InventoryPal

Privacy Policy

Last updated: 10/8/2025

1. Introduction

InventoryPal (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our inventory management and cost tracking service for Shopify (“Service”). It also outlines your data protection rights under applicable laws, including the EU General Data Protection Regulation (“GDPR”).

For the purpose of the GDPR, InventoryPal acts as the Data Controller for the personal data we process, unless otherwise stated.

2. Information We Collect

2.1 Personal Information

  • Name and contact information (e.g., email address, phone number)
  • Billing information (e.g., credit card details, billing address)
  • Company and Shopify store information
  • Account credentials (e.g., username and password)

2.2 Usage Data

  • Uploaded invoices and related data
  • SKU, BOM, and inventory data
  • Device information (e.g., IP address, browser type)
  • Usage patterns and activity logs

3. Legal Bases for Processing

We process personal data under the following legal bases as permitted by the GDPR:

  • Contractual Necessity: To fulfill our contractual obligations to you (e.g., to provide the Service or process payments).
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud.
  • Consent: Where required by law, we seek your consent (e.g., for certain marketing communications).
  • Legal Obligation: To comply with applicable laws and regulations.

4. How We Use Your Information

We may use your data to:

  • Provide, operate, and maintain our Service.
  • Process payments and manage subscriptions.
  • Send important updates, notifications, or administrative messages.
  • Enhance, customize, and improve user experience and Service functionality.
  • Generate inventory reports and cost analysis.
  • Comply with legal, regulatory, and contractual obligations.
  • Protect against fraud, unauthorized access, and other security issues.
  • Provide marketing or promotional communications (with appropriate consent where required).

5. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes outlined in this Policy or for as long as we are legally required or permitted to do so. We will securely delete or anonymize personal data when it is no longer needed.

6. Data Storage and Security

We implement appropriate technical and organizational security measures:

  • Data encryption in transit (e.g., HTTPS/TLS) and at rest where feasible.
  • Regular security assessments and penetration testing.
  • Strict access controls and multi-factor authentication where possible.
  • Use of secure, certified data centers.
  • Frequent backups to prevent data loss.
  • Employee training on privacy and data security best practices.

7. Data Sharing and Disclosure

We may share your personal data with third parties in the following circumstances:

  • Payment Processors: For billing and payment transactions.
  • Service Providers: Trusted vendors who assist with our operations (e.g., hosting, analytics), under strict confidentiality obligations.
  • Legal Compliance: If required to do so by law, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to appropriate safeguards.
  • With Your Consent: Where you have explicitly given permission for us to share data.

8. Your Rights

Under the GDPR and other applicable laws, you have certain rights regarding your personal data. These may include the right to:

  • Access: Request confirmation that we are processing your data and access a copy of your personal data.
  • Rectification: Correct any inaccurate or incomplete personal data we hold about you.
  • Erasure: Request deletion of your personal data when it is no longer needed or where processing is unlawful.
  • Restriction: Ask us to suspend the processing of your personal data under certain circumstances.
  • Portability: Obtain a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Objection: Object to processing of your personal data, including for direct marketing or where processing is based on legitimate interests.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Complaint: Lodge a complaint with a supervisory authority if you believe your rights under data protection laws have been infringed.

To exercise any of these rights, please contact us using the details in the Contact Us section below.

9. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, analyze usage patterns, and improve our Service. You can control cookie settings through your browser preferences.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your own, which may not offer the same level of data protection. Where this is the case, we use appropriate safeguards (such as standard contractual clauses) to ensure your data is adequately protected in accordance with applicable laws.

11. Children’s Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us so we can take steps to remove that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact us at hello@inventorypal.app.