Privacy Policy — Stocked

1. Who we are

Stocked("we", "our", "us") operates the Stocked inventory management platform accessible at this website and via our mobile applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information we collect

Account information. When you register, we collect your name, email address, and the name of your organization. We use this to create and manage your account.

Business data. We store the inventory records, purchase orders, assets, transactions, and other data that you and your team enter into Stocked. This data belongs to you.

Usage data. We automatically collect information about how you interact with the service, including IP addresses, browser type, pages visited, and actions taken within the app. This data helps us improve the product.

Payment information. We use Stripe to process payments. We do not store your full credit card number — Stripe handles payment data under their own privacy policy and PCI-DSS compliance.

Communications. If you contact us by email, we retain that correspondence to assist you and improve support.

3. How we use your information

Provide, maintain, and improve the Stocked service
Process transactions and send billing-related emails
Send transactional notifications (e.g. invite emails, maintenance alerts)
Respond to your support requests
Monitor for and prevent fraud, abuse, and security incidents
Comply with legal obligations

We do not sell your personal data or your business data to third parties. We do not use your business data to train machine-learning models without your explicit consent.

4. Data sharing and sub-processors

We share your data only with the following trusted sub-processors, each of which is bound by contractual data protection obligations:

Provider	Purpose	Location
Supabase	Database and authentication hosting	US (AWS)
Stripe	Payment processing	US
Resend	Transactional email delivery	US
Vercel	Application hosting and CDN	Global (US primary)

5. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes. Aggregated, anonymised analytics data may be retained indefinitely.

6. Security

We implement industry-standard security measures including TLS in transit, AES-256 encryption at rest (via Supabase / AWS), row-level security so each organization can only access its own data, and regular automated backups. No system is 100% secure; if you discover a vulnerability please email privacy@stocked.tech.

7. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access. Request a copy of the personal data we hold about you.
Rectification. Ask us to correct inaccurate data.
Erasure. Request deletion of your data ("right to be forgotten").
Portability. Receive your data in a machine-readable format.
Restriction. Ask us to restrict processing in certain circumstances.
Objection. Object to processing based on legitimate interests.

To exercise any right, email privacy@stocked.tech. We will respond within 30 days.

8. Cookies

We use only functional cookies required for authentication (Supabase session tokens). We do not use third-party tracking, advertising, or analytics cookies.

9. Children

Stocked is intended for business use by persons 18 years or older. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us immediately.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, notify account owners by email at least 14 days before changes take effect.

11. Contact us

If you have questions about this policy or your data, please email privacy@stocked.tech.