Skip to main content
Last Updated: May 24, 2026

Company Details

Overview

Stockful (“the App”) is a Shopify application that provides inventory monitoring, historical tracking, analytics, forecasting, and notifications for Shopify merchants. This Privacy Policy explains how we collect, use, and protect information when you use the App.

Information We Collect

When you install and use Stockful, we access and store the following data from your Shopify store:

Store Information

  • Store name, domain, and Shopify identifier
  • Store email address, currency, and timezone
  • Staff account information associated with the Shopify admin

Inventory & Product Data

  • Inventory levels and quantities across all locations (available, committed, reserved, etc.)
  • Inventory item details (cost, tracking status)
  • Product and variant information (titles, SKUs, handles, media)
  • Location names and addresses

Order Data

  • Order and fulfillment records (used solely for sales velocity calculations and demand forecasting)
  • Order records returned by Shopify’s API include customer personal data (names, email addresses, billing and shipping addresses). This data is processed only to compute aggregate sales velocity and demand forecasts. Individual customer personal information is not retained, stored in our database, analyzed, or shared with third parties.

App Configuration

  • Notification settings (email addresses, Slack channel selections)
  • Tracking preferences and thresholds
  • Report configurations
  • Subscription and billing status

What We Do Not Collect Or Retain

  • Customer personal data at rest - although the Shopify order API returns customer names, emails, and addresses as part of order records, Stockful does not store, retain, analyze, or share individual customer personal information. Order data is transformed into aggregate velocity and forecasting metrics, and the source customer fields are discarded.
  • Payment card information - all billing is handled through the Shopify App Store; we never see card numbers, expiry dates, or CVV codes.
  • Customer browsing or behavioral data - we do not track your storefront visitors, set cookies on your storefront, or receive analytics events from customer-facing pages.
  • Children’s data - see the Children’s Privacy section below.

How We Use Your Information

We use the information collected to:
  • Deliver the service - monitor inventory levels, generate reports, send notifications, and provide forecasting
  • Improve the App - analyze usage patterns and performance to enhance features and reliability
  • Provide support - respond to your inquiries and troubleshoot issues
  • Communicate updates - notify you of important changes to the App or these terms
  • Ensure security - detect and prevent fraud, abuse, or technical issues
  • Meet legal obligations - comply with applicable laws and Shopify’s requirements

AI Features

Stockful’s AI features (the in-app assistant, weekly Slack digest, daily anomaly detection, AI-suggested thresholds, and the on-demand health check) are powered by OpenAI via its API. What we send to OpenAI:
  • Aggregated product, inventory, and sales metrics (variant titles, SKUs, stock levels, velocity, days of supply, sell-through, projected stockouts)
  • For the assistant: the message you type in chat and the relevant inventory context needed to answer it
  • For digests, anomalies, and health checks: the metric snapshots needed to write the narrative or finding
What we do not send to OpenAI:
  • Customer personal data (names, emails, addresses) from your order records. These are discarded during aggregation before any AI processing
  • Payment, billing, or staff account credentials
  • Any data from another merchant’s store
Data handling at OpenAI: Requests are sent through OpenAI’s standard API and are subject to OpenAI’s API data usage and retention terms. See OpenAI’s Enterprise Privacy page for the current details. What Stockful stores:
  • Assistant chat messages and AI responses, kept against your shop so you can browse thread history
  • AI-generated digests, anomaly narratives, and health-check findings, kept with the rest of your shop’s app data
  • Feedback you give on AI output (thumbs up/down, helpful/not helpful), used to improve our prompts
You can turn AI features off any time in Settings → AI. We process your data under the following legal bases, depending on your jurisdiction:
  • Contractual necessity - processing required to deliver the service you’ve installed
  • Legitimate interests - improving service quality, ensuring security, and preventing abuse
  • Consent - where required by local law (e.g., Brazil’s LGPD, India’s DPDP Act), consent is obtained during app installation

Third-Party Services

We share data with the following third-party service providers to operate the App. We do not sell, rent, or trade your personal information.
ServicePurposeData Shared
CloudflareApplication hosting, backend infrastructure, and file storage (Workers, Pages, R2)All app data, report files
NeonPrimary database (PostgreSQL)All app data (primary data store)
ShopifyE-commerce platform integrationStore data via API (read-only access)
HeyMantleSubscription billing and plan managementShop identifier, domain, email, plan status
ResendTransactional email deliveryRecipient email addresses, notification content
SlackNotification delivery (optional integration)Inventory alert messages, channel identifiers
SentryError tracking and monitoringException data, shop identifier (no inventory data)
AxiomOperational analytics and event loggingEvent logs, shop identifier, operational metrics
Trigger.devBackground job executionTask payloads (shop identifiers, job parameters)
OpenAIAI assistant, weekly digest, anomaly narratives, threshold suggestions, and health checkAggregated product, inventory, and sales data; assistant chat messages. Never customer contact details.
Each provider processes data in accordance with their own privacy policies and is contractually obligated to protect your information.

Data Security

We implement the following security measures to protect your data:
  • Encryption in transit - all data transmitted over HTTPS/TLS
  • Access control - multi-tenant isolation ensures each store can only access its own data
  • Scoped API access - the App uses the minimum Shopify API scopes required for its features. Most scopes are read-only. The full set is:
    ScopeTypePurpose
    read_productsReadView product catalog to display inventory.
    write_productsWriteTwo narrow uses: (1) publish app-owned metafields in the app--stockful namespace (stock status, days of supply, velocity trend, projected stockout, ABC class, restock status, sold last 30d, tracked flag) so storefronts can display live inventory data; (2) enable the admin_filterable capability on merchant-created product metafield definitions so Stockful can filter products by those metafields in tracking rules. The filterable toggle changes only the definition’s capability flag, not any merchant metafield values. We do not modify product titles, descriptions, variants, pricing, or any non-Stockful metafield values.
    read_locationsReadList locations to show inventory by location.
    read_inventoryReadRead inventory levels for monitoring and forecasting.
    write_inventoryWriteUsed only inside the health-check inventory-fix page so merchants can correct missing cost, SKU code, and barcode on inventory items in-app. Stockful never modifies inventory quantities or stock levels, only the metadata fields the merchant explicitly edits in our UI.
    read_orders, read_all_ordersReadRead order and fulfillment history for sales velocity and demand forecasting. Only aggregate metrics are retained; individual customer personal data is not stored.
    read_fulfillments, read_merchant_managed_fulfillment_orders, read_third_party_fulfillment_ordersReadAttribute stock movements correctly across fulfillment services.
    read_inventory_transfersReadRead inventory transfers to show stock in transit and track the status of transfers created from Stockful.
    write_inventory_transfersWriteCreate draft inventory transfers when a merchant acts on a transfer suggestion. Stockful only ever creates drafts (tagged stockful); it never marks transfers ready to ship, ships, or receives them - the merchant completes those steps in Shopify.
    read_inventory_shipmentsReadRead inventory shipments to keep incoming-stock figures accurate as shipments move and arrive.
    read_inventory_shipments_received_itemsReadRead received-item quantities on shipments so incoming stock clears correctly when shipments are received, including partial receipts.
    write_app_proxyWriteRequired by Shopify to register the App Proxy used by storefront features; does not modify store data.
  • Token-protected downloads - report files require authenticated download tokens
  • Credential protection - API keys and access tokens are stored securely (AES-256-GCM at rest) and never exposed to the frontend
  • Alignment with Shopify standards - development and security practices follow Shopify’s app development guidelines

Our Role Under GDPR

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and equivalent laws:
  • You (the merchant) are the data controller for your store data and your customers’ personal data.
  • Stockful acts as a data processor on your behalf, processing the data only in line with your instructions and this Privacy Policy.
A standalone Data Processing Agreement governs this relationship and satisfies Article 28 of the GDPR. EU/UK-based merchants are deemed to have accepted the DPA on installation; a counter-signed copy is available on request at support@stockful.app.

Data Retention and Deletion

  • Inventory and analytics data - retained for historical tracking and forecasting while the App is installed
  • Report files - automatically cleaned up based on retention settings
  • Upon uninstallation - app data is retained for 48 hours in case you reinstall, then permanently deleted
  • Shopify compliance - we honor all Shopify GDPR/privacy webhooks (customer data requests, customer redaction, and shop redaction)
  • Support records - retained for up to 3 years for quality and legal purposes
  • Legal obligations - data may be retained longer where required by applicable law

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:
  • Access - request a copy of the data we hold about your store
  • Correction - request correction of inaccurate data
  • Deletion - request deletion of your data (or uninstall the App)
  • Portability - request your data in a machine-readable format
  • Restriction - request that we limit processing of your data
  • Objection - object to processing based on legitimate interests

Regional Rights

  • GDPR (EU/EEA/UK) - you have the right to lodge a complaint with your local supervisory authority
  • CCPA/CPRA (California) - you have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.
  • PIPEDA (Canada) - you may access and challenge the accuracy of your information
  • LGPD (Brazil) - you may request confirmation of processing, access, correction, anonymization, or deletion
To exercise any of these rights, contact us at support@stockful.app.

Children’s Privacy

Stockful is a business-to-business application intended for use by Shopify merchants. We do not knowingly collect information from children under 13 (or the applicable age in your jurisdiction). If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: