store full card or bank details. We store subscription status, billing period, and Stripe customer/subscription identifiers linked to your account.

AI processing
When you use AI features, we send the content you submit (e.g. text or images you choose) to our AI provider to generate suggestions. Do not submit sensitive data you do not want processed for that purpose.

Optional integrations
If you connect third-party services (e.g. email or banking, when available), we process only what you authorise through that connection.

Consent records
When you accepted Terms and Privacy, including version, timestamp, and IP address.

Technical data
Server logs (IP address, browser type) for security, retained briefly.

3. Why We Collect It and Legal Basis

Providing itemzz.io (including after you subscribe):
Legal basis: Art. 6(1)(b) GDPR — contract

Storing your household data:
Legal basis: Art. 6(1)(b) GDPR — contract

Payment processing:
Legal basis: Art. 6(1)(b) GDPR — contract

AI features you request:
Legal basis: Art. 6(1)(b) GDPR — contract

Transactional emails:
Legal basis: Art. 6(1)(b) GDPR — contract

Security and fraud prevention:
Legal basis: Art. 6(1)(f) GDPR — legitimate interest

Service improvement (aggregated, non-identifying where possible):
Legal basis: Art. 6(1)(f) GDPR — legitimate interest

Marketing communications:
Legal basis: Art. 6(1)(a) GDPR — consent (opt-in only)

Recording consent:
Legal basis: Art. 6(1)(c) GDPR — legal obligation

4. Where Your Data Is Stored

Primary hosting and storage use sub-processors in the European Union / EEA:

Supabase (database, authentication, file storage)
Region: EU (e.g. Ireland)
supabase.com/privacy

Stripe Payments Europe, Ltd. (payments)
Processes payment data; may use additional Stripe entities under their DPA and SCCs where applicable.
stripe.com/privacy

Anthropic PBC (AI features, when enabled)
Processes prompts and content you submit for AI responses. Configure only what you need to send.
anthropic.com/privacy

We do not sell personal data. We do not transfer your household board data outside the EEA except where a sub-processor is required for a feature you use (e.g. AI) and appropriate safeguards apply.

5. How Long We Keep Your Data

Account and board data: until account deletion.
Uploaded files: until you delete them or delete your account.
Payment records: 10 years (German commercial law — HGB §257).
Server logs: 30 days.
Export files: 7 days after generation.
Consent records: duration of account plus 3 years.

After account deletion, personal data is purged within 30 days unless law requires longer retention.

6. Your Rights Under GDPR

Access, rectification, erasure, restriction, portability, and objection — contact privacy@itemzz.io.

We respond within 30 days.

Supervisory authority (Germany):
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin — datenschutz-berlin.de

7. Third-Party Services

Supabase — hosting and auth — all account data
Stripe — payments — billing identity and payment metadata
Anthropic — AI — content you submit to AI features
Unsplash / ICECAT — product placeholders and lookups — no personal data
Klarna Open Banking (planned) — only with separate explicit consent

8. Cookies and Local Storage

We use essential cookies only (no advertising or analytics cookies):

  • Supabase session — authentication — session / up to 7 days
  • itemzz_ui_locale — interface language preference — up to 1 year
  • Last board selection — convenience when switching boards — session

We may store a cookie-consent acknowledgement in your browser local storage for transparency. That is not used for tracking.

Strictly necessary cookies do not require consent under ePrivacy Art. 5(3).

9. Data Security

  • Row-level security on database tables
  • TLS in transit and encryption at rest
  • Access limited to your account and invited members per product rules

10. Children

Not directed at children under 16. Contact privacy@itemzz.io if you believe a child provided data.

11. Changes to This Policy

Material changes are notified by email and in-app notice. Version and date at the top indicate the current version.

12. Contact

itemsnest GmbH
Görschstr. 38, 13187 Berlin, Germany
VAT: DE348793078
privacy@itemzz.io