Professional Serial Number Age Decoder for Appliances & Equipment
How we handle data collected through our tools. Last updated: February 27, 2026.
Item Assist (“we,” “us,” or “our”) operates this website at decodemyitem.com. This Privacy Policy explains what data we collect, how it is processed, which third-party services receive it, and your rights regarding that data. By using Item Assist you agree to the practices described here.
a) Search Inputs
When you use the Serial Number Decoder, the serial number and brand you select are processed entirely within your browser. No serial number is transmitted to our servers during a successful rule-based decode. If the decoder cannot produce a result, a brief alert is sent to our internal monitoring system containing the brand name, serial number entered, product category, and a failure reason. This is used solely to improve decode accuracy.
When you use Smart Lookup, the free-text query you submit (maximum 200 characters) is sent to our server and forwarded to an external AI inference service to generate a response. See the Security & Data Protection tab for full details on how AI providers handle this data.
b) Contact and Feedback Forms
If you use our contact form or submit a decoder error report, we collect the information you voluntarily provide: your name (optional), email address (optional), and your message or feedback. This information is delivered to us via email and is not stored in any application database.
c) Automatically Collected Technical Data
Our hosting provider (Vercel) automatically collects standard technical data when you visit the site, including:
d) Cookies
We do not sell your personal data to third parties. We do not build individual user profiles. We do not use your data for any purpose beyond those listed above.
Item Assist relies on the following third-party services. Each service receives only the minimum data necessary for its function.
AI Inference Providers (Smart Lookup only)
When you submit a Smart Lookup query, your query text is forwarded to one of the following AI providers:
| Provider | Role | Trains on your data? | Data sent |
|---|---|---|---|
| Google Gemini API generativelanguage.googleapis.com |
Primary AI provider | NO Paid API tier — Google’s Terms explicitly prohibit use of API prompts or responses to train or improve their models. |
Your query string only. No IP address or identifying information is included. |
| Groq API (Llama 3.1) api.groq.com |
Fallback AI provider (used only if Gemini is unavailable) | NO Groq’s Services Agreement explicitly prohibits use of customer inputs or outputs for model training. |
Your query string only. Same data as Gemini. |
Neither AI provider we use will train on your queries. Google’s commitment applies specifically to paid-tier Gemini API usage (which this service uses). Groq’s prohibition is written into their Services Agreement for all customers. Your searches are used solely to generate a response and are not retained by either provider beyond operational logging windows.
Infrastructure Services
| Service | Purpose | Data received | Privacy policy |
|---|---|---|---|
| Vercel | Hosting & serverless functions | IP address, request metadata, server-side error logs | vercel.com/legal/privacy-policy |
| Upstash Redis | Rate limiting & AI response caching | IP address (rate-limit window only); normalized query text as a cache key for up to 14 days; brand+serial as a deduplication key for up to 24 hours | upstash.com/trust/privacy.pdf |
| Resend | Transactional email delivery | Contact form: name, email, message. Feedback form: brand, serial number, issue description. Internal alerts: brand and serial. | resend.com/legal/privacy-policy |
| Google Fonts | Web typography | Standard browser headers (IP, user-agent) sent on page load | policies.google.com/privacy |
| Data type | Where stored | Retention period |
|---|---|---|
| Smart Lookup query text (cache key) | Upstash Redis | 14 days, then automatically deleted |
| AI response data (cached result) | Upstash Redis | 14 days, then automatically deleted |
| Brand + serial (decode alert deduplication key) | Upstash Redis | 24 hours, then automatically deleted |
| IP address (rate-limit state) | Upstash Redis | Active rate-limit window only (minutes), then automatically deleted |
| Contact form and feedback submissions | Resend email logs | 1–7 days depending on Resend plan, then delivered to our inbox and purged |
| Serverless function error logs | Vercel | 1 hour–3 days depending on plan; logs do not contain user query content under normal operation |
| Gemini API optional developer logs | Google (opt-in only) | 55 days if developer logging is enabled; not enabled by default |
| Groq API data | Groq | None by default. Up to 30 days only for reliability or abuse investigation. |
Cookies
You can manage or delete cookies through your browser settings. Disabling cookies will not affect the Serial Decoder or Smart Lookup functionality.
Do Not Track
Because this site does not use behavioral analytics or user tracking, Do Not Track signals have no additional effect on our data practices beyond what is described in this policy.
Item Assist is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal information, please contact us so we can remove it promptly.
We may update this Privacy Policy from time to time as our services or applicable law changes. Updates will be posted on this page with a revised effective date. Continued use of Item Assist after a change constitutes acceptance of the revised policy.
For questions or concerns about this Privacy Policy or our data practices, please use our Contact page.
This section summarizes the technical and organizational measures in place to protect your data. It is intended for users, employers, and IT departments evaluating this service.
All connections to decodemyitem.com are encrypted using HTTPS. A Strict-Transport-Security (HSTS) header with a one-year maximum age, subdomain coverage, and preload status is enforced on every route. Data in transit to all third-party services (Gemini, Groq, Upstash, Resend) is also encrypted using TLS.
| Service | SOC 2 Type II | ISO 27001 | GDPR | Other |
|---|---|---|---|---|
| Vercel | YES | YES (2022) | YES | — |
| Upstash Redis | YES | In progress | YES | HIPAA compliant |
| Resend | YES | — | YES | AES-256 at rest; TLS 1.3 in transit |
| Google (Gemini / Fonts) | YES | YES | YES | ISO 27017, ISO 27018 |
| Groq | Not published | — | YES (DPA available) | Data stored on Google Cloud US |
Item Assist does not require user registration, login, or any form of identity verification. No account credentials, payment information, health data, or government-issued identifiers are ever collected. Serial numbers and model numbers are not inherently personally identifiable information, though users should avoid submitting data they consider sensitive.
All API keys and service credentials are stored exclusively as encrypted environment variables in Vercel’s infrastructure. No credentials are hardcoded in any source file or committed to version control. The project’s git history has been audited and confirmed free of exposed credentials or personal identifiers as of February 27, 2026.
A strict Content Security Policy (CSP) header is active on all pages. It explicitly allowlists only the domains required for the site to function (Google Fonts) and blocks all other third-party scripts, frames, and connections by default. This reduces the risk of cross-site scripting (XSS) and unauthorized third-party data collection.
This service uses the paid tier of the Google Gemini API. Under Google’s API Terms of Service, paid-tier customers’ prompts and responses are not used to train or improve Google’s models. The Groq API is bound by the same restriction under its Services Agreement. Neither AI provider will incorporate your queries into model training.
Each external service receives only the minimum data required for its specific function. AI providers receive only the query string — no IP address, user-agent, or session data is included in AI requests. Cached responses are stored by query text only, with no linkage to the originating user or session.