Privacy Policy

1. Introduction

This Privacy Policy describes how StockCount ("we," "us," or "our") collects, uses, and shares your personal information when you use our inventory counting service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union.

By using StockCount, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

When you use StockCount, we collect various types of information to provide and improve our Service.

The specific categories of information we collect include:

• Account Information: Your name, email address, company name, and password when you create an account
• Inventory Data: Item numbers, descriptions, quantities, locations, and related information you upload for stock counting
• Usage Data: IP addresses, browser type, device information, pages visited, and actions taken within the application

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service, including processing transactions and managing subscriptions
• Communicate with you about service updates, security alerts, and respond to your inquiries
• Analyze usage patterns to enhance user experience and detect fraud or abuse
• Comply with legal obligations and protect our rights and the rights of our users

3.1. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service you signed up for

Legitimate Interests: Processing necessary for our legitimate business operations, fraud prevention, and service improvement

Legal Obligation: Processing required to comply with applicable laws and regulations

Consent: Processing based on your explicit consent, which you can withdraw at any time through your account settings or by contacting us

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only with trusted third-party service providers who assist us in operating our Service, processing payments, providing analytics (with your consent), and delivering transactional emails. These providers are bound by confidentiality agreements and may only use your information to perform services on our behalf.

We may also disclose your information if required by law, court order, or government regulation, or in connection with a merger, acquisition, or sale of assets where your information may be transferred as part of that transaction. In all cases, we ensure appropriate safeguards are in place to protect your data.

5. Third-Party Service Providers

We use the following trusted third-party service providers to help us operate StockCount:

• Stripe: For secure payment processing and subscription management
• Resend: For sending transactional emails such as verification emails and notifications
• Microsoft Clarity: For analytics and user behavior insights (only with your consent)
• Cloud hosting providers: For secure data storage and application hosting

These third-party providers have their own privacy policies. We recommend reviewing them:

• Stripe Privacy Policy: https://stripe.com/privacy
• Resend Privacy Policy: https://resend.com/legal/privacy-policy
• Microsoft Clarity Privacy Policy: https://privacy.microsoft.com/privacystatement

We ensure that all third-party providers comply with applicable data protection laws and maintain appropriate security measures to protect your information.

6. Data Security

We take the security of your personal information seriously and implement comprehensive measures to protect it from unauthorized access, disclosure, alteration, or destruction.

Our security infrastructure is built on industry-standard practices and regularly updated to address emerging threats.

We employ multiple layers of security safeguards, including:

• Encryption: All data in transit is encrypted using TLS/SSL protocols, and sensitive data at rest is encrypted using industry-standard algorithms
• Access Controls: Strict access controls and authentication mechanisms ensure only authorized personnel can access personal data
• Security Monitoring: Continuous monitoring, regular security audits, and vulnerability assessments to identify and address potential risks
• Employee Training: All employees undergo data protection and security awareness training

While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information using best practices.

7. Data Retention

We retain different types of data for varying periods based on legal requirements, business needs, and the nature of the information:

• Account Information: Retained for as long as your account is active, plus 90 days after deletion for account recovery purposes
• Inventory Data: Count records and stock data are retained for up to 90 days after account deletion for audit and reconciliation purposes
• Payment Records: Transaction history retained for 7 years to comply with financial regulations and tax laws
• System Logs: Security and access logs retained for 90 days for security monitoring and incident response
• Analytics Data: Anonymized usage data may be retained indefinitely for service improvement
• Support Communications: Customer support interactions retained for 3 years for quality assurance and training purposes

After the applicable retention period expires, we securely delete or anonymize your personal information in accordance with applicable laws.

If you have specific retention requirements for audit purposes, please contact us to discuss extended retention options for your inventory data.

8. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances
• Right to Restriction of Processing: Request that we limit how we use your personal data
• Right to Data Portability: Receive your personal data in a structured, commonly-used format and transmit it to another controller
• Right to Object: Object to our processing of your personal data for direct marketing or legitimate interests

To exercise any of these rights, please contact us at support@stock-count.com. We will respond to your request within 30 days as required by GDPR. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

9. Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data:

• Data Encryption: All data in transit is protected using TLS 1.2+ encryption, and sensitive data at rest is encrypted using AES-256
• Access Management: Role-based access controls ensure only authorized personnel can access personal data on a need-to-know basis
• Authentication: Multi-factor authentication (MFA) required for all administrative access to systems containing personal data
• Security Monitoring: 24/7 monitoring, intrusion detection systems, and regular security audits to identify and respond to threats
• Backup and Recovery: Regular encrypted backups with secure offsite storage to ensure business continuity and data integrity

Our security practices are regularly reviewed and updated to address emerging threats and comply with industry standards and best practices.

In the event of a data breach that may affect your rights and freedoms, we will notify you and relevant authorities within 72 hours as required by applicable data protection laws.

10. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us at support@stock-count.com. For GDPR-related inquiries from EU residents, you may also contact your local data protection authority.