Privacy Policy

Last updated: May 22, 2026

1. Who we are

Stock Sorted ("we", "us", "our") is operated by Josef Richter, based in the Czech Republic. This app is available on the Shopify App Store and is designed to help merchants manage shared inventory across product variants.

2. What data we collect

When you install Stock Sorted, we access the following Shopify data:

  • Store URL and access token — to authenticate API calls to your store
  • Product and variant data — titles, descriptions, SKUs, prices, inventory quantities (to display in the app, suggest setup, and sync inventory)
  • Order line items — variant IDs and quantities only (to calculate inventory deductions). We do NOT access customer names, emails, addresses, or payment information.
  • Inventory levels — to sync calculated quantities back to Shopify

3. How we use your data

Your data is used exclusively to provide the Stock Sorted service:

  • Calculate and sync shared inventory quantities across linked variants
  • Process order webhooks to deduct from shared stocks
  • Display inventory status and activity logs in the app
  • Take inventory snapshots for safety/recovery purposes

We do not sell your data or use it for advertising. We use limited product analytics and operational notifications to understand app health, installs, billing changes, and major feature usage.

4. Data storage and security

  • Data is stored in a PostgreSQL database hosted on Fly.io (US/EU regions)
  • All connections use TLS encryption
  • Shopify access and refresh tokens are encrypted before database writes
  • We do not store customer personal data (names, emails, addresses)

5. Data retention

  • Your data is retained as long as the app is installed on your store
  • When Shopify sends app/uninstalled or shop/redact, your store data is deleted
  • Inventory snapshots, sync logs, billing grants, and shared stock data are deleted with the store record

6. GDPR compliance

As a data processor based in the EU (Czech Republic), we comply with the General Data Protection Regulation (GDPR). Specifically:

  • Data minimization — we only access the minimum data needed to provide inventory sync functionality
  • Right to erasure — uninstalling the app triggers automatic deletion of your data
  • Data portability — you can export your shared stock configurations and sync history at any time
  • No customer PII — we never access or store end-customer personal information

7. Shopify mandatory webhooks

We handle the following mandatory Shopify privacy webhooks:

  • customers/data_request — we confirm we hold no customer personal data
  • customers/redact — acknowledged (no customer data to redact)
  • shop/redact — all store data is permanently deleted

8. Third-party services

  • Shopify — we interact with the Shopify Admin API to read products and set inventory levels
  • Fly.io — application hosting and database
  • BetterStack and Sentry — production logs and error monitoring
  • PostHog — product analytics when configured
  • Slack — operational install, uninstall, and billing notifications when configured
  • Anthropic — optional setup suggestions from product titles, product descriptions, variant titles, SKUs, and accepted shared-stock pool names

9. Contact

For privacy inquiries or data requests, contact:
Josef Richter
Email: josef.richter@me.com
Location: Czech Republic, EU