Stocklow ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management service ("Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

We collect information about you in various ways when you use our Service. The information we collect falls into the following categories:

1.1 Information You Provide Directly

When you register for an account or use the Service, you directly provide us with the following information:

Account Information:

• Business location identifier: The name or identifier for your business location
• Email address: Used for account notifications and communication
• Password: Stored securely using Firebase Authentication encryption
• Employee names: Names of employees who will access the Service

Inventory Data:

• Product names, descriptions, and categories
• Inventory quantities and levels
• Custom form configurations
• Timestamps of inventory submissions
• Historical inventory records
• Notes and comments added to inventory entries

Billing Information:

• Payment details: Collected and processed by Stripe (our payment processor)
• Billing address: May be required for tax purposes
• Subscription information: Plan type, billing cycle, and payment history

Note: We do not directly store your credit card information. All payment data is handled securely by Stripe in accordance with PCI DSS standards.

1.2 Information Collected Automatically

When you access and use the Service, certain information is automatically collected:

Usage Data:

• Login dates and times
• Features accessed within the Service
• Form submissions and report generation
• Pages visited and time spent on pages
• Actions performed within the Service

Device and Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Referring website URLs

Cookies and Similar Technologies:

• Essential cookies: Required for authentication and Service functionality
• Performance cookies: Help us understand how you use the Service
• Firebase cookies: Used for authentication and session management

1.3 Information from Third Parties

We may receive information about you from third-party services we use:

• Firebase/Google Cloud: Authentication data, analytics, and error reports
• Stripe: Payment processing information, subscription status, and billing history
• EmailJS: Email delivery status and engagement metrics

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

• Create and manage your account
• Authenticate users and maintain security
• Store and process your inventory data
• Generate reports and analytics based on your data
• Send automated email notifications as configured by you
• Enable collaboration between employees at your location
• Provide customer support and respond to inquiries

2.2 To Process Payments and Manage Subscriptions

• Process subscription payments through Stripe
• Manage billing cycles and payment schedules
• Handle refund requests and cancellations
• Send billing-related communications
• Maintain transaction records for accounting purposes
• Detect and prevent payment fraud

2.3 To Communicate With You

• Send service-related notifications and updates
• Respond to your support requests and questions
• Provide important account information
• Send email receipts for payments
• Notify you of changes to the Service, Terms, or Privacy Policy
• Send security alerts about your account

2.4 To Improve and Develop the Service

• Analyze usage patterns and trends
• Identify and fix technical issues and bugs
• Develop new features and functionality
• Conduct research and testing
• Optimize Service performance and user experience
• Understand customer needs and preferences

2.5 To Ensure Security and Prevent Fraud

• Monitor for suspicious activity and security threats
• Detect and prevent fraud, abuse, and illegal activity
• Enforce our Terms and Conditions
• Protect the rights and safety of users
• Investigate and respond to security incidents
• Comply with legal obligations

2.6 For Legal and Compliance Purposes

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Establish, exercise, or defend legal claims
• Maintain records for tax and accounting purposes
• Comply with data protection laws (GDPR, CCPA, etc.)

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

3.1 With Service Providers

We share information with trusted third-party service providers who help us operate the Service:

Service Provider	Purpose	Data Shared
Firebase (Google Cloud)	Database hosting, authentication, cloud storage	Account data, inventory data, authentication credentials
Stripe	Payment processing and subscription management	Email, payment information, billing address, subscription details
EmailJS	Email notification delivery	Email addresses, notification content

These service providers:

• Are contractually obligated to use your information only for the specified purposes
• Must implement appropriate security measures
• Are prohibited from sharing your information with others
• Must comply with applicable data protection laws

3.2 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, search warrant)
• Requests from law enforcement or government authorities
• Legal claims or disputes
• National security requirements
• Investigations of fraud or security incidents

3.3 Business Transfers

If Stocklow is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. This may include usage statistics, trends, and analytics for business purposes.

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored on secure servers provided by Firebase (Google Cloud Platform):

• Location: Data is stored in Google Cloud data centers in the United States
• Database: Firebase Cloud Firestore with encryption at rest
• Backup: Automated backups for disaster recovery
• Redundancy: Data is replicated across multiple servers for reliability

4.2 How We Protect Your Data

We implement industry-standard security measures to protect your information:

Technical Security Measures:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Encryption at rest: Data stored in Firebase Cloud Firestore is encrypted
• Secure authentication: Firebase Authentication with encrypted password storage
• Access controls: Role-based access restrictions for employees
• Regular security updates: Timely patches and updates to address vulnerabilities
• Monitoring: Continuous monitoring for security threats and anomalies

Organizational Security Measures:

• Limited access to personal data on a need-to-know basis
• Security training for employees
• Incident response procedures
• Regular security assessments

4.3 Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

Data Type	Retention Period
Account information	Duration of active subscription + 90 days
Inventory data	Duration of active subscription + 90 days
Payment records	7 years (for tax and accounting purposes)
Usage logs	1 year
Support communications	3 years

After the retention period: Data may be permanently deleted and cannot be recovered. We may retain certain information longer if required by law or for legitimate business purposes.

5. Your Rights and Choices

5.1 Access and Portability

You have the right to:

• Access your data: View all personal information and inventory data stored in your account through the Admin Portal
• Export your data: Download a copy of your data in a machine-readable format at any time
• Request information: Ask us what personal information we hold about you

5.2 Correction and Updating

You can update your information directly through the Service:

• Update account settings and profile information in the Admin Portal
• Modify or delete inventory data at any time
• Update payment information through the Stripe Customer Portal
• Request corrections by contacting support@stocklow.com

5.3 Deletion

You have the right to request deletion of your data:

• Account deletion: Cancel your subscription to delete your account
• Data deletion: After cancellation, data is retained for 90 days, then permanently deleted
• Immediate deletion: Contact us at privacy@stocklow.com to request immediate data deletion

Note: Some data may be retained longer if required by law or for legitimate business purposes (e.g., financial records for tax compliance).

5.4 Marketing Communications

We do not send marketing emails unless you opt in. You can:

• Opt out of promotional emails by clicking "unsubscribe" in any marketing email
• Update your email preferences in your account settings
• Contact us to update your communication preferences

Note: You cannot opt out of service-related communications (e.g., account notifications, billing emails, security alerts).

5.5 Cookies and Tracking

You can control cookies through your browser settings:

• Block or delete cookies in your browser preferences
• Adjust settings to be notified when cookies are set
• Use private/incognito browsing mode

Warning: Disabling essential cookies may prevent the Service from functioning properly, particularly authentication features.

6. Regional Privacy Rights

6.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

• Request disclosure of categories and specific pieces of personal information collected
• Request disclosure of categories of sources from which information was collected
• Request disclosure of business purposes for collecting or sharing information
• Request disclosure of categories of third parties with whom we share information

Right to Delete:

• Request deletion of personal information we have collected
• Subject to certain exceptions (e.g., legal obligations, fraud prevention)

Right to Opt-Out:

• We do not sell personal information, so there is nothing to opt out of

Right to Non-Discrimination:

• We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights: Email us at privacy@stocklow.com with "CCPA Request" in the subject line.

6.2 European Economic Area (GDPR)

If you are located in the EEA, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

We process your data based on the following legal grounds:

• Contract performance: To provide the Service you subscribed to
• Legitimate interests: To improve the Service, prevent fraud, and ensure security
• Legal obligations: To comply with laws and regulations
• Consent: Where you have given explicit consent (e.g., marketing communications)

Your GDPR Rights:

• Right of access: Obtain confirmation and a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time
• Right to lodge a complaint: File a complaint with your local data protection authority

To exercise your GDPR rights: Email us at privacy@stocklow.com with "GDPR Request" in the subject line.

International Data Transfers:

Your data may be transferred to and stored in the United States. We rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other lawful transfer mechanisms

7. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are under 18, do not:

• Use or register for the Service
• Provide any personal information through the Service
• Make any purchases or provide payment information

If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at privacy@stocklow.com.

8. Third-Party Links and Services

8.1 Third-Party Websites

The Service may contain links to third-party websites (such as Stripe payment pages). We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

8.2 Third-Party Service Providers

Our Service integrates with third-party services that have their own privacy policies:

• Firebase/Google Cloud: https://firebase.google.com/support/privacy
• Stripe: https://stripe.com/privacy

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Describe the nature of the breach and the data affected
• Provide information about steps we are taking to address the breach
• Offer guidance on steps you can take to protect yourself
• Notify relevant regulatory authorities as required by law

10. Changes to This Privacy Policy

10.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features.

10.2 Notification of Changes

For material changes, we will notify you by:

• Email notification to the address associated with your account
• Prominent notice in the Service or on our website
• Notice in your Admin Portal upon login

10.3 Effective Date

Material changes will take effect 30 days after notification. The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised.

10.4 Your Continued Use

Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may cancel your subscription.

11. International Users

Stocklow is based in the United States, and the Service is hosted in the United States. If you access the Service from outside the United States, please be aware that:

• Your information will be transferred to and stored in the United States
• U.S. privacy laws may differ from those in your country
• By using the Service, you consent to the transfer of your information to the United States
• We comply with applicable international data protection laws (GDPR, CCPA, etc.)

12. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that lets you tell websites you do not want your online activities tracked. We do not currently respond to DNT signals because there is no industry standard for how companies should respond to such signals.

13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

15. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO ITS TERMS.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU ARE NOT AUTHORIZED TO USE THE SERVICE.