Privacy Policy
Effective date: May 8, 2026 Last updated: May 8, 2026
This Privacy Policy explains how Inventory Connect LLC ("Inventory Connect," "we," "us," or "our") collects, uses, shares, and protects information when you use the InventoryConnect.io platform (the "Service"), including the website at inventoryconnect.io, the dashboard application, the public lead and storefront APIs, and related services.
This policy covers two distinct kinds of relationship:
- You as our customer — the businesses and the people they authorize who sign up to use the Service. You're the "data subject" in this category.
- Your customers' personal information — names, contact details, and purchase history that you put into the Service so it can run your business. You are the "controller" / "business" for that data; we're the "processor" / "service provider" acting on your instructions. See your Terms of Service Section 3 for that distinction.
If something is unclear, email support@inventoryconnect.io and we'll answer.
1. Information we collect
1.1 Information you give us when you sign up or use the Service
| Type | Examples |
|---|---|
| Account info | Name, email, phone, password (hashed), store name, sign-up referral source |
| Profile info | Photo / avatar (optional), role, store assignment |
| Billing info | Payment method, billing address (handled by our payment processor; we don't store full card numbers) |
| Support communications | Tickets, screenshots, emails to support@inventoryconnect.io |
1.2 Information your business creates inside the Service
This is "Customer Data" under the Terms:
- Inventory records (watches, handbags, photos, prices, costs, internal notes)
- Customer profiles you add (names, emails, phones, addresses, tags, notes, lifetime-value rollups)
- Sale transactions, invoices, payment records
- Wishlists, opportunities, tasks, pipelines
- Repair tickets and service-center records
- Integration credentials (Shopify access tokens, QuickBooks tokens, Klaviyo API keys, webhook URLs and secrets)
You control this data; we process it under your direction.
1.3 Information we collect automatically
| Type | Why |
|---|---|
| Device + browser metadata (IP, user agent, language, viewport) | Security, anti-abuse, debugging |
| Usage events (pages viewed, actions taken, errors thrown) | Product analytics, performance tuning |
| Cookies + localStorage | Session authentication, sidebar collapse preference, theme choice |
| Server logs | Standard request logs (IP, timestamp, path, response code, latency) for security and operations |
We do not use third-party advertising trackers, fingerprinting, or session-replay tools.
1.4 Information from integrations you connect
When you connect Shopify, QuickBooks, Klaviyo, etc., the relevant integration exchanges data with that service on your behalf — inventory pushes, sales metrics, customer events, etc. We act on your authorization. The third-party service's privacy policy governs what it does with the data on its side.
2. How we use information
2.1 To provide and improve the Service
- Authenticate users, secure sessions, and gate access by role
- Run inventory, CRM, sales, and integration workflows
- Send transactional emails (verification, password reset, ticket receipts, repair updates, sale notifications)
- Investigate bugs, errors, and performance regressions
- Build and improve features based on aggregated usage
2.2 To communicate with you (the account holder)
We send a small number of operational emails to the address on your account. These include:
- Account verification, password reset, security alerts
- Billing receipts and payment-method updates
- Material changes to these policies (with at least 30 days' notice for substantive changes)
- Major product announcements (you can opt out without losing account access)
We do not send promotional / advertising email to your customers without your separate authorization through an integration you connect.
2.3 For analytics and product development
We use aggregated, de-identified usage statistics to understand how the Service is used and to improve it. We do not sell this data and we do not combine it with personally identifying data for advertising purposes.
2.4 To comply with law and protect rights
We may use information to comply with subpoenas, court orders, or legal obligations, to enforce these Terms, to investigate fraud or security incidents, and to protect the rights, property, or safety of Inventory Connect, our users, or others.
2.5 What we don't do
- We do not sell or rent your personal information or your Customer Data to third parties for their independent use.
- We do not use your Customer Data to train machine-learning models offered to other customers.
- We do not scrape or repurpose your Customer Data for our own marketing without your written permission.
- We do not use your customers' email addresses to market Inventory Connect to them.
3. How we share information
We share information only with these categories of recipients:
3.1 Subprocessors and infrastructure providers
The Service runs on a small set of trusted vendors that process data on our behalf. Current subprocessors:
| Vendor | What they do | Where |
|---|---|---|
| Vercel | Application hosting + serverless compute | USA |
| Neon | Postgres database hosting | USA |
| Cloudflare R2 | Photo storage | USA |
| Resend | Transactional email delivery | USA |
| Anthropic / OpenAI | (Optional) AI-assisted features when explicitly invoked by your team | USA |
Each is bound by contractual confidentiality and security obligations equivalent to those in this policy. We may add or remove subprocessors and will update this list.
3.2 Integrations you authorize
When you connect a third-party service (Shopify, QuickBooks, Klaviyo, Mailchimp, Twilio, Stripe, Authorize.net, Affirm, Facebook Lead Ads, etc.), the integration exchanges data with that service. Each is governed by its own privacy policy. You can disconnect at any time from the Integrations page; disconnection stops future data exchange but doesn't recall data already shared.
3.3 Other users in your store
Information you record (sales, customer notes, opportunities, tasks) is visible to other staff in your store with appropriate roles. Per-employee scoping rules apply for tasks and opportunities; see the in-app help for specifics.
3.4 Legal requests and protection
We may disclose information when required by law, valid legal process (subpoena, court order, etc.), or when necessary to investigate fraud, abuse, or security threats. Where lawful, we will notify the affected account before disclosing.
3.5 Business transfers
If Inventory Connect is involved in a merger, acquisition, asset sale, financing, or bankruptcy, your information may be transferred. The acquirer will be bound by this Privacy Policy or will give you advance notice and a chance to opt out before any material change in how your information is used.
4. How long we keep information
| Category | Retention |
|---|---|
| Active account info + Customer Data | For as long as your account is active |
| Customer Data after account closure | Up to 90 days for export, then deleted (subject to backup roll-out window) |
| Transaction records (sales, invoices) | Retained as required for tax / AML / accounting compliance |
| Support tickets + email | 24 months from last activity |
| Server logs | 30-90 days |
| Backups | Encrypted, ~90 day rolling window |
| Audit / security event logs | 12 months |
You can request earlier deletion by emailing us, subject to legal retention obligations.
5. Security
We use reasonable technical and organizational measures to protect information, including:
- TLS 1.2+ in transit; encryption at rest for the database and photo storage
- Hashed passwords (never stored in plaintext)
- Role-based access controls inside the dashboard
- HMAC-signed webhook deliveries (where supported)
- Segregated production / preview environments with separate databases
- Logged + audit-trailed administrative actions
- Vendor security reviews before adding new subprocessors
No system is 100% secure. If we discover a security incident affecting your information, we will notify you without undue delay, consistent with applicable law.
6. Your rights
Depending on where you live, you may have rights including:
- Access — get a copy of the personal information we hold about you
- Correction — fix inaccurate information
- Deletion — ask us to delete personal information (subject to legal retention)
- Portability — receive a copy in a portable format
- Objection / restriction — object to or restrict certain processing
- Marketing opt-out — unsubscribe from product-update emails at any time via the unsubscribe link or by emailing us
- Withdraw consent — where processing is based on consent
To exercise these rights, email support@inventoryconnect.io. We will respond within 30 days (or as required by applicable law). If your rights request relates to data we process on behalf of a customer (Section 3.4 of the Terms), we will route the request to the responsible account holder.
You also have the right to lodge a complaint with a data protection authority where applicable. We will not retaliate against you for exercising these rights.
7. California residents (CCPA / CPRA)
If you live in California, you have the rights described in Section 6 above. The categories of personal information we collected in the past 12 months map to:
- Identifiers (name, email, phone, IP) — for account, billing, security
- Customer records (billing details) — for billing
- Commercial information (subscription tier, fees paid) — for billing
- Internet activity (page views, error logs) — for security and analytics
- Inferences (none for advertising purposes)
We do not "sell" personal information as defined by the CCPA, and we do not "share" personal information for cross-context behavioral advertising. We have not done so in the past 12 months.
You may submit a verifiable consumer request via support@inventoryconnect.io. We will not discriminate against you for exercising your CCPA rights.
8. International users
The Service is operated from the United States. If you access it from outside the U.S., your information will be transferred to, processed, and stored in the U.S. and other countries where our subprocessors operate. By using the Service you consent to this transfer.
For data subjects in the European Economic Area, United Kingdom, or Switzerland: we rely on Standard Contractual Clauses (or equivalent transfer mechanisms) where required.
9. Children's privacy
The Service is not intended for, and does not knowingly collect personal information from, anyone under the age of 16. If you believe a child has provided us personal information, please contact us and we will delete it.
10. Cookies and similar technologies
We use a small number of cookies and equivalent storage:
- Session cookie (httpOnly, secure) — keeps you logged in
- localStorage — sidebar collapse state, theme choice, simple UI preferences
- OAuth state cookies (httpOnly, secure, short-lived) — secure third-party connection round-trips
We do not use advertising cookies, retargeting pixels, or third-party analytics that track you across the web. If you clear cookies you'll be logged out and your UI preferences will reset.
11. Changes to this policy
We may update this Privacy Policy. The "Last updated" date at the top reflects the most recent change. Material changes will be announced at least 30 days in advance via email to the account owner or an in-app banner.
12. Contact
Questions, requests, or complaints? Email support@inventoryconnect.io or write to:
Inventory Connect LLC Attn: Privacy support@inventoryconnect.io
This Privacy Policy reflects our current practices. It is not legal advice. We recommend you have your own counsel review this policy and confirm it matches your specific obligations under applicable law.