Privacy Policy

Short version: We collect the minimum data needed to help you recover your lost items. We do not sell your data, show you ads, or share your information with third parties beyond what is necessary to operate the service.

1. Who we are

Lostly is operated by Nordic Business Advisory ApS (trading as Lostly), a company registered in Denmark. Contact: support@lostly.eu

As a service primarily used in the European Union, we comply with the General Data Protection Regulation (GDPR). The data controller is Nordic Business Advisory ApS.

2. What data we collect and why

Data	Why we collect it	Legal basis (GDPR)
Name (from Sign in with Apple)	Display your name in the app and personalise your profile	Contract
Location (where item was lost or found)	Match found items to nearby lost reports	Contract
Photos of found items	Automatically classify and describe found items using AI. Thumbnail stored for matching; full photo never leaves your device until a claim is approved.	Contract
Item descriptions (public and private)	Match lost and found reports. Private description is used only for ownership verification and is never shown to finders.	Contract
Chat messages	Enable anonymous coordination between owners and finders for item return	Contract
Shipping address	Generate a carrier shipping label for item return. Not stored after label creation.	Contract
Payment information	Process the shipping fee (59 DKK platform fee + carrier cost). Handled entirely by Stripe — we never see or store your card details.	Contract
Device token (APNs)	Send push notifications for matches, claim updates, and shipping events	Consent
Trust score	Display a trust indicator based on your successful returns	Legitimate interest

We do not collect advertising identifiers, browsing history, contacts, or any data unrelated to the lost-and-found service.

3. Photos and AI analysis

When submitting a found item, the photo is sent to Anthropic (United States) for AI-powered classification and description. The photo is processed to generate a category and a factual description of the item; it is not used to train Anthropic's models and is not retained by Anthropic beyond the request.

A privacy blur is applied to any people visible in the photo before the thumbnail is stored. The full-resolution photo is never uploaded to our servers.

4. Data retention

Lost item reports expire automatically after 60 days if not matched
Found item reports expire automatically after 30 days if not claimed
Chat messages are deleted when a claim is closed or the account is deleted
Device tokens are deleted when you sign out or delete your account
Payment records are retained by Stripe according to their data retention policy (typically 7 years for financial records)

5. Third-party services

Service	Purpose	Privacy policy
Supabase	Database and file storage (hosted in EU — Stockholm, Sweden)	supabase.com/privacy
Anthropic	AI photo classification and item description	anthropic.com/privacy
Stripe	Payment processing	stripe.com/privacy
Shipmondo	Carrier shipping label generation	shipmondo.com/da/privatlivspolitik/
Apple (Sign in with Apple)	Authentication	apple.com/legal/privacy

6. Your rights (GDPR)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — delete your account and all associated data. You can do this directly in the app: Profile → Account → Delete Account. Deletion is immediate and permanent.
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdraw consent — disable push notifications at any time in iOS Settings

To exercise any right other than account deletion, contact support@lostly.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Agency (datatilsynet.dk).

7. Data security

All data is transmitted over HTTPS. The database is hosted in the EU (Stockholm) with row-level security enabled — each user can only access their own data. Private item descriptions are never exposed to finders or other users.

8. Children

Lostly is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided personal data, please contact us and it will be deleted promptly.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated via a push notification or in-app notice. The effective date at the top reflects the most recent update.

10. Contact

Nordic Business Advisory ApS (trading as Lostly)
support@lostly.eu
lostly.eu