Privacy Policy

1. What we collect

Stockrise only collects the data needed to forecast demand, surface reorder alerts, track launches, and report on returns and marketing ROI. Specifically:

• Store identifiers — your Shopify store name and shop domain (e.g. example.myshopify.com).
• Product catalog — product titles, SKUs, variants, sizes, prices, and inventory levels.
• Order metadata — order timestamps, line items, quantities, totals, fulfillment status, refunds, and (where available) UTM parameters used for attribution.
• Inventory levels — stock-on-hand by location and variant, sampled regularly so we can compute days-of-cover and reorder timing.
• Connected ad platforms — if you connect Google Ads or Meta, we read campaign and spend metadata to compute marketing ROI. We do not collect personal data on ad audiences.
• Account info — the email address and (hashed) password of users you create inside Stockrise to access the dashboard.

We do not collect end-customer personally identifiable information (names, addresses, emails) from your order data. Only aggregated metadata used for forecasting is retained.

2. Where the data lives

Stockrise data is stored in a managed PostgreSQL database operated on Abacus.AI infrastructure. The database is encrypted at rest, accessed over TLS, and isolated from other tenants by application-level shopId scoping on every read and write.

3. Who can access it

Access to your data is limited to:

• The merchant (you) and the user accounts you authorise inside the Stockrise dashboard.
• A small number of Stockrise engineers, only as needed to operate, maintain, and debug the service. Access is logged.

We do not sell merchant data, we do not share it with third parties for advertising or analytics, and we do not use it to train external models.

4. How long we keep it

While Stockrise is installed on your store, we retain order, inventory, and forecast data for as long as needed to compute trends and historical comparisons (typically a rolling 24 months of order history).

5. Deleting your data

Uninstalling the Stockrise app from your Shopify admin triggers automatic deletion of all data associated with your shop within 30 days. This includes:

• Product catalog, inventory snapshots, and SKU performance history.
• Order metadata, return-rate aggregates, and forecast results.
• Connected ad-platform tokens and synced campaign data.
• User accounts and credentials created inside Stockrise.

You can also request immediate deletion at any time by emailing [email protected]. We honour deletion requests within 7 business days.

6. GDPR & merchant rights

Stockrise is operated in alignment with the EU General Data Protection Regulation (GDPR). If your store serves customers in the EU/EEA, you act as the data controller for end-customer data; Stockrise acts as a data processor on your behalf, limited to the scope described above. You have the right to:

• Request a copy of the data we hold for your store.
• Request correction of inaccurate data.
• Request deletion of your data (see section 5).
• Object to or restrict specific processing activities.

Stockrise also complies with the Shopify Mandatory Webhooks for customers/data_request, customers/redact, and shop/redact. Because we do not store end-customer PII, customer-redact webhooks are acknowledged as a no-op.

7. Security

We use industry-standard practices: TLS in transit, encryption at rest, OAuth tokens stored securely server-side, hashed passwords (bcrypt), and per-shop scoping on every database query. We do not expose API keys or tokens in client-side code.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced inside the Stockrise dashboard at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current revision.

9. Contact

Questions about this policy or about how your data is handled? [email protected]