Last updated: May 2025
Privacy Policy
The Gear Index is a free, nonprofit service. We collect only what we need to operate the registry, we don't sell your data, and we never will.
Who we are
The Gear Index is a 501(c)(3) nonprofit organization operating a free serial number registry for musicians, photographers, tradespeople, and anyone who owns gear worth protecting. Our mission is to help people recover stolen equipment and deter theft by making ownership verifiable.
Questions about this policy can be sent to privacy@thegearindex.org.
What we collect and why
We collect information in the following categories:
Account information
When you create an account, we collect your email address and a hashed password. We use this to authenticate you, send transactional emails (password resets, confirmation links), and associate registered gear with your account. We do not require your real name, phone number, or address to use the registry.
Gear registration data
When you register an item, we collect the make, model, serial number, category, description, city, and state you provide. This information forms the core of the registry — it's what allows law enforcement, pawnshops, and buyers to verify ownership and identify stolen goods. Serial numbers and registration details for items marked stolen are publicly searchable by design.
Photos
You may upload photos of your gear, the serial number tag, and proof of purchase. Photos are stored in a secure cloud storage bucket. Gear photos and serial number photos associated with stolen items may be visible on public item pages to aid recovery. Proof of purchase photos are only used internally for ownership verification and are never displayed publicly.
Usage data
We collect basic server logs (IP address, browser type, pages visited, timestamps) to monitor for abuse and keep the service running. We do not use third-party analytics trackers or advertising pixels.
How we use your information
- To operate the gear registry and let you manage your registered items
- To make stolen item records publicly searchable so gear can be recovered
- To verify ownership when a serial number conflict arises
- To send transactional emails you've requested (e.g. password resets)
- To detect and prevent fraud, abuse, or false stolen reports
- To improve the service and fix bugs
We do not use your data for advertising, profiling, or any purpose unrelated to operating the registry.
What's public and what's private
The Gear Index is a registry, which means some information is intentionally visible to the public. Here's the breakdown:
| Data | Visibility |
|---|---|
| Your email address | Private — never shown publicly |
| Make, model, category | Public on stolen item pages |
| Serial number | Public on stolen item pages; searchable |
| City and state | Public on item pages (no street address) |
| Gear photo | Public on stolen item pages |
| Serial number photo | Private — internal verification only |
| Proof of purchase photo | Private — internal verification only |
| Description | Public on stolen item pages |
Items that are not marked stolen are visible only to you when logged in. They are not searchable by the public.
Data sharing
We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:
- Law enforcement: If a valid legal request (subpoena, court order) requires us to disclose account or registration data, we will comply and will notify affected users where legally permitted.
- Service providers: We use Supabase for database and file storage. These providers process data on our behalf under data processing agreements and do not use your data for their own purposes.
- Safety: If we believe disclosure is necessary to prevent fraud, abuse, or imminent harm, we may share relevant information with appropriate parties.
Data retention
We retain your account and gear registration data for as long as your account is active. If you delete your account, your personal account data (email, password) is deleted within 30 days. However, serial number records for items that were marked stolen may be retained in a de-identified form to maintain the integrity of the registry — for example, to prevent re-registration of a confirmed stolen item.
You can request deletion of your data at any time by emailing privacy@thegearindex.org.
Cookies and tracking
We use a single session cookie (sb_access_token) to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics. We do not fingerprint your device or track you across other websites.
Children's privacy
The Gear Index is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has created an account, please contact us and we will delete it promptly.
Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict how we process your data
- Export your data in a portable format
To exercise any of these rights, email privacy@thegearindex.org. We'll respond within 30 days.
Changes to this policy
If we make material changes to this policy, we'll update the date at the top of this page and, if the changes are significant, send a notice to your registered email address. Continued use of the service after changes take effect constitutes acceptance of the updated policy.