Last updated 14 July 2026
The short version: we collect what’s needed to run your inventory and your account, keep it in the EU, and never sell it or use it for advertising. You can export it or delete it at any time. Everything below is the detail behind that.
Who we are
ItemTally is a product of Ethereal Labs AB (org.nr 559380-1698), a company registered at Gyllenkrooksgatan 23, 412 82 Göteborg, Sweden, run by its founder, Alex. For the purposes of the GDPR, Ethereal Labs AB is the data controller for your account data and the data processor for the inventory data you put into the app. You can reach a real person at [email protected].
What we collect
- Account details - your name, email address, workspace name, and a hashed password (we never store it in the clear).
- Your inventory - the items, quantities, folders, tags, photos, custom fields, the people you check gear out to, and the movement history you create. This is yours; we only hold it so the app works.
- Billing details - on a paid plan, your billing information is handled by Stripe. We never see or store your card number.
- Basic technical logs - IP address and timestamps, kept briefly for security and to keep the service running. No advertising profile of you is built anywhere.
Cookies & analytics
The app uses a single session cookie to keep you signed in. That’s it - no advertising cookies, no cross-site trackers. Our marketing site uses cookieless, privacy-friendly analytics (self-hosted Umami) to count visits in aggregate; it sets no cookies and builds no personal profile, which is why you won’t see a cookie banner.
How we use your data
Only to run the service you asked for: showing you your inventory, sending the emails you’d expect (verification, invites, alerts you turned on, and receipts), providing support, taking payment, and keeping the service secure. We do not sell your data, rent it, advertise against it, or use it to train anything.
Who we share it with
Almost no one. ItemTally is self-hosted on European infrastructure - we don’t hand your inventory out to a pile of third-party subprocessors. The one exception is Stripe, which processes payments on paid plans and only ever sees your billing details, never your inventory. Beyond that, we only disclose data if the law genuinely requires it - and we’d push back on anything overreaching.
Where your data lives
In the EU, on European infrastructure - not an “EU region” of a US cloud. Your data stays there. More on how it’s protected on the security page.
How long we keep it
For as long as your account is active. If you delete your account, your data is removed from our live systems and rotates out of backups within 30 days. You can export everything as CSV before you go - see below.
Your rights
Under the GDPR you can, at any time:
- Access and export your data - full CSV export is built in, on every plan, free.
- Correct anything that’s wrong - mostly you can just edit it in the app.
- Delete your account and data - cancelling is a button, not a phone call.
- Object or restrict how we process it, and ask for a copy in a portable format.
To exercise any of these, or to complain, email [email protected]. You also have the right to lodge a complaint with your local data-protection authority.
How we protect it
Everything is encrypted in transit and at rest, backups are tested, and payments run through Stripe so we never touch card data. The full picture is on the security page.
Children
ItemTally is a business tool and isn’t directed at children. We don’t knowingly collect data from anyone under 16.
Changes to this policy
If this policy changes, we’ll update the date above and, for anything material, tell you by email. In the spirit of the pledge, we won’t quietly weaken your protections.
Contact
Questions, requests, or a Data Processing Agreement for your records - email [email protected] and a human, usually Alex, will answer.