InventoryIQ
Sign inStart free trial

Legal

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy explains how InventoryIQ ("we", "us") collects, uses, and protects information when you use our service (the "Service").

1. Information We Collect

Account information

When you sign up, we collect your name, email address, and authentication identifiers via Clerk, our authentication provider.

Billing information

Subscription payments are processed by Stripe. Stripe collects your payment method details directly. We receive only billing metadata (subscription status, plan, customer ID, last four digits of card). We do not store full card numbers.

Store data (Shopify)

When you connect a Shopify store, we request only the OAuth scopes needed to operate the Service. We do not request write access to your store. The specific Shopify scopes we use are:

  • read_orders — order line items, totals, timestamps, and inventory references. Used to compute sales velocity, days of cover, and demand forecasts. Limited to the most recent 60 days at install, plus all orders received via webhooks thereafter.
  • read_products — product titles, variants, SKUs, prices, and inventory item identifiers. Used to map sales to specific SKUs and to surface them in the catalog and reorder feed.
  • read_inventory — on-hand quantities and inventory item metadata. Used to calculate days of cover and reorder recommendations.
  • read_locations — the names and identifiers of your fulfillment locations. Used to attribute inventory to the correct warehouse or storefront.

We do not request, store, or process shopper personally-identifiable information such as customer names, email addresses, shipping addresses, or payment details. Order records we retain contain only the order id, totals, line items, and line-item-level inventory references — the fields needed for SKU-level analytics.

Usage data

We collect technical logs (IP address, browser type, pages viewed, timestamps) to operate, secure, and improve the Service.

2. How We Use Information

  • To provide, maintain, and improve the Service;
  • To generate forecasts, recommendations, and analytics for your account;
  • To process payments and manage subscriptions;
  • To communicate with you about your account, updates, and support;
  • To detect, prevent, and respond to fraud or abuse;
  • To comply with legal obligations.

3. Sharing of Information

We do not sell your personal information. We share information only with:

  • Service providers who help us operate the Service (e.g., Clerk for authentication, Stripe for billing, Replit for hosting, Neon/Postgres for the database, OpenAI/Anthropic for AI processing). These providers act on our instructions and are bound by confidentiality.
  • Connected platforms (e.g., Shopify) when you authorize the integration.
  • Legal authorities when required by law or to protect rights, safety, or property.
  • Successors in the event of a merger, acquisition, or asset sale.

4. Data Retention

We retain account and store data for as long as your account is active. After cancellation, we retain data for up to 90 days to allow recovery, then delete or anonymize it (except where retention is required by law, e.g., billing records).

When you uninstall InventoryIQ from your Shopify store, Shopify sends us an app/uninstalled webhook. On receipt, our handler immediately cascade-deletes the store record and all data derived from it (see the shop/redact bullet below for the exact tables affected). Shopify invalidates the OAuth access token on their side as part of the uninstall flow.

4a. Shopify GDPR Webhook Handling

InventoryIQ implements all three of Shopify’s mandatory GDPR compliance webhooks. Each is HMAC-verified using the Shopify API secret before any action is taken; requests with invalid or missing HMAC are rejected with HTTP 401. Each handler responds with HTTP 200 immediately after processing.

  • customers/data_request — sent when a shopper exercises their right to know what data is held about them. Because InventoryIQ does not store any shopper personally-identifiable information (see Section 1, “Store data (Shopify)”), there is no personal data to return. Our handler logs the request for audit purposes and immediately acknowledges receipt with HTTP 200.
  • customers/redact — sent when a shopper exercises their right to erasure, typically 10 days after a customer is deleted from the merchant’s store. Because we hold no shopper PII, there is nothing to erase. Our handler logs the event for audit purposes and immediately acknowledges receipt with HTTP 200.
  • shop/redact — sent by Shopify approximately 48 hours after a merchant uninstalls InventoryIQ. On receipt, our handler cascade-deletes every row associated with the store: products, order line items, orders, inventory levels, fulfillment locations, and finally the store record itself. The deletion is irreversible. This same cascade also runs immediately on app/uninstalled, so shop/redact serves as a backstop.

5. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest, isolated production environments, and access controls. No method of transmission or storage is 100% secure, but we work to protect your information.

6. Your Rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your personal information. You may also object to certain processing. To exercise any of these rights, email us at support@ecominventoryiq.com.

7. International Transfers

Our service providers may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

8. Children

The Service is not directed to individuals under 18, and we do not knowingly collect information from them.

9. Cookies

We use cookies and similar technologies for authentication, session management, and basic analytics. You can control cookies through your browser settings, though disabling them may affect functionality.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. The "Last updated" date at the top reflects the latest revision.

11. Contact

Questions about this Privacy Policy? Email us at support@ecominventoryiq.com.