ITAD Tools is a professional IT asset disposition platform that provides AI-powered device specification lookup, real-time eBay market pricing, manufacturer serial number lookups (Dell, HP, Lenovo), and automated inventory management for ITAD businesses.

How does the device specification lookup work?

Enter a model number or service tag and ITAD Tools uses AI to identify the device, pull full specifications including CPU, RAM, storage, and form factor, and provide real-time eBay market pricing to help you value the asset accurately.

Which manufacturers does ITAD Tools support?

ITAD Tools supports serial and service tag lookups for Dell, HP/HPE, and Lenovo devices. The AI-powered spec lookup works with virtually any manufacturer including Apple, Cisco, and other enterprise hardware vendors.

Is ITAD Tools free to use?

ITAD Tools offers a free tier with access to core tools including device lookup and basic inventory management. Premium plans unlock advanced features like bulk processing, automated eBay pricing, and API access.

Privacy Policy - ITAD Tools

1. Introduction

ITAD Tools ("we," "our," or "us") operates the itadtools.com website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

ITAD Tools is operated from the United States (California). By accessing or using our platform, you acknowledge that your information will be processed in accordance with this Privacy Policy.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form only; we never store plaintext passwords).

Usage Data

We automatically collect information about how you interact with our platform, including:

Tools accessed and frequency of use
IP address (raw and hashed)
Geolocation data derived from your IP address (city, region, country, latitude, and longitude) using the MaxMind GeoLite2 database
Browser type, operating system, and device information
User agent string
Pages visited and time spent on each page
Scroll depth and click actions
Referrer (the page or site that directed you to us)

Uploaded Content

When you use our tools, you may upload files such as inventory spreadsheets containing model numbers, part numbers, or other asset data. This data is processed to provide tool functionality and is not shared with third parties.

Transaction Data

If you purchase a subscription or service, billing information is collected and processed through Stripe. We do not store credit card numbers on our servers. See Section 6 (Third-Party Services) for details on Stripe's data handling.

Data Destruction Records

When you use our data destruction and certificate tools, we collect device serial numbers, MAC addresses, drive models, wipe results, and certificate details. These records are retained for compliance and audit purposes.

Login History

We record login events including IP addresses, timestamps, user agent strings, and browser information for security monitoring and fraud prevention.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases:

Contractual Necessity: Processing required to fulfill our agreement with you, including account management, service delivery, and certificate generation.
Legitimate Interest: Analytics, security monitoring, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
Consent: Analytics cookies and marketing communications, which you may opt into or withdraw at any time.
Legal Obligation: Retention of financial records, regulatory compliance, and data destruction certificates as required by applicable law.

4. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our platform and tools
Improve and personalize your experience
Process your requests, tool operations, and transactions
Generate data destruction certificates and compliance reports
Send administrative information (account updates, security alerts, service notifications)
Monitor usage patterns and analytics to improve our services
Protect against unauthorized access, abuse, and fraud
Maintain platform security and integrity through automated monitoring
Respond to customer support inquiries and data subject requests
Comply with legal obligations and enforce our terms of service

5. Cookies and Tracking Technologies

Essential Cookies

We use essential cookies that are required for the site to function properly. These do not require consent:

Flask session cookie: Maintains your authenticated session. Configured with Secure, HttpOnly, and SameSite=Lax attributes.
Remember-me token: Keeps you logged in across browser sessions if you opt in at login.

Analytics

We use two analytics systems, both of which require your consent via the cookie banner before activation:

Umami: A privacy-focused analytics platform hosted at analytics.ai-signed.com. Umami does not use cookies and does not collect personally identifiable information.
Custom in-house analytics: Our own analytics system that tracks page views, scroll depth, click actions, and session activity to help us understand how users interact with our tools.

Analytics data is retained for 90 days.

Performance Monitoring

We collect request timing and endpoint usage data to maintain site reliability and identify performance issues. Performance monitoring data is retained for 30 days.

Third-Party Payment Cookies

During the checkout process, you may be redirected to Stripe's hosted payment page, which may set its own cookies for fraud prevention and session management. Please refer to Stripe's Privacy Policy for details on their cookie practices.

What We Do Not Use

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking technologies of any kind.

Managing Your Preferences

A cookie consent banner is displayed on your first visit. You can withdraw your analytics consent at any time by clicking the cookie settings link in the site footer, or by clearing your browser's localStorage. Essential cookies cannot be disabled as they are required for the platform to operate.

6. Third-Party Services

Our platform integrates with the following third-party services to provide functionality:

Stripe: Payment processing for subscriptions and services. Stripe is PCI DSS compliant. Credit card data is sent directly to Stripe and is never stored on our servers. See Stripe's Privacy Policy.
Manufacturer APIs (Dell, HP, Lenovo): Device model numbers are sent to retrieve hardware specifications and warranty information.
eBay API: Product queries are sent to retrieve current market pricing data for asset valuation.
Grok AI (xAI): Text prompts are sent for content generation and specification extraction. No personal user data is included in prompts.
Meta/Instagram Graph API: Used for our social media content publishing workflows.
Sentry: Error tracking and monitoring service. We have disabled send_default_pii, so Sentry receives error context and URLs but not personally identifiable information.
MaxMind GeoLite2: An IP geolocation database used locally on our servers to determine approximate visitor location. No data is sent to MaxMind; the database is downloaded and queried locally.

We do not sell your personal information to any third party.

7. Data Retention

We retain your information for the following periods:

Account data: Duration of your active account plus 30 days after account deletion.
Performance metrics: 30 days.
Application errors: 30 days after resolution.
Login history: 90 days.
Page views and actions: 90 days.
Backup records: 90 to 180 days.
Portal sessions: 7 days past session expiry.
Certificate and transaction records: Retained indefinitely for legal compliance and audit purposes.
Umami analytics: Retained for 90 days, after which it is automatically purged.

When data reaches the end of its retention period, it is permanently deleted through our automated cleanup processes.

8. Your Rights

For All Users

Regardless of your location, you have the right to:

Access the personal information we hold about you.
Correct inaccurate or incomplete information.
Delete your account and associated data. You can do this self-service at /auth/delete-account or by emailing us.
Opt out of analytics tracking via the cookie consent banner.

GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, you additionally have the right to:

Data portability: Receive your personal data in a structured, commonly used, machine-readable format. A self-service export is available at /auth/export-data.
Restrict processing: Request that we limit how we process your data in certain circumstances.
Object to processing: Object to processing based on legitimate interest.
Withdraw consent: Withdraw consent at any time for processing activities based on consent (such as analytics), without affecting the lawfulness of processing prior to withdrawal.
Lodge a complaint: File a complaint with your local data protection supervisory authority.

We will respond to all data subject requests within 30 days of receipt.

Data Breach Notification

In the event of a qualifying data breach, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

Categories of Personal Information Collected

Identifiers: Name, email address, IP address, account credentials.
Commercial information: Transaction history, subscription records.
Internet or network activity: Browsing history, search history, interaction data.
Geolocation data: Approximate location derived from IP address.
Professional information: Organization affiliation, job-related asset data.

Your California Privacy Rights

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
Right to delete: Request deletion of your personal information, subject to certain exceptions.
Right to opt out: Opt out of the sale or sharing of your personal information.
Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

We do not sell or share personal information for cross-context behavioral advertising.

To exercise your California privacy rights, email [email protected] or use the self-service tools available in your account settings. A 12-month lookback of collected information is available on request.

10. International Data Transfers

Your data is stored and processed in the United States. If you are accessing our platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EU, EEA, or UK, international data transfers are conducted on the basis of Standard Contractual Clauses (SCCs) where applicable, to ensure adequate protection for your personal data.

By using our service, you consent to the transfer of your data to the United States as described in this Privacy Policy.

11. Data Security

We implement comprehensive technical and organizational measures to protect your personal information, including:

SSL/TLS encryption for all data in transit
Hashed password storage using industry-standard algorithms
Role-based access controls and authentication requirements
Automated security monitoring through our Security Agent
File permission monitoring and enforcement
Nightly vulnerability scans
Regular credential rotation

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

12. Children's Privacy

Our platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us with personal information, please contact us at [email protected].

13. Do Not Track

We partially honor Do Not Track (DNT) browser signals. When a DNT signal is detected, IP-based geolocation lookups are skipped. However, basic page view recording may still occur if you have given analytics consent via the cookie banner. To fully opt out of analytics, decline consent through the cookie banner or withdraw it at any time using the cookie settings link in the site footer.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users via email and display a notice on our platform. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

ITAD Tools
Email: [email protected]
Website: itadtools.com

For data protection inquiries, email [email protected] with the subject line "Data Protection".

We will respond to all data subject requests within 30 days.