tag2me

Privacy policy

Last updated: 9 June 2026

Who's the data controller?

tag2me is the data controller for personal data we collect. We are based in the United Kingdom and process data under the UK GDPR.

What we collect

  • Account: name, email, password hash, optional phone.
  • Items: photo, AI-derived description, sticker code mapping, status.
  • Cases: finder contact details they choose to share, optional location of find, messages exchanged.
  • Operational: sign-in logs, scan logs, basic device/browser info for security.

How we use it

To run the recovery service, prevent abuse, send transactional notifications, and improve the product. We do not sell personal data and never share contact details without your explicit consent.

How long we keep it

Account data: while your account exists, then 30 days. Case data: 2 years from resolution. Photos: deleted with their parent item or on request.

Your rights

You can request access, correction, deletion, export or restriction of processing of your data at any time by emailing privacy@tag2me.app. You can also complain to the ICO.

Sub-processors

We use trusted infrastructure providers (Lovable Cloud / Supabase for hosting, Resend or equivalent for email, Stripe for payments). Each is bound by data-processing agreements and processes data only on our instructions.

Cookies

See our cookie policy.