Prioritizing Privacy
Privacy and your data, in plain English
icandothat works without an account or login. Your inputs (photos, descriptions, damage notes) get saved on our storage and used only to improve our own tools. Never shared, never sold, and not tied to a person.
Updated April 28, 2026
8 min read
Most people accept privacy policies they haven't read because the alternative is not using the site. The boxes get checked, the wall of legalese gets scrolled past, and the implicit deal is that something happens with your data that you'll never quite know the shape of. There's a real legal page at /privacy with the full policy. This guide is the plain-English one. Same information, none of the legal noise, with two reference visuals up front so you can see the shape of the data flow before reading the prose.
The lifecycle of a single upload
From the moment a photo leaves your browser to the moment it's deleted from our storage, here's every stop on the way:
T + 0
Upload
Browser normalizes the photo (HEIC to JPG, downscale), uploads to Cloudflare storage tied to an anonymous session ID. No account, no email, no name attached.
T + seconds
AI identification
Photo crosses to Google Gemini for identification (Google Lens fallback when uncertain). Result returns to your browser. Listing-draft step uses text only and never sees the image.
T + 1 hour
Session expires
An hour after your last action, the active session ID is no longer valid. A return visit starts a fresh anonymous session with no link to the previous one.
T + 6 months
Auto-deletion
A Cloudflare R2 lifecycle rule deletes retained inputs after six months from upload. We don't hold a delete button because there's nothing tied to a person to look up; the timer runs whether you ask or not.
Every place your data brushes a third party
Three crossings happen, no others. Each one's purpose, what crosses, and what stays:
Crossing 1
AI providers
What crosses:
Photo (to Google Gemini, Google Lens fallback). Text-only item description (to OpenAI for draft listing).
What doesn't:
Photos never reach OpenAI. No persistent identifier ties the request to you.
Crossing 2
Search providers
What crosses:
Text-only comp queries (e.g., “MacBook Pro 16-inch 2021”). The provider sees it the same way it would see any visitor's query.
What doesn't:
No photo. No session ID, no anything tied to you.
Crossing 3
Display ads
What crosses:
Standard Google AdSense + Consent Mode v2 signals (page topic, page URL). Reject denies ad/analytics cookies; Accept enables them.
What doesn't:
No cross-site profile of you, because there's no account for AdSense to associate.
What we collect, in plain words
No account. No email. No name. No phone number. No credit card. There's no signup form because there's nothing to sign into.
What does flow through icandothat is the stuff you give the tool to do its job: the photos you upload, the descriptions you type in, the condition and damage notes you add, the platform you tell it you're selling on. All of that runs through the temporary session shown in the lifecycle visual above. The session ID is not you. It's a string of characters tied to your browser tab for the duration of your visit.
Because there's no account, there's no behavioral profile getting built across visits. The next time you come back, you're a fresh anonymous session with no link to the last one. That's the structural privacy this design buys you. Optional sign-in may show up later as a user benefit (saving favorites, tracking sales over time), but it would never be required to use the tool.
Why we keep inputs for six months at all
The retention window is the part most sites don't name out loud. We save your inputs (the photos, the descriptions, the notes) for up to six months, after which they're deleted by the lifecycle rule shown above. During that window, we use them for one purpose: improving our own tools. Better identification on the next person's photo, better pricing logic, better listing drafts. That's the bargain, and it's the same bargain every AI tool is making; the difference is naming it instead of burying it in legal language.
The retained data lives on our storage tied to the anonymous session ID, not to you. We don't share it with anyone outside the AI providers already in the request loop, and we don't sell it. There is no account to attach it to, so there is no "your data" set to look up. Structurally, the link between the inputs and a person doesn't exist.
What never crosses, regardless of consent setting
Three things stay on icandothat no matter how the consent banner is set: any link between you and your inputs (since there's nothing identifying you in the first place), any behavioral history across visits (we don't keep one), and anything we save for our own system improvement (kept on our storage, anonymous, deleted by the lifecycle rule). Toggle Accept or Reject however you want; these three are not on either side of that toggle.
How GDPR and CCPA fit, in one paragraph each
The headline regulatory rights apply, and the structural privacy of the no-account design changes how each one looks in practice. Worth naming so the answer is complete:
- GDPR (EU residents). The right to access, the right to rectification, and the right to erasure all assume an identifiable record about you. There isn't one. The retained inputs from your session are anonymous and bound to a session ID that has no link to your identity, so an erasure request has nothing to look up. The retention window itself is finite (six months) and runs without a request. If you want a session deleted before then, closing the tab and not returning lets the session ID expire naturally; we have no record that the session was yours.
- CCPA (California residents). The right to know what is collected: that's this page, the lifecycle visual above, and the three crossings below. The right to opt out of sale: not applicable, since nothing is sold to anyone. The right to non-discrimination for exercising rights: same answer, since there are no rights-exercise mechanics that could be discriminated against.
When the rule changes, here's how you'd know
A few honest exceptions are worth naming. Input retention for system improvement is real retention: the photos and descriptions sit on our storage for up to six months. They're anonymous and session-bound, but they exist on a server that isn't your browser. We don't currently run any first-party analytics or product-usage rollups; if that changes, this page changes with it.
The privacy commitment isn't a static promise; it's a posture, and if the posture changes, you'll see it: a banner update, a dated changelog on this page, and the same plain language we used to set it up. The dated commitment matters more than the values writeup, because values can drift quietly and dated commitments can't.
If you want the rest of the values picture (the non-negotiables we hold to, why they matter, and the trade-offs that come with them), the next read is free, no-login, no-tracking, and why.
Frequently asked questions
Do you have my email address?
No. There's no account on icandothat: no email field, no signup form, no newsletter list. Nothing to opt out of, because we never had a way to opt you in.
Where do my photos and inputs go after I submit?
They upload to secure storage on Cloudflare, bound to an anonymous session ID, then get sent to the AI provider for identification. The session expires an hour after your last action. We retain the inputs themselves for up to six months to improve our own tools, then delete them.
Do you train AI on my data?
Your inputs are used to improve our own tools: better identification, better pricing, better drafts for the next person. Retained for up to six months, then deleted. We don't share them with anyone outside the AI providers already in the request loop, and we don't sell them to anyone.
Can I have an account?
Not currently; there's no login. An optional sign-in may be added later for user benefits like saving favorites or tracking sales over time. It would never be required to use the tool.
Can I delete my data?
There's nothing user-specific to delete. Your inputs aren't tied to a person (no account, no email), so there's no 'your data' set to look up. The active session expires an hour after your last action; any retained data we use to improve our tools is anonymous and isn't linked to you.
What about ads tracking me?
Display ads run through Google AdSense and Google Consent Mode v2. The Reject button on first visit denies ad and analytics cookies; Accept enables them. Without an account, ad personalization isn't tied to you across visits the way it would be on a site that knows who you are.