Privacy Policy
Draft — pending legal review. This is not legal advice.
Introduction
This Privacy Policy explains how Stockily ("Stockily", "we", "us", or "our") collects, uses, shares, and protects personal data when you use Stockily, our subscription software-as-a-service platform (an ERP for cash-on-delivery e-commerce), and when you visit our website at https://www.stockily.io (collectively, the "Service").
This document is a draft provided for the business to review with qualified legal counsel. It is not legal advice and does not create any contractual obligation in its current form.
For the purposes of the EU and UK General Data Protection Regulation ("GDPR"), Stockily acts as the data controller for personal data we process about our account holders and website visitors. Where you use Stockily to manage your own customers' order and operational data, you are the controller of that data and Stockily acts as your processor; in those cases, our processing is governed by our Data Processing Agreement.
Who We Are and How to Reach Us
Stockily is the controller responsible for the personal data described in this policy. Our registered address is .
If you have any questions about this policy or wish to exercise your privacy rights, you can contact us at .
This policy is governed by, and questions of its interpretation are subject to, the laws of , without prejudice to any mandatory data protection rights you may have under the laws of your own country.
What Data We Collect
Account data. When you create an account, start a trial, or subscribe to a paid plan, we collect information such as your name, business name, email address, login credentials, role, and your communication preferences.
Usage data. We collect information about how you interact with the Service, such as pages and features accessed, actions taken, device and browser type, IP address, approximate location derived from IP, log timestamps, and diagnostic data used to keep the Service reliable and secure.
Customer-provided order and operational data. As an ERP for cash-on-delivery e-commerce, Stockily lets you upload, import, and manage data about your own business operations and end customers, including order details, recipient names, delivery addresses, phone numbers, product and inventory records, and fulfillment status. You provide and control this data; we process it on your behalf to deliver the Service.
Payment metadata. When you subscribe to a paid plan, we collect billing metadata such as your plan, billing cycle (monthly or annual), subscription status, billing country, the last four digits and brand of your card, and invoice history. We do not collect or store full card numbers — see the dedicated section on Stripe below.
How We Use Your Data
We use personal data to: provide, operate, and maintain the Service; create and manage your account and subscription; process payments and prevent fraud; provide customer support and respond to your requests; send service, security, and billing communications; improve, secure, and develop the Service; comply with our legal obligations; and enforce our terms and protect our rights and those of our users.
We do not sell your personal data, and we do not use the customer-provided order and operational data you store in Stockily for our own marketing or to train models. We process that data only to provide the Service to you and on your documented instructions.
Legal Bases (GDPR) and CCPA Note
Where the GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service, manage your account, and process your subscription); legitimate interests (to secure, improve, and support the Service and prevent fraud, balanced against your rights); compliance with a legal obligation (such as tax and accounting requirements); and consent (for example, non-essential cookies or optional communications, which you may withdraw at any time).
California residents (CCPA/CPRA). In the past 12 months we have collected the categories of personal information described above. We do not sell or "share" your personal information for cross-context behavioral advertising as those terms are defined under California law. California residents have the right to know, access, correct, and delete their personal information and to be free from discrimination for exercising these rights. To exercise them, contact us at .
Cookies
We use cookies and similar technologies to operate the Service, keep you signed in, remember preferences, and understand how the Service is used. For details about the cookies we use and how to control them, please see our Cookie Policy.
Where required by law, we ask for your consent before placing non-essential cookies, and you can change your choices at any time.
Data Sharing and Sub-Processors
We share personal data only as needed to run the Service and only with trusted providers (sub-processors) bound by appropriate confidentiality and data protection obligations. We may also disclose data where required by law, to enforce our agreements, or in connection with a merger, acquisition, or sale of assets (with notice where required).
Supabase provides our managed database and authentication infrastructure, hosting account data, usage data, and the customer-provided order and operational data you store in Stockily.
Resend provides our transactional email delivery (for example, account, security, and billing emails).
We also rely on Vercel for cloud hosting and on Plausible for privacy-friendly, cookieless analytics, to run the Service and measure performance and reliability. Our current list of sub-processors is published on our Sub-processors page and is available on request via .
Payment Processing by Stripe
Payments for Stockily subscriptions are processed by Stripe, Inc. ("Stripe") through Stripe's hosted Checkout and customer portal. Card and payment details are entered directly with Stripe and never touch Stockily's servers — we do not collect, transmit, or store your full card number, expiry, or security code.
Stripe acts as an independent controller of the payment and card data it processes for fraud prevention, regulatory compliance, and to operate its payment services. Stripe's handling of that data is subject to Stripe's own privacy policy, available at https://stripe.com/privacy.
From Stripe we receive only the billing metadata needed to manage your subscription (such as subscription status, plan, billing cycle, billing country, and the card's brand and last four digits).
International Transfers
Stockily is offered worldwide and billed in USD. Your personal data may be processed in countries other than the one in which you reside, including the United States and other locations where we or our sub-processors operate.
Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable), together with additional measures where needed to protect your data.
Data Retention
We keep account and billing data for as long as your account is active and for a reasonable period afterward to meet legal, tax, accounting, and dispute-resolution obligations.
Customer-provided order and operational data is retained for the duration of your subscription and deleted or returned after termination in accordance with your instructions and our Data Processing Agreement, subject to any retention required by law. We delete or anonymize data when it is no longer needed for the purposes described in this policy.
Security
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, authentication, tenant data isolation, logging, and regular review of our practices.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.
Your Rights
Depending on where you live, you may have the right to access, correct, export (data portability), delete, or restrict the processing of your personal data, to object to certain processing, and to withdraw consent where processing is based on consent. These rights are subject to legal limits.
To exercise any of these rights, contact us at . We will respond within the timeframes required by applicable law and may need to verify your identity first. If you are the controller of customer-provided data stored in Stockily, you can also export or delete much of that data directly within the Service.
Billing and subscriptions. Stockily offers a 14-day free trial with no credit card required. Paid plans are billed monthly or annually, and you can cancel at any time on a self-serve basis through the Stripe customer portal; your access continues until the end of the period you have already paid for.
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority, though we ask that you contact us first so we can try to resolve your concern.
Children
Stockily is a business tool intended for use by organizations and is not directed to children. We do not knowingly collect personal data from children under the age required for consent in your jurisdiction. If you believe a child has provided us with personal data, please contact us at and we will take appropriate steps to delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before they take effect. The date at the top of this policy indicates when it was last updated, and your continued use of the Service after an update means you accept the revised policy.
Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or our handling of your personal data, please contact Stockily at or by mail at .