Privacy Policy
Last updated: March 24, 2026
1. Introduction
Restocky ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services ("Service").
By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
We collect the following types of information:
| Data Type | What We Collect | Purpose |
|---|---|---|
| Store Data | Products, variants, inventory levels, orders, purchase orders | Core functionality: forecasting, reorder alerts, analytics |
| Account Data | Shop domain, email address, plan information | Authentication, billing, support |
| Usage Data | Pages visited, features used, click events | Product improvement, analytics |
| API Keys | API keys generated by you for the Public API | API authentication and rate limiting |
| Integration Data | Klaviyo API keys, QuickBooks tokens (if connected) | Third-party integration functionality |
3. How We Use Your Information
We use collected data to:
- Provide the Service: Generate demand forecasts, calculate reorder points, create purchase orders, track inventory health
- Send Notifications: Reorder alerts, stockout warnings, weekly intelligence digests (opt-in)
- Improve the Service: Analyze usage patterns, optimize features, fix bugs
- Customer Support: Respond to inquiries, troubleshoot issues
- Billing: Process payments through Shopify's billing system
4. Data Sharing
We do not sell your personal data or store data to third parties.
We may share data with:
- Shopify: As required by the Shopify App Store and Partner Program agreements
- Service Providers: Cloud hosting (for data storage), email delivery (for notifications), analytics tools (anonymized usage data only)
- Third-party Integrations: Only when you explicitly connect an integration (e.g., Klaviyo, QuickBooks). Data is shared only to the extent required for that integration.
- Legal Requirements: When required by law, subpoena, or court order
5. Data Storage & Security
Your data is stored securely using industry-standard practices:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Database: PostgreSQL hosted on secure, SOC 2 compliant infrastructure
- Access Control: Role-based access, principle of least privilege
- API Security: Hashed API keys, rate limiting, request logging
- Backups: Automated daily backups with 30-day retention
6. Data Retention
- Active Accounts: We retain your data for as long as your account is active and the app is installed.
- Uninstalled Apps: After uninstallation, we retain your data for 30 days in case you reinstall. After 30 days, all store data is permanently deleted.
- Analytics Data: Anonymized usage data may be retained indefinitely for product improvement purposes.
7. Your Rights
You have the right to:
- Access: Request a copy of all data we hold about your store
- Rectification: Request correction of inaccurate data
- Deletion: Request deletion of your data (we will comply within 30 days)
- Portability: Export your data in standard formats (CSV, JSON)
- Opt-out: Unsubscribe from marketing communications and weekly digests at any time
To exercise these rights, contact [email protected].
8. Cookies & Tracking
The Restocky Shopify app uses minimal cookies required for session management. Our marketing website may use:
- Essential Cookies: Session management, CSRF protection
- Analytics Cookies: Anonymized usage tracking (e.g., Google Analytics)
We do not use advertising cookies or tracking pixels.
9. GDPR Compliance
For users in the European Economic Area (EEA), we process your data under the following legal bases:
- Contract Performance: Processing necessary to provide the Service you requested
- Legitimate Interest: Product improvement, security monitoring
- Consent: Marketing communications, optional integrations
10. CCPA Compliance
For California residents: We do not sell personal information. You have the right to know what personal information is collected, request deletion, and opt-out of any future sale of personal information.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
For privacy-related inquiries:
- Email: [email protected]
- Support: [email protected]