name: Privacy Policy slug: privacy version: 2.0.0 effective_date: [EFFECTIVE_DATE] last_updated: 2026-05-09
Privacy Policy
Effective Date: [EFFECTIVE_DATE] Version: 2.0.0 Last Updated: 2026-05-09
Plain-English Summary
We collect what we need to run a hyperlocal sharing platform: your account information, the listings and messages you create, and limited technical data to keep the service safe. We share your pickup address with another user only when you choose to confirm a claim with a porch or meetup pickup. We scan messages with automated systems to detect abuse and policy violations. We do not sell your personal information and we do not share it for cross-context behavioral advertising. You can delete your account at any time from Settings → Privacy. Questions? Email privacy@sharefree.org.
Table of Contents
- Scope and Controller Identity
- Categories of Personal Data We Collect
- Sources of Personal Data
- Purposes of Processing and Lawful Bases
- Disclosures of Personal Data
- Sale or Sharing for Cross-Context Behavioral Advertising
- International Data Transfers
- Data Retention
- Security Measures
- Your Privacy Rights
- How to Exercise Your Rights
- Children
- Cookies and Similar Technologies
- Artificial Intelligence Processing
- Message Scanning and Two-Party Consent Notice
- Address Sharing at Claim Confirmation
- Biometric and Photo-Derived Data
- Automated Decision-Making
- Do Not Track and Global Privacy Control
- Data Breach Notification
- Changes to This Policy and Version History
1. Scope and Controller Identity
This Privacy Policy ("Policy") describes how ShareFree ("ShareFree," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal data when you access or use our website at https://www.sharefree.org, our iOS and Android mobile applications, and any related services (collectively, the "Service").
1.1 Data Controller. ShareFree is the controller of personal data processed in connection with the Service for purposes of the EU General Data Protection Regulation ("GDPR"), the United Kingdom GDPR ("UK GDPR"), and U.S. state privacy laws that use a controller/processor framework.
1.2 Contact Information.
- Legal entity: ShareFree, a Texas-based platform.
- Registered agent address: [REGISTERED_AGENT_ADDRESS]
- General support: support@sharefree.org
- Privacy inquiries and rights requests: privacy@sharefree.org
- EU/UK representative (Art. 27 GDPR): [EU_REPRESENTATIVE_TBD]
1.3 Scope. This Policy applies to personal data we process about (a) registered users of the Service, (b) visitors to our public website, (c) people who contact our support team, and (d) individuals identified or identifiable in user-generated content (for example, where another user references you in a listing or message). It does not apply to third-party websites, applications, or services that link to or integrate with the Service.
1.4 Definitions. "Personal data" (or "personal information") means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. "Processing" means any operation performed on personal data, whether automated or not, including collection, storage, use, disclosure, and deletion.
2. Categories of Personal Data We Collect
We collect the categories of personal data described below. The specific fields we hold for any given user depend on which features they use.
2.1 Account Data
- Email address (required)
- Authentication credentials: a salted password hash (we never store passwords in plaintext) or an OAuth token issued by Google or Apple if you sign in with those providers
- Display name
- Phone number (optional, only if you provide one)
- Account creation timestamp, last sign-in timestamp, and authentication audit events
- Email verification status
2.2 Profile Data
- Avatar image (optional)
- Bio (optional, free-text)
- Preferred display language
- Primary community affiliation and membership in additional communities (with role: member, moderator, or admin)
- Public-facing location label (community name, e.g., "Frisco, TX") — never a precise address
- Trust and reputation indicators derived from your activity (rating average, completed claims count, account age)
2.3 Location Data
- Approximate geographic coordinates (latitude/longitude) stored using the PostGIS extension. We use these to match you to a community and to show you listings within a configurable radius. We do not track your real-time location, and we do not continuously sample location in the background.
- Community hierarchy path stored as an
ltreevalue (e.g.,us.tx.dallas-fort-worth.frisco). - User-chosen pickup address (street address) stored only when you have created a "porch" or "meetup" address for use with claims. This address is not publicly visible. It is disclosed to a counterparty only at the moment you confirm a claim with that pickup option (see Section 16).
2.4 User-Generated Content
- Listings (title, description, category, condition, price, photos)
- Posts and comments
- Direct messages between users
- Ratings (1–5 stars and an optional comment, capped at 500 characters)
- Reports and the narrative reasons users provide
- User-to-user blocks
2.5 Photo and Image Metadata (EXIF Handling)
When you upload a photo to the Service:
- We strip EXIF metadata on upload, including GPS coordinates, camera model, capture timestamp, and device identifiers. The stored copy of the image does not contain this metadata.
- We retain the content of the image (the pixels), the file format, dimensions, file size, and a server-generated upload timestamp.
- Photos are processed by our AI moderation pipeline (see Section 14) before becoming visible.
2.6 Communications
- The contents of messages you send through the in-app chat. Messages are scanned by automated systems for the limited purpose of detecting violations of our Acceptable Use Policy (see Section 15).
- The contents of any support correspondence you send to support@sharefree.org or via the in-app support form, including attached screenshots.
2.7 Device, Connection, and Technical Data
- Device fingerprint values stored as a SHA-256 hash (
device_hash) — we do not store the underlying raw fingerprint. - IP address stored as a SHA-256 hash (
ip_hash) — we do not retain the unhashed IP after the request is logged. - Application version, operating system and version, device model.
- Push notification token (Expo
ExponentPushToken) used to deliver push notifications you have not disabled. - Crash and error telemetry generated by the Service (no third-party crash reporter is used as of the effective date).
2.8 Payment Metadata
We do not receive or store credit card numbers, bank account numbers, or other payment instrument data. When you make an in-app purchase:
- On iOS, Apple processes the transaction and returns a StoreKit 2 receipt. We store the receipt identifier, the product identifier you purchased, the purchase timestamp, and Apple's transaction ID.
- On Android, Google Play processes the transaction and returns a purchase token and product identifier, which we store along with the timestamp.
We use this metadata to grant the entitlement you bought (such as ad credits or a boost) and to retain a tax record.
2.9 Support and Trust & Safety Records
- Support tickets and screenshots you submit
- Reports filed about you or by you
- Sanctions imposed (warnings, listing removals, temporary or permanent bans)
- Appeals you file and our decisions
- A reporter trust score computed from the historical accuracy of reports you have submitted. We use this to weight automated and human review of future reports you file.
2.10 AI Audit Logs
We retain an audit record of AI inferences performed on your content, including the AI feature used, the provider routed to, the inference timestamp, and a high-level outcome (for example, "moderation: pass" or "moderation: violation suspected"). We do not retain the full prompt content beyond what is necessary for safety review.
2.11 Analytics Events
We operate an in-house analytics tracker that records events such as feed views, listing views, search queries, and clicks within the Service. We do not embed third-party analytics SDKs (for example, we do not use Google Analytics, Mixpanel, Segment, or similar). Analytics events are linked to your account ID for your activity and to a hashed device identifier for unauthenticated activity.
3. Sources of Personal Data
We obtain personal data from the following sources:
3.1 Directly from you when you register, build your profile, post listings, send messages, file reports, contact support, or otherwise interact with the Service.
3.2 Automatically when you use the Service. This includes server logs, the device fingerprint generated by your client, the IP address recorded by our edge servers, push tokens registered with us, and analytics events.
3.3 From third parties:
- OAuth providers — Google and Apple, when you choose to sign in with those providers. We receive an authentication assertion containing your email address and a stable user identifier; we do not receive your password.
- App stores — Apple App Store and Google Play, when you make in-app purchases. We receive purchase receipts and product identifiers.
- AI providers — When the AI providers we use (see Section 14) return a result for an inference we requested.
- Other users — When another user reports you, rates you, or otherwise references you in a listing or message.
- Public sources and law enforcement — In rare cases, in response to legal process or to investigate suspected fraud or abuse.
4. Purposes of Processing and Lawful Bases
For users in the European Economic Area, the United Kingdom, and Switzerland, the table below identifies our purposes of processing and the GDPR Article 6 lawful basis for each. For users outside those jurisdictions, the lawful-basis column is informational; we still process data only for the purposes listed.
| # | Purpose | Lawful basis (GDPR Art. 6) |
|---|---|---|
| 4.1 | Creating and maintaining your account; delivering core features (listings, claims, messaging, ratings) | Contract (Art. 6(1)(b)) |
| 4.2 | Sending transactional notifications (claim confirmations, message alerts, account changes) | Contract (Art. 6(1)(b)) |
| 4.3 | Trust & safety: detecting fraud, abuse, harassment, prohibited content; computing and applying the reporter trust score | Legitimate interests (Art. 6(1)(f)) — interest in operating a safe community |
| 4.4 | AI moderation of listings, photos, and messages | Legitimate interests (Art. 6(1)(f)) and contract (Art. 6(1)(b)) |
| 4.5 | AI-assisted suggestion features (Fill with AI, Enhance Ad) when you invoke them | Contract (Art. 6(1)(b)) — performance of a feature you requested |
| 4.6 | Service analytics (in-house, aggregated where feasible) to improve the Service | Legitimate interests (Art. 6(1)(f)) |
| 4.7 | Marketing emails (digests, new feature announcements) | Consent (Art. 6(1)(a)) — opt-in, withdrawable at any time |
| 4.8 | Processing in-app purchases and granting purchased entitlements | Contract (Art. 6(1)(b)) |
| 4.9 | Tax records, accounting, and financial recordkeeping | Legal obligation (Art. 6(1)(c)) |
| 4.10 | Responding to lawful requests from courts, regulators, and law enforcement | Legal obligation (Art. 6(1)(c)) |
| 4.11 | Establishing, exercising, or defending legal claims; enforcing our Terms | Legitimate interests (Art. 6(1)(f)) |
| 4.12 | Protecting the vital interests of you or another person (for example, in response to a credible threat of physical harm) | Vital interests (Art. 6(1)(d)) |
| 4.13 | Communicating with you about your support tickets | Contract / legitimate interests |
| 4.14 | Internal staff training on policy enforcement using anonymized examples | Legitimate interests |
Where we rely on legitimate interests, we have performed a balancing test and concluded that our interests are not overridden by your rights and freedoms. You can object to processing based on legitimate interests at any time (see Section 10).
5. Disclosures of Personal Data
We disclose personal data only to the categories of recipients described below.
5.1 Other users. Listings you publish, your display name and avatar, your community memberships, ratings you give and receive, and other content you choose to make public are visible to other users who can access the relevant community. Messages are visible to the user you are messaging.
5.2 Counterparties at claim confirmation. When you confirm a claim with a pickup option of "porch" or "meetup," the chosen address is disclosed to the counterparty. See Section 16.
5.3 Community admins and moderators. Admins and moderators of a community can see membership of that community and the content posted within it. They can take moderation actions limited to their community.
5.4 ShareFree staff and counsel on a need-to-know basis to operate the Service, respond to support tickets, investigate abuse, and obtain legal advice.
5.5 Service providers under written data-processing agreements that restrict their use of personal data to providing services to us. Our principal subprocessors are:
| Subprocessor | Role | Region |
|---|---|---|
| Supabase, Inc. | Database, authentication, edge functions, storage | United States |
| Google LLC | Android push notifications (FCM); Google Sign-In; Gemini AI inference | United States |
| Apple Inc. | iOS push notifications (APNs); Sign in with Apple; App Store transactions | United States |
| Resend, Inc. | Transactional email delivery | United States |
| OpenRouter, Inc. | LLM routing for AI moderation and copy enhancement | United States |
| Cloudflare, Inc. | Edge content delivery and DDoS protection | Global edge |
We may engage additional service providers from time to time. A current list is available on request to privacy@sharefree.org.
5.6 Law enforcement, regulators, and courts when we receive a valid legal demand (for example, a subpoena, court order, or search warrant) or when we believe in good faith that disclosure is necessary to comply with law, prevent imminent harm, or investigate suspected fraud.
5.7 Successors. If ShareFree is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred to the acquiring or successor entity. We will provide notice (for example, by posting on the Service or by email) before personal data becomes subject to a materially different privacy policy.
5.8 With your consent or at your direction in any other case.
6. Sale or Sharing for Cross-Context Behavioral Advertising
We do not sell your personal information for money. We do not "share" your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), or comparable U.S. state privacy laws.
The advertising on the Service is first-party and operated in-house. Ad targeting is limited to the community you are viewing and the category of listings you are browsing. We do not transmit identifiers to third-party ad networks or data brokers for the purpose of building cross-site or cross-app profiles of you.
6.1 Right to opt out. Even though we do not sell or share, we provide a courtesy opt-out at https://www.sharefree.org/privacy/do-not-sell that records your preference. If we ever change our practices to engage in "sale" or "sharing" as defined above, we will obtain your consent or honor your prior opt-out before doing so.
6.2 Global Privacy Control. We honor the Global Privacy Control ("GPC") signal sent by your browser or operating system as a valid opt-out request under the CPRA and other applicable U.S. state laws.
6.3 Sensitive personal information. We do not use or disclose "sensitive personal information" (as defined under the CPRA) for purposes beyond those permitted by Cal. Civ. Code § 1798.121.
7. International Data Transfers
The Service is operated from the United States, and personal data we collect is processed and stored in the United States.
7.1 Transfers from the EEA, UK, and Switzerland. When personal data of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States or to any third country that has not been recognized by the European Commission or the UK as providing an adequate level of data protection, we rely on appropriate safeguards, including:
- The European Commission's Standard Contractual Clauses (Module 1 controller-to-controller, Module 2 controller-to-processor, or Module 3 processor-to-processor, as appropriate) ("SCCs"); and
- The International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner's Office ("UK IDTA") for transfers from the United Kingdom.
7.2 Supplementary measures. In addition to contractual safeguards, we apply technical and organizational supplementary measures, including: TLS 1.2 or higher for data in transit; AES-256 encryption at rest in our database and object storage; Postgres Row-Level Security ("RLS") to enforce per-user access at the database layer; least-privilege access controls for staff; logging of administrative access; and a published process for assessing and challenging law-enforcement demands.
7.3 Copies of safeguards. A copy of the SCCs or UK IDTA in force for a specific transfer, with redactions to protect commercial confidentiality, is available on request to privacy@sharefree.org.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The schedule below summarizes our default retention windows. Where multiple windows apply, the longest controls.
| Data category | Retention window |
|---|---|
Account profile (profiles row) | Until you delete your account, plus a 30-day grace period during which deletion can be reversed by signing back in, plus up to 7 days for the data to age out of database backups |
| Listings | Until you remove the listing, or 24 months after the listing's last activity (claim, comment, or edit), whichever is first |
| Messages | 24 months from the last reply in the thread; longer if the thread is subject to an active report, sanction, appeal, or law-enforcement preservation request |
Photos in listing-photos | Until the associated listing or account is deleted, plus the 30-day grace period |
| Ratings (1–5 stars + comment) | Indefinitely; the rater's display name is anonymized to "Former user" once the rater deletes their account, but the star and comment remain visible to preserve the integrity of the rated user's reputation |
| Reports and moderation records | 5 years from the date of the report or moderation decision (regulatory and safety necessity) |
| Sanctions and appeals | 5 years from the date the sanction was lifted or expired |
| Reporter trust score and underlying history | Lifetime of the account, plus 5 years after account deletion (abuse-prevention necessity) |
Device fingerprints (device_hash, hashed) | 12 months rolling for users in good standing; 5 years for users banned for abuse |
Hashed IP addresses (ip_hash) | 90 days hot, then aggregated to coarse counters |
| In-app purchase receipts (Apple, Google) | 7 years from the transaction date (tax and accounting recordkeeping) |
| Support tickets and screenshots | 24 months from ticket closure |
AI audit logs (ai_audit_logs) | 12 months |
| Server access logs and security event logs | 90 days hot storage; up to 12 months in cold storage |
| Database and object-storage backups | 30 days |
| Marketing email consent records | Lifetime of the account plus 3 years after withdrawal |
After the applicable window expires, we delete or de-identify the data. De-identified data — data that cannot be linked to you using any reasonable means — is not subject to this Policy, and we may retain it indefinitely for analytical purposes.
9. Security Measures
We use commercially reasonable technical, administrative, and physical safeguards designed to protect personal data against accidental or unlawful loss, alteration, unauthorized disclosure, or access. These safeguards include:
- Encryption in transit: TLS 1.2 or higher on all client-server connections.
- Encryption at rest: AES-256 for database storage and S3-compatible object storage.
- Row-Level Security: Postgres RLS policies that enforce per-user access at the database layer; a number of sensitive tables are write-protected and accessible only via SECURITY DEFINER stored procedures with explicit authorization checks.
- Authentication: salted password hashing (bcrypt-equivalent), OAuth 2.0 for social sign-in, magic-link authentication for passwordless flows, and short-lived JWT session tokens.
- Least-privilege access: staff access to production data is limited to a small group with role-based permissions and is audit-logged.
- Secret management: application secrets are stored in environment-variable vaults and rotated on a schedule; no production credentials are checked into source control.
- Vulnerability management: dependency scanning, periodic security review, and a process for receiving and triaging external vulnerability reports.
- Backup integrity: encrypted backups with restore testing.
No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, contact us immediately at privacy@sharefree.org.
10. Your Privacy Rights
Subject to applicable law and to verification of your identity, you have the rights described below. Some rights apply only to residents of certain jurisdictions; we honor the broadest set of rights as a matter of policy where we can do so.
10.1 Rights available globally as a matter of policy
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your account and personal data.
- Port your data in a machine-readable format.
- Withdraw consent to processing that is based on consent (such as marketing emails).
10.2 GDPR / UK GDPR (EEA, UK, Switzerland)
In addition to the rights above, you have the right to:
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests, including direct marketing.
- Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 18 for our automated decisions and the appeal route).
- Lodge a complaint with the supervisory authority in your member state of habitual residence, place of work, or place of the alleged infringement. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may complain to the Information Commissioner's Office at https://ico.org.uk.
10.3 California (CCPA / CPRA)
California residents have the right to:
- Know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we have disclosed that information in the preceding 12 months.
- Request deletion of personal information, subject to statutory exceptions.
- Request correction of inaccurate personal information.
- Opt out of sale or sharing for cross-context behavioral advertising. As noted in Section 6, we do not sell or share. The opt-out portal at /privacy/do-not-sell records your preference for completeness.
- Limit the use of sensitive personal information, although we do not use sensitive personal information for purposes that would trigger this right.
- Non-discrimination for exercising your rights. We will not deny you services, charge you a different price, or provide a different level of quality for exercising any of your CCPA rights.
You may designate an authorized agent to make a request on your behalf. We will require proof of your written authorization and may verify your identity directly.
10.4 Virginia (VCDPA)
Virginia residents have the rights to access, correct, delete, port, and to opt out of (i) targeted advertising, (ii) sale, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in (i) or (ii); we do engage in (iii) for safety purposes, and Section 18 describes the appeal route.
10.5 Colorado (CPA)
Colorado residents have rights of access, correction, deletion, portability, and opt-out (targeted advertising, sale, profiling). The same notes for Virginia apply.
10.6 Connecticut (CTDPA)
Connecticut residents have access, correction, deletion, portability, and opt-out rights (targeted advertising, sale, profiling).
10.7 Utah (UCPA)
Utah residents have rights of access, deletion, portability, and opt-out (targeted advertising, sale).
10.8 Texas (TDPSA)
Effective July 1, 2024, Texas residents have the rights of access, correction, deletion, portability, and opt-out (targeted advertising, sale, profiling), as well as the right to appeal a denied request.
10.9 Other states
We honor analogous rights granted by Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, Rhode Island, and other states whose comprehensive privacy laws are in effect at the time of your request, in accordance with the terms of those laws.
11. How to Exercise Your Rights
11.1 In-app self-service. The fastest way to exercise most rights is in the app:
- Access and portability: Settings → Privacy → Download My Data
- Correction: Settings → Profile (most fields are user-editable)
- Deletion: Settings → Privacy → Delete My Account
- Marketing opt-out: Settings → Notifications → Email Digest
11.2 By email. Send a request to privacy@sharefree.org with the subject line "Privacy Rights Request." Describe the right you wish to exercise and provide enough information for us to identify your account. We may ask for additional information to verify your identity.
11.3 Verification. We verify identity proportionate to the sensitivity of the request:
- For access, correction, and portability of profile data: signing in to the account is sufficient.
- For deletion: we send a confirmation email that you must click within 72 hours.
- For requests by an authorized agent: we require a signed authorization from you and may verify with you directly.
11.4 Response window. We will respond to verifiable requests:
- Within 30 days for CCPA requests, extendable by 45 days where reasonably necessary, with notice to you.
- Within 45 days for VCDPA, CPA, CTDPA, UCPA, TDPSA, and other U.S. state-law requests, extendable by 45 days where reasonably necessary.
- Within 30 days for GDPR / UK GDPR requests, extendable by 60 days for complex requests, with notice to you.
11.5 Appeals. If we deny your request, our response will include the reason for denial and instructions for appeal. You may appeal by replying to our denial or emailing privacy@sharefree.org with the subject line "Privacy Appeal." We will review the appeal and respond within 60 days. If the appeal is denied, you may contact your state attorney general or supervisory authority.
11.6 Fees. We do not charge a fee to respond to verifiable requests unless they are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline to act, as permitted by law.
12. Children
The Service is intended for users 18 years of age and older. We do not direct the Service to children, and we do not knowingly collect personal information from anyone under 18.
12.1 COPPA. Consistent with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. §§ 6501–6506, and the FTC's COPPA Rule, 16 C.F.R. Part 312, we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.
12.2 Parents and guardians. If you are a parent or legal guardian and believe a person under 18 has registered for the Service, please contact privacy@sharefree.org. We will investigate and, on confirmation, deactivate the account and delete associated personal information consistent with our retention obligations.
13. Cookies and Similar Technologies
We use a small number of cookies and equivalent client-side storage mechanisms, all of which are strictly necessary or functional. We do not use third-party advertising cookies or third-party analytics cookies.
| Cookie / storage | Purpose | Lifetime |
|---|---|---|
Supabase auth cookies (sb-access-token, sb-refresh-token) | Maintain your authenticated session | Session and refresh-token lifetimes set by Supabase |
user_profile cookie | Cache a non-sensitive subset of your profile to reduce database load on every page load | 24 hours, refreshed on activity |
| Localized preferences (locale, theme) | Remember your language and dark/light-mode preference | Until cleared by you |
| Mobile secure storage (Expo SecureStore) | Store the auth token in iOS Keychain / Android Keystore | Until you sign out or revoke it |
You can clear cookies and local storage at any time through your browser or by signing out of the app. Doing so will sign you out of the Service.
For more detail, see our Cookie Notice (incorporated into this Policy by reference).
14. Artificial Intelligence Processing
We use artificial intelligence ("AI") features to keep the Service safe, to assist users in writing listings, and to enhance ad copy. This section explains what is processed, by whom, and your choices.
14.1 AI features
| Feature | What it does | What is sent to the AI provider |
|---|---|---|
analyze-and-moderate-image | Analyzes uploaded photos for prohibited content (CSAM, weapons, drugs, gore, nudity), assigns categories, and suggests a title and description | The image bytes (after EXIF stripping) and a structured system prompt; no account email or address |
analyze-listing-image | Generates listing-copy suggestions when you tap Fill with AI | Same as above |
enhance-ad-copy | Improves headline, description, and CTA when you tap Enhance in the ad composer | The current ad-copy text |
| Message moderation | Automated scanning of in-app messages for AUP and law violations | Message text, sender community, and timestamps; no account email |
14.2 Providers
AI inference is performed by:
- OpenRouter, Inc. — a model-routing service that we call as our primary endpoint. OpenRouter routes our request to an underlying model.
- Google LLC (Gemini 2.5 Flash) — the underlying model we route to through OpenRouter, and our direct fallback if OpenRouter is unavailable.
We have data-processing agreements with these providers that restrict their use of inputs and outputs to providing the inference service to us. We instruct these providers not to use our inputs or outputs for model training. We rely on the providers' published privacy commitments, which you can review at:
- OpenRouter privacy: https://openrouter.ai/privacy
- Google Gemini privacy: https://ai.google.dev/gemini-api/terms
14.3 What we do not send
We design prompts so that they do not intentionally include your email address, phone number, password, payment metadata, or precise pickup address. We do not transmit your account ID in a form that the AI provider can resolve back to you. If user-generated content you provide happens to embed personal data (for example, a phone number written into a listing description), that content will be sent as-is.
14.4 Your choices
- AI suggestion features (Fill with AI, Enhance Ad) are opt-in; they run only when you press the corresponding button.
- AI moderation of photos and messages is mandatory and cannot be opted out, because it is necessary for the safety of the community and the lawful operation of the Service. If you do not want your content scanned, do not post or send it.
14.5 Audit logs
We keep an ai_audit_logs record summarizing each inference (provider, model, outcome, timestamp) for 12 months for safety review and to support appeals.
15. Message Scanning and Two-Party Consent Notice
Notice and consent. By sending or receiving a message on ShareFree, you consent to ShareFree scanning the message contents through automated systems for the limited purpose of detecting violations of our Acceptable Use Policy and applicable law. This notice is provided to satisfy the consent requirements of two-party-consent jurisdictions, including but not limited to California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.
15.1 What we scan. All in-app messages are processed by automated classifiers that look for prohibited content (for example, threats, harassment, off-platform payment solicitation, sale of regulated goods, sexual exploitation material). Scanning is automated; humans review only when a classifier flags a message or another user reports it.
15.2 What scanning produces. A risk score and one or more category labels (for example, "harassment," "off-platform payment"). Flagged messages may be queued for human moderator review and may result in warnings, message removal, or account sanctions.
15.3 What we do not do. We do not sell the contents of your messages, we do not use them to target advertising, and we do not share them with third parties except (i) the AI service provider performing the scan as described in Section 14 and (ii) law enforcement under valid legal process or as required to prevent imminent harm.
16. Address Sharing at Claim Confirmation
ShareFree supports three pickup options for a claim: none, porch (you leave the item at a stated address for the counterparty to pick up), and meetup (you meet at a stated address).
16.1 When sharing happens. When you, as the user holding the listing, confirm a claim with a pickup option of porch or meetup, the address you have associated with that pickup option is disclosed in-app to the counterparty (the user whose claim you confirmed). This disclosure is the entire point of the feature; without it, the counterparty cannot complete the exchange.
16.2 Snapshot semantics. The address shared is a snapshot taken at the time of confirmation. If you later edit your saved porch or meetup address, the address already shared with that counterparty does not change retroactively.
16.3 Counterparty conduct. Once an address has been shared, ShareFree no longer controls how the counterparty stores, retains, or further discloses it. You should consider this before confirming a claim. If a counterparty misuses an address you shared, report it via Settings → Trust & Safety; we will take appropriate action under the Terms.
16.4 Removing a saved address. You can edit or delete a saved porch or meetup address at any time in Settings → Addresses. Deleting a saved address has no effect on snapshots already shared with prior counterparties.
17. Biometric and Photo-Derived Data
We process photos for AI moderation and listing analysis (Section 14). In doing so:
17.1 No biometric identifiers. We do not extract, store, or use biometric identifiers (faceprints, voiceprints, fingerprints, iris scans, hand geometry, or other biometric templates) from photos or any other content. Our moderation classifiers operate on image-level features and do not generate persistent biometric templates.
17.2 Provider instructions. We instruct our AI providers not to retain biometric identifiers derived from our inputs. We rely on the providers' contractual commitments and published policies for compliance.
17.3 Texas CUBI Act. Consistent with Tex. Bus. & Com. Code § 503.001 (Capture or Use of Biometric Identifier Act), we do not capture biometric identifiers for a commercial purpose. If our practices change, we will provide the notice and obtain the consent that statute requires.
17.4 Illinois BIPA. Consistent with the Illinois Biometric Information Privacy Act, 740 ILCS 14, we do not collect, capture, purchase, receive through trade, or otherwise obtain biometric identifiers or biometric information.
17.5 Other state biometric laws. We extend the same posture to Washington (RCW 19.375) and any other state biometric privacy law that may apply.
18. Automated Decision-Making
Some decisions on the Service are made automatically without human review. These decisions can produce legal or similarly significant effects (for example, restricting your ability to use the Service). You have the right to a human review.
18.1 Automated decisions we make
- Listing auto-disable on report threshold. When a single listing accumulates 5 or more pending reports, it is automatically disabled pending human moderator review.
- AI moderation rejection. A photo or message that the AI moderation classifier scores above a configured threshold for a prohibited category may be auto-rejected, hidden, or replaced with a placeholder.
- Reporter trust-status change. Your reporter trust score is updated automatically based on the historical accuracy of reports you have filed. A sufficiently low score can result in your future reports being deprioritized or auto-dismissed.
- Anti-fraud signals on device fingerprints. Repeated registration attempts from a single hashed device fingerprint after a ban may be auto-rejected.
18.2 Logic, significance, and consequences
The classifiers and rules above use machine-learning models and threshold-based rules tuned by our trust & safety team. The significance of these decisions ranges from a single piece of content being hidden (low) to an account being temporarily suspended (significant). Consequences are reversible through the appeal process.
18.3 Right to human review and to contest
If you believe an automated decision is wrong, you may appeal:
- In-app: Settings → Trust & Safety → My Sanctions → Appeal, or, for a rejected listing or message, the inline "Request review" link.
- By email: privacy@sharefree.org with the subject line "Automated Decision Appeal."
A human moderator will review your appeal and provide a written decision. Where required by law (including GDPR Article 22), a qualified human will perform the review and you may express your point of view.
19. Do Not Track and Global Privacy Control
19.1 Global Privacy Control (GPC). We honor the GPC signal transmitted by your browser or device as a valid request to opt out of "sale" and "sharing" under the CPRA and analogous U.S. state laws. Because we do not currently sell or share, the practical effect is to record your preference for the case where our practices change.
19.2 Do Not Track. Industry has not settled a uniform interpretation of the legacy "Do Not Track" header. We do not separately respond to it. Honoring GPC is our affirmative opt-out mechanism.
20. Data Breach Notification
We maintain an incident-response plan that requires us to investigate suspected security incidents, contain them, eradicate the cause, recover affected systems, and learn from each event.
20.1 Notification commitments. Where a security incident has resulted in unauthorized access to or disclosure of personal data, we will notify:
- Affected individuals without undue delay, and in any event within the timeframes required by applicable law.
- Supervisory authorities under the GDPR / UK GDPR within 72 hours of becoming aware of a notifiable personal-data breach.
- State attorneys general and consumer reporting agencies in the United States as required by state breach-notification statutes (such as Tex. Bus. & Com. Code § 521.053, Cal. Civ. Code § 1798.82, and analogous laws).
Notifications will describe, to the extent we know, the nature of the breach, the categories of data affected, the likely consequences, the measures we have taken, and steps you can take to protect yourself.
20.2 Reporting a vulnerability. If you believe you have discovered a security vulnerability in the Service, contact security@sharefree.org. Please give us a reasonable opportunity to investigate and remediate before public disclosure.
21. Changes to This Policy and Version History
21.1 Material changes. If we make a material change to this Policy (for example, adding a new processing purpose, changing a retention period in a way adverse to users, or expanding the categories of recipients), we will:
- Update the "Last Updated" date and increment the version;
- Post the revised Policy on the Service at least 14 days before it takes effect, except where a shorter period is required by law or by a security or legal emergency; and
- Present a forced re-acceptance modal in-app on first sign-in after the new version is effective.
21.2 Non-material changes. Non-material changes (typo fixes, clarifications, reorganization) are effective on posting. The "Last Updated" date will be incremented.
21.3 Continued use. Your continued use of the Service after a Policy change becomes effective constitutes acceptance of the revised Policy, subject to your right to delete your account at any time.
21.4 Version history
| Version | Effective date | Summary of changes |
|---|---|---|
| 1.0.0 | Initial publication | Initial Privacy Policy. |
| 2.0.0 | [EFFECTIVE_DATE] | Comprehensive rewrite to address GDPR / UK GDPR, CCPA / CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA; explicit AI-processing disclosure; message-scanning two-party-consent notice; address-sharing disclosure; reporter-trust profiling disclosure; expanded retention schedule; automated-decision-making notice. |
Contact us: privacy@sharefree.org for any privacy-related question, request, or concern.