← Back to home

Privacy Policy

Last updated: March 11, 2026

1. Information We Collect

When you use Stokkfy, we collect:

  • Account information: name, email address, and authentication credentials (via Google OAuth or email/password).
  • Business information: business name, platform type, location (city-level, used for supplier search radius).
  • Product data: product names, stock levels, reorder points, pricing — synced from your POS system.
  • Supplier information: supplier names, contact details, preferred order channels.
  • Usage data: pages visited, features used, chatbot interactions.

2. How We Use Your Information

  • To provide and maintain the Stokkfy service.
  • To sync inventory data from your connected POS.
  • To place orders with your suppliers via your preferred channels.
  • To power AI features (chatbot, product vision, supplier search).
  • To send you service-related notifications.
  • To improve and optimize the platform.

3. Data Security

We take security seriously:

  • Encryption: Supplier portal credentials are encrypted using AES-256-GCM. Encryption keys are stored securely in environment variables, never in code or databases.
  • Authentication: We use Supabase Auth with session-based cookies. Sessions expire when you close your browser.
  • AI Privacy: Your business name is never sent to AI models. Each chatbot session is independent — no data carries over between sessions.
  • No credential exposure: Saved passwords are never displayed in the UI and are wiped from server memory after use.

4. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication (EU servers).
  • Vercel: Hosting and deployment.
  • Groq: AI model inference (chatbot, vision).
  • Resend: Transactional email delivery.
  • Twilio: WhatsApp messaging and voice calls.
  • Square/Shopify: POS data sync (only with your explicit OAuth consent).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us at support@stokkfy.com.

6. Your Rights

Under GDPR and applicable laws, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Withdraw consent at any time.

7. Cookies

Stokkfy uses essential cookies for authentication and session management. We do not use advertising or tracking cookies.

8. Contact

For any privacy-related questions, contact us at support@stokkfy.com.