Reclaim.It
Start free

Security & data handling

Reclaim is operations software for sensitive customer data - names, contact details, item descriptions and conversation history. We treat it that way.

Hosting & infrastructure

The application runs on Lovable Cloud (Cloudflare Workers + Supabase Postgres) with data stored in the EU by default. All traffic is HTTPS-only with HSTS preload eligibility on the production domain.

Encryption

  • In transit: TLS 1.2+ on every public endpoint and between services.
  • At rest: AES-256 at the database and object-storage layer.
  • Secrets and OAuth tokens are stored in a managed secret store, never in source.

Access controls

  • Per-tenant row-level security on every table that holds customer data.
  • Role-based access (owner / agent / viewer) on the operator workspace.
  • SSO and audit-log access available on the Enterprise plan.

Retention

  • Active cases: kept for the life of the workspace.
  • Closed / unresolved cases: purged 24 months after closure unless retained for legal reasons.
  • Account deletion: customer data is purged within 30 days of a verified deletion request.

Sub-processors

  • Cloudflare - edge compute and CDN.
  • Supabase - managed Postgres and authentication.
  • Stripe - card payment processor.
  • Shippo / EasyPost - carrier rate quotes and labels (only when shipping is enabled).
  • Google AI / OpenAI - model inference for parcel extraction and matching.

Incident response

We aim to notify affected workspace owners within 72 hours of confirming a security incident that involves their data, in line with GDPR Article 33. Email security@reclaim.lt to report a vulnerability.