Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.stockful.app/llms.txt

Use this file to discover all available pages before exploring further.

Last Updated: April 23, 2026

Company Details

Overview

Stockful (“the App”) is a Shopify application that provides inventory monitoring, historical tracking, analytics, forecasting, and notifications for Shopify merchants. This Privacy Policy explains how we collect, use, and protect information when you use the App.

Information We Collect

When you install and use Stockful, we access and store the following data from your Shopify store:

Store Information

  • Store name, domain, and Shopify identifier
  • Store email address, currency, and timezone
  • Staff account information associated with the Shopify admin

Inventory & Product Data

  • Inventory levels and quantities across all locations (available, committed, reserved, etc.)
  • Inventory item details (cost, tracking status)
  • Product and variant information (titles, SKUs, handles, media)
  • Location names and addresses

Order Data

  • Order and fulfillment records (used solely for sales velocity calculations and demand forecasting)
  • Order records returned by Shopify’s API include customer personal data (names, email addresses, billing and shipping addresses). This data is processed only to compute aggregate sales velocity and demand forecasts — individual customer personal information is not retained, stored in our database, analyzed, or shared with third parties.

App Configuration

  • Notification settings (email addresses, Slack channel selections)
  • Tracking preferences and thresholds
  • Report configurations
  • Subscription and billing status

What We Do Not Collect Or Retain

  • Customer personal data at rest - although the Shopify order API returns customer names, emails, and addresses as part of order records, Stockful does not store, retain, analyze, or share individual customer personal information. Order data is transformed into aggregate velocity and forecasting metrics, and the source customer fields are discarded.
  • Payment card information - all billing is handled through the Shopify App Store; we never see card numbers, expiry dates, or CVV codes.
  • Customer browsing or behavioral data - we do not track your storefront visitors, set cookies on your storefront, or receive analytics events from customer-facing pages.
  • Children’s data - see the Children’s Privacy section below.

How We Use Your Information

We use the information collected to:
  • Deliver the service - monitor inventory levels, generate reports, send notifications, and provide forecasting
  • Improve the App - analyze usage patterns and performance to enhance features and reliability
  • Provide support - respond to your inquiries and troubleshoot issues
  • Communicate updates - notify you of important changes to the App or these terms
  • Ensure security - detect and prevent fraud, abuse, or technical issues
  • Meet legal obligations - comply with applicable laws and Shopify’s requirements
We process your data under the following legal bases, depending on your jurisdiction:
  • Contractual necessity - processing required to deliver the service you’ve installed
  • Legitimate interests - improving service quality, ensuring security, and preventing abuse
  • Consent - where required by local law (e.g., Brazil’s LGPD, India’s DPDP Act), consent is obtained during app installation

Third-Party Services

We share data with the following third-party service providers to operate the App. We do not sell, rent, or trade your personal information.
ServicePurposeData Shared
CloudflareApplication hosting, backend infrastructure, and file storage (Workers, Pages, R2)All app data, report files
NeonPrimary database (PostgreSQL)All app data (primary data store)
ShopifyE-commerce platform integrationStore data via API (read-only access)
HeyMantleSubscription billing and plan managementShop identifier, domain, email, plan status
ResendTransactional email deliveryRecipient email addresses, notification content
SlackNotification delivery (optional integration)Inventory alert messages, channel identifiers
SentryError tracking and monitoringException data, shop identifier (no inventory data)
AxiomOperational analytics and event loggingEvent logs, shop identifier, operational metrics
Trigger.devBackground job executionTask payloads (shop identifiers, job parameters)
Each provider processes data in accordance with their own privacy policies and is contractually obligated to protect your information.

Data Security

We implement the following security measures to protect your data:
  • Encryption in transit - all data transmitted over HTTPS/TLS
  • Access control - multi-tenant isolation ensures each store can only access its own data
  • Scoped API access - the App uses the minimum Shopify API scopes required for its features. Most scopes are read-only. A small number of write scopes are used as follows:
    • write_products - two narrow uses: (1) publish app-owned metafields in the app--stockful namespace (stock status, days of supply, velocity trend, etc.) so storefronts can display live inventory data; (2) enable the admin_filterable capability on merchant-created product metafield definitions so Stockful can filter products by those metafields in tracking rules. The filterable toggle changes only the definition’s capability flag — no merchant metafield values are modified. We do not modify merchant product content, titles, descriptions, variants, pricing, or any non-Stockful metafield values.
    • write_inventory_transfers - reserved for an upcoming inventory-transfer feature; not yet active. When live, this will only modify transfers that merchants explicitly create or edit inside Stockful.
    • write_app_proxy - required by Shopify to register the App Proxy used by storefront features; does not modify store data.
  • Token-protected downloads - report files require authenticated download tokens
  • Credential protection - API keys and access tokens are stored securely (AES-256-GCM at rest) and never exposed to the frontend
  • Alignment with Shopify standards - development and security practices follow Shopify’s app development guidelines

Our Role Under GDPR

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and equivalent laws:
  • You (the merchant) are the data controller for your store data and your customers’ personal data.
  • Stockful acts as a data processor on your behalf, processing the data only in line with your instructions and this Privacy Policy.
A standalone Data Processing Agreement governs this relationship and satisfies Article 28 of the GDPR. EU/UK-based merchants are deemed to have accepted the DPA on installation; a counter-signed copy is available on request at support@stockful.app.

Data Retention and Deletion

  • Inventory and analytics data - retained for historical tracking and forecasting while the App is installed
  • Report files - automatically cleaned up based on retention settings
  • Upon uninstallation - app data is retained for 48 hours in case you reinstall, then permanently deleted
  • Shopify compliance - we honor all Shopify GDPR/privacy webhooks (customer data requests, customer redaction, and shop redaction)
  • Support records - retained for up to 3 years for quality and legal purposes
  • Legal obligations - data may be retained longer where required by applicable law

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:
  • Access - request a copy of the data we hold about your store
  • Correction - request correction of inaccurate data
  • Deletion - request deletion of your data (or uninstall the App)
  • Portability - request your data in a machine-readable format
  • Restriction - request that we limit processing of your data
  • Objection - object to processing based on legitimate interests

Regional Rights

  • GDPR (EU/EEA/UK) - you have the right to lodge a complaint with your local supervisory authority
  • CCPA/CPRA (California) - you have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.
  • PIPEDA (Canada) - you may access and challenge the accuracy of your information
  • LGPD (Brazil) - you may request confirmation of processing, access, correction, anonymization, or deletion
To exercise any of these rights, contact us at support@stockful.app.

Children’s Privacy

Stockful is a business-to-business application intended for use by Shopify merchants. We do not knowingly collect information from children under 13 (or the applicable age in your jurisdiction). If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: