Privacy Policy

1. Introduction

This Privacy Policy ("Policy") explains how Listaid Ltd. ("Listaid Ltd.," "we," "our," or "us") collects, uses, shares, stores, transfers, and protects personal information when you visit https://www.uselistaid.com/ and https://www.listaid.co.uk/ (the "Site") or use the ListAid platform and associated services (the "Services"), whether accessed directly or through an authorised reseller or integration partner (such as Cybertill Limited). This Policy complies with UK GDPR, the Data Protection Act 2018, and other applicable data protection laws.

2. Listaid Ltd.'s Role: Controller and Processor

Depending on the context, Listaid Ltd. acts as both a Data Controller and a Data Processor.

3. Information We Collect and Process

3.1 Account & Profile Information (Controller)

• Name, company name, store postcode, email address, authentication credentials, user roles.

3.2 Usage & Device Information (Controller)

• IP address, location, browser details, device identifiers, pages visited, performance logs.

3.3 Customer-Uploaded Data (Processor)

• Donor records, images, listings, business workflow data, inventory items, product descriptions.

Item photographs and associated metadata are transmitted to AI Processing Partners (identified in Section 5.1A) for automated analysis, pricing, and listing generation. This processing is necessary to deliver the core features of the Service.

3.4 Integration Data (Processor / Controller)

• Data pulled from third-party systems at customer direction.
• Metadata logs and API operational information handled as Controller.

3.5 Cookies & Tracking Technologies (Controller)

• Used for authentication, security, performance, analytics. We do not use advertising cookies.

4. How We Use Personal Information

4.1 Service Provision & Operation (Controller & Processor)

• Enable access to the platform, synchronize data, provide support.

4.2 Improving the Services (Controller)

• Enhance functionality, analyze usage, test new features.

4.3 Security & Fraud Prevention (Controller)

• Monitor suspicious activity, protect accounts, enforce Terms of Use.

4.4 AI Processing and Outputs (Controller & Processor)

We use third-party AI Processing Partners (identified in Section 5.1A) to analyse item images, extract metadata, generate pricing intelligence, and produce listing content. When you scan an item, photographs and derived metadata are transmitted to one or more AI Processing Partners via API for processing. No personal data relating to donors or staff is intentionally transmitted to AI Processing Partners; however, item photographs may incidentally contain background information.

We may use de-identified and aggregated data to improve ListAid's own internal models and algorithms. Identifiable Customer Data is never used for this purpose without explicit consent. Customers may opt out of AI training use by contacting privacy@listaid.co.uk. Opt-out will not affect core service quality.

AI-generated outputs (including pricing recommendations, descriptions, and condition assessments) are probabilistic and must be reviewed by authorised users before reliance. ListAid does not guarantee the accuracy of AI outputs.

5. How We Share Information

5.1 Subprocessors

We use cloud hosting, analytics, monitoring, and support vendors. To deliver the Item Intake and Analysis, Intelligent Pricing, and Marketplace Publishing features described in our Services, we transmit certain data to third-party artificial intelligence providers ("AI Processing Partners"). These providers act as sub-processors under our Data Processing Addendum and process data solely on our instructions for the purposes described below.

Our current AI Processing Partners are OpenAI (USA), Google Generative AI (USA), and Perplexity AI (USA). Data is processed via API on a transient basis and is not stored by the provider beyond the time required to return a response, except as required by applicable law.

5.2 Legal Compliance

We may disclose data to comply with laws, court orders, or to protect rights and safety.

5.3 Business Transfers

In mergers or acquisitions, data may be transferred to the successor entity.

5.4 Aggregated Data

We may use de-identified data for benchmarking, analytics, or product development.

6. Data Retention

We retain personal data only as long as necessary for service delivery, legal obligations, security requirements, and customer contracts. Processor data is retained according to customer instructions.

AI Processing Partner Retention. Data transmitted to our AI Processing Partners (OpenAI, Google Generative AI, and Perplexity) is processed transiently via API and is not retained by those providers beyond the time needed to return a response, except as required by applicable law or as set out in their respective data processing agreements. AI Processing Partners are contractually prohibited from retaining or using ListAid data for model training purposes. For current retention details, refer to each provider's data processing terms, links to which are maintained on our sub-processor list at https://www.uselistaid.com/legal/subprocessors.

7. Data Security

Listaid Ltd. uses enterprise-grade security measures including:

• Encryption in transit and at rest
• Network firewalls and intrusion detection
• Continuous monitoring
• Secure development lifecycle

8. International Data Transfers

Data may be processed in the United Kingdom, European Union, Canada, the United States, or other regions where subprocessors operate.

We use legal transfer mechanisms such as:

• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
• UK adequacy regulations

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your data
• Restrict or object to processing
• Data portability
• Withdraw consent
• Object to processing based on legitimate interests (Article 21, UK GDPR)

Submit requests to: privacy@listaid.co.uk

10. Children's Privacy

The Services are intended for professional/business use and are not directed to children under 16. We do not knowingly collect data from children.

11. Third-Party Services

The Services may integrate with external platforms (e.g., eBay). Each platform has its own privacy practices. Listaid Ltd. is not responsible for third-party policies.

12. Changes to This Privacy Policy

We may update this Policy periodically. Material updates will be communicated at least 30 days before taking effect. If you do not agree with the updated Policy, you may cease use of the Services and request deletion of your personal data by contacting privacy@listaid.co.uk.

13. Contact Us

For privacy inquiries or data subject requests: