Privacy Policy

When you install Stokr, we collect and store the following data from your Shopify store:

• Store information — your Shopify store domain, plan, and installation date.
• Products and variants — titles, SKUs, prices, cost prices, inventory quantities, and vendor information.
• Order data — order line items, quantities, and revenue figures used to calculate sales velocity and demand forecasts. The history window depends on your plan: up to 60 days on Free, 90 days on Starter, 18 months on Growth, and 36 months on Scale. We do not store customer names, emails, addresses, or payment information.
• Inventory levels — per-location inventory quantities synced from Shopify.
• Supplier and purchase order data — supplier names, contact details, lead times, and purchase orders you create within the app.
• App settings — thresholds, alert preferences, and notification email addresses you configure.

• Customer names, email addresses, phone numbers, or postal addresses.
• Payment card numbers or any financial payment data.
• Passwords or login credentials.
• Any data from stores that have uninstalled the app (subject to our retention policy below).

We use the data collected solely to provide the Stokr service:

• Calculating inventory health scores, demand forecasts, and reorder suggestions.
• Sending low-stock and out-of-stock alert emails, Slack messages, or webhooks that you configure.
• Generating CSV and PDF inventory reports.
• Powering AI-assisted reorder suggestions (processed via Groq — see Third Parties below).

We do not sell, rent, or share your data with third parties for marketing purposes.

Stokr uses the following third-party services to operate:

• While installed — we retain all synced data to power the app features.
• After uninstall — we retain your store data to allow reinstallation without losing history. Shopify sends a shop redact request 48 hours after uninstall, at which point all your data is permanently deleted.
• On request — you can request immediate deletion of all your data by contacting us at the address below.

We comply with Shopify's mandatory privacy webhooks:

• Customer data requests — we respond within 30 days. As noted above, we do not store personally identifiable customer data (names, emails, addresses), so responses confirm no personal data is held.
• Customer data erasure — we acknowledge and process redaction requests within 30 days.
• Shop data erasure — all shop data is permanently deleted upon receiving the GDPR shop redact webhook (sent by Shopify 48 hours after uninstall).

Data Processing Agreement (DPA): Merchants subject to GDPR who require a formal Data Processing Agreement under Article 28 can download ours at stokr.app/dpa. The DPA covers subject matter, sub-processors, international transfer safeguards, and audit rights.

We protect your data using industry-standard measures: all data is encrypted in transit (TLS) and at rest. Access to the database is restricted to the app's service account with no public access. Shopify access tokens are stored securely and cleared immediately upon app uninstall.

You have the right to:

• Request a copy of all data we hold about your store.
• Request correction of inaccurate data.
• Request deletion of all your data at any time.
• Withdraw consent by uninstalling the app (data deleted within 30 days).

To exercise any of these rights, contact us at the email below.

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or want to exercise your data rights, please contact us at:

Email: support@stokr.app
App: Stokr — Inventory Management