Privacy Policy

Last updated: March 28, 2026

1. Who we are

Stock Sorted ("we", "us", "our") is operated by Josef Richter, based in the Czech Republic. This app is available on the Shopify App Store and is designed to help merchants manage shared inventory across product variants.

2. What data we collect

When you install Stock Sorted, we access the following Shopify data:

  • Store URL and access token — to authenticate API calls to your store
  • Product and variant data — titles, SKUs, prices, inventory quantities (to display in the app and sync inventory)
  • Order line items — variant IDs and quantities only (to calculate inventory deductions). We do NOT access customer names, emails, addresses, or payment information.
  • Inventory levels — to sync calculated quantities back to Shopify

3. How we use your data

Your data is used exclusively to provide the Stock Sorted service:

  • Calculate and sync shared inventory quantities across linked variants
  • Process order webhooks to deduct from shared stocks
  • Display inventory status and activity logs in the app
  • Take inventory snapshots for safety/recovery purposes

We do NOT sell, share, or use your data for advertising, analytics, or any purpose other than providing the app's functionality.

4. Data storage and security

  • Data is stored in a PostgreSQL database hosted on Fly.io (US/EU regions)
  • All connections use TLS encryption
  • Access tokens are stored encrypted at rest
  • We do not store customer personal data (names, emails, addresses)

5. Data retention

  • Your data is retained as long as the app is installed on your store
  • When you uninstall the app, your store data is deleted within 48 hours
  • Inventory snapshots and sync logs are retained for 90 days after uninstall for recovery purposes, then permanently deleted

6. GDPR compliance

As a data processor based in the EU (Czech Republic), we comply with the General Data Protection Regulation (GDPR). Specifically:

  • Data minimization — we only access the minimum data needed to provide inventory sync functionality
  • Right to erasure — uninstalling the app triggers automatic deletion of your data
  • Data portability — you can export your shared stock configurations and sync history at any time
  • No customer PII — we never access or store end-customer personal information

7. Shopify mandatory webhooks

We handle the following mandatory Shopify privacy webhooks:

  • customers/data_request — we confirm we hold no customer personal data
  • customers/redact — acknowledged (no customer data to redact)
  • shop/redact — all store data is permanently deleted

8. Third-party services

  • Shopify — we interact with the Shopify Admin API to read products and set inventory levels
  • Fly.io — application hosting and database
  • We do not use any analytics, tracking, or advertising services

9. Contact

For privacy inquiries or data requests, contact:
Josef Richter
Email: josef.richter@me.com
Location: Czech Republic, EU