Privacy Policy

StoqShelf is a multi-tenant inventory management platform designed to help businesses and individuals track, manage, and report on their physical and digital inventory. The platform supports user authentication, role-based access control, collaborative inventory management through email-based invitations, audit logging, category management, and export functionality.

This policy applies to all users of the StoqShelf platform, including visitors to stoqshelf.com, registered account holders, invited collaborators, and any individual whose personal data is processed by StoqShelf in connection with the provision of our services.

We are committed to protecting your personal data in accordance with applicable data protection laws, including but not limited to the Republic Act No. 10173 (Data Privacy Act of 2012) of the Philippines and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

We collect information in the following categories depending on how you interact with the platform:

A. Account Registration Data

When you create an account, we collect the following information that you voluntarily provide:

• Full name or display name
• Email address (used as a primary identifier)
• Password (stored as a one-way cryptographic hash — never in plain text)
• Account role and permission level assigned at registration
• Date and timestamp of account creation

B. Profile and Account Settings Data

• Profile photo or avatar (if uploaded)
• Display preferences including dark mode or light mode selection
• Notification preferences and alert thresholds
• Language and regional settings

C. Inventory and Business Data

When you use the platform, you create and manage data that may include:

• Product names, SKUs, barcodes, descriptions, and categories
• Quantity, location, minimum stock threshold, and cost information
• Custom tags, notes, and metadata associated with inventory items
• Supplier information and purchase records entered by the user
• Exported reports in CSV, Excel, or PDF format

D. Usage and Technical Data

• IP address and approximate geographic location derived from IP
• Browser type, version, and operating system
• Device identifiers and screen resolution
• Pages visited, features accessed, and time spent on the platform
• Referring URLs and navigation paths within the application
• Error logs and crash reports

E. Communications Data

• Email address and message content submitted via contact forms
• Early access and waitlist signup submissions
• Support requests and correspondence with our team

F. Audit and Activity Logs

As part of the platform's core functionality, StoqShelf maintains detailed audit logs that record:

• Every create, read, update, and delete action performed on inventory records
• User identity, timestamp, and IP address associated with each action
• Login and logout events, failed authentication attempts, and session data
• Permission changes, invitation events, and role modifications

We process personal data only for specific, legitimate purposes. The table below outlines the primary uses of collected data:

Purpose	Data Used	Basis
Account creation and authentication	Name, email, password hash	Contract performance
Providing inventory management services	All inventory and business data	Contract performance
Sending transactional emails (low stock alerts, invitations)	Email address, inventory thresholds	Contract performance
Platform security and fraud prevention	IP address, login logs, usage data	Legitimate interest
Audit trail and compliance records	User actions, timestamps, IPs	Legal obligation / Legitimate interest
Product improvement and analytics	Anonymized usage patterns	Legitimate interest
Customer support and issue resolution	Contact form data, account info	Contract performance
Waitlist and early access communications	Email address	Consent
Legal compliance and enforcement of Terms	All relevant data	Legal obligation

We do not use your personal data for automated individual decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

Where the GDPR or other applicable regulations apply, we rely on the following legal grounds for processing personal data:

• Performance of a Contract: Processing necessary to provide the services you have requested, including account management, inventory features, and email notifications.
• Legitimate Interests: Processing required to operate and improve our platform securely, prevent fraud, and analyze aggregate usage patterns, where such interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable laws, court orders, or government directives.
• Consent: Where we rely on consent (such as for waitlist emails), you may withdraw that consent at any time by contacting us or clicking the unsubscribe link in any marketing communication.

StoqShelf does not sell, rent, or trade your personal information to third parties for commercial purposes. We may share data only in the following circumstances:

A. With Invited Collaborators

When you invite another user to access your inventory via the platform's email-based invitation system, their access is governed by the permissions you assign. They will be able to view and interact with inventory data you explicitly grant access to. You are responsible for managing and revoking collaborator access within your account settings.

B. With Service Providers

We engage trusted third-party vendors to operate the platform, including but not limited to:

• Web hosting and infrastructure providers (e.g., Namecheap hosting)
• Transactional email delivery services
• Error monitoring and crash reporting tools
• Analytics services using anonymized or aggregated data only

These vendors are contractually bound to process data solely on our behalf and in accordance with this policy.

C. For Legal Compliance

We may disclose personal data when required to do so by applicable law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of StoqShelf, our users, or the public.

D. Business Transfers

In the event of a merger, acquisition, asset sale, or corporate restructuring, personal data may be transferred to a successor entity. We will provide reasonable notice before any such transfer and require the successor to honor the commitments in this policy.

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable law. The following retention periods apply:

Data Category	Retention Period	Basis
Account registration data	Duration of account + 30 days post-deletion	Contract / Legal
Inventory and business data	Active account lifetime; deleted on request	Contract
Audit logs	Minimum 12 months from creation	Legitimate interest / Legal
Email communications	24 months unless active support case	Legitimate interest
Waitlist / early access emails	Until withdrawn or platform launches	Consent
Server and access logs	90 days rolling	Security / Legitimate interest

Upon account deletion, we will anonymize or securely erase your personal data within 30 days, except where retention is required by law or for the resolution of disputes.

StoqShelf uses cookies and similar technologies to operate the platform and improve user experience. The following categories of cookies may be used:

• Essential Cookies: Required for user authentication, session management, and CSRF protection. These cannot be disabled as they are necessary for the platform to function.
• Preference Cookies: Store user interface settings such as dark mode or display preferences. These are stored in localStorage and remain on your device until cleared.
• Analytics Cookies: Used in aggregate to understand how users navigate the platform. Where possible, these are anonymized or aggregated before processing.

You may control cookie behavior through your browser settings. Disabling essential cookies will impair or prevent access to the platform. StoqShelf does not use third-party advertising or tracking cookies.

We implement administrative, technical, and physical safeguards designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• Passwords stored exclusively as bcrypt-hashed values — never in recoverable plain text
• CSRF token protection on all state-changing requests
• Input sanitization and parameterized queries to prevent SQL injection and XSS attacks
• HTTPS enforcement across all platform endpoints
• Session expiration and invalidation on logout
• Role-based access control ensuring users access only permitted data
• Comprehensive audit logging of all privileged actions
• Regular security reviews and patch management

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities within the timeframes required by applicable law.

StoqShelf is operated from the Philippines. If you access the platform from outside the Philippines, your personal data may be transferred to, stored on, and processed in servers located in a different jurisdiction than your country of residence.

Where data is transferred to countries that may not provide the same level of data protection as your home jurisdiction, we take appropriate measures to ensure adequate protection, including reliance on standard contractual clauses, data processing agreements with service providers, and technical safeguards.

By using StoqShelf, you consent to the transfer of your information to the Philippines and to the processing of your information in the Philippines and other countries where our service providers operate.

Depending on your jurisdiction, you may have the following rights with respect to your personal data. We honor all valid requests within 30 days of receipt:

• Right of Access: Request a copy of the personal data we hold about you, including a description of how it is used.
• Right to Rectification: Request correction of inaccurate or incomplete personal data without undue delay.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data where there is no compelling legal reason for continued processing.
• Right to Restriction of Processing: Request that we limit how we process your data in certain circumstances, such as while we verify a rectification request.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format and transmit it to another controller where technically feasible.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right Not to Be Subject to Automated Decision-Making: Not to be subject to solely automated decisions that produce significant legal or similar effects.

To exercise any of these rights, contact us at info@stoqshelf.com. We may require identity verification before processing your request. If you are unsatisfied with our response, you have the right to lodge a complaint with the National Privacy Commission of the Philippines or the relevant supervisory authority in your country.

StoqShelf is intended exclusively for use by individuals who are at least 18 years of age. We do not knowingly collect, solicit, or process personal data from individuals under the age of 18.

If we become aware that personal data of a minor has been collected without verifiable parental consent, we will take immediate steps to delete such data from our systems. If you believe we may have inadvertently collected information from a minor, please contact us immediately at info@stoqshelf.com.

The StoqShelf platform may integrate with or link to third-party services, including but not limited to:

• Hosting infrastructure providers (Namecheap)
• Google Fonts — typography assets served from Google's CDN (subject to Google's Privacy Policy)
• Email delivery providers for transactional notifications

This Privacy Policy does not apply to third-party websites, services, or applications that may be linked from our platform. We encourage you to review the privacy policies of any third-party services you access through StoqShelf. We are not responsible for the privacy practices or content of such third parties.

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

• Update the "Last Revised" date at the top of this document
• Post a notice on the StoqShelf platform or homepage for a minimum of 30 days
• Send an email notification to registered account holders where the change materially affects their rights

Your continued use of the platform following the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with any change, you should discontinue use of the platform and may request deletion of your account and data as described in Section 10.

We encourage you to review this page periodically. Prior versions of this policy are available upon written request to info@stoqshelf.com.

For questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact our Data Privacy Officer:

We aim to respond to all privacy-related inquiries within five (5) business days and to resolve all requests within thirty (30) days of receipt, unless the complexity of the request requires a reasonable extension of time, in which case we will notify you.