Privacy Policy

Last updated: March 24, 2026 · Effective: March 15, 2026

StockBridge ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information when you use StockBridge, a Shopify app for multi-store inventory synchronization.

1. Information We Collect

When you install StockBridge, we collect:

• Store Information: Shopify store domain, access tokens (encrypted with AES-256-GCM), store owner email
• Product Data: Product variant IDs, SKUs, barcodes, and inventory quantities — used solely for sync
• Sync Logs: History of inventory sync events, including quantities, timestamps, and sync status
• Connection Data: Which stores are connected to each other for syncing
• Billing Data: Subscription plan information (processed by Shopify Billing — we do not store payment details)

We do NOT collect: customer personal data, order details, financial information, or any data not directly related to inventory sync.

2. How We Use Your Information

• Synchronizing inventory quantities across your connected Shopify stores in real-time
• Displaying sync analytics, health scores, and activity logs in your dashboard
• Sending email notifications about sync failures, plan limits, and weekly summaries (only if you opt in)
• Providing customer support when you contact us
• Improving the StockBridge service

We never sell, rent, or share your data with third parties for marketing purposes.

3. Data Storage & Security

• Database: PostgreSQL on Railway (us-west2 region, USA)
• Cache: Redis on Upstash (encrypted at rest and in transit)
• Token Encryption: All Shopify access tokens encrypted with AES-256-GCM before storage
• Transport Security: All data in transit uses TLS 1.2+ encryption
• Email: Transactional emails sent via Resend (resend.com)

4. Data Retention

• Data is retained while your StockBridge account is active
• Activity/sync logs are kept for 90 days then automatically purged
• On app uninstall: all store data is deleted within 48 hours per GDPR requirements
• You may request immediate deletion by contacting [email protected]

5. GDPR & Your Rights

If you are in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your data
• Right to Deletion: Request deletion of your data ("right to be forgotten")
• Right to Portability: Receive your data in a machine-readable format
• Right to Rectification: Request correction of inaccurate data
• Right to Object: Object to processing of your data

We respond to all Shopify GDPR mandatory webhooks: customers/data_request, customers/redact, shop/redact

To exercise any of these rights, email: [email protected]

6. Third-Party Services

StockBridge uses the following third-party services:

• Shopify: App platform and billing (shopify.com/legal/privacy)
• Railway: Database hosting (railway.app/legal/privacy)
• Upstash: Redis cache (upstash.com/trust/privacy)
• Resend: Transactional email (resend.com/legal/privacy-policy)

7. Cookies

StockBridge does not use cookies for tracking or advertising. Session cookies may be used by Shopify for authentication purposes only.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of StockBridge after changes constitutes acceptance of the updated policy.

9. Contact Us

For privacy questions or requests:

• Email: [email protected]
• Support: [email protected]
• Website: stockbridgeapp.com