Effective Date: February 15, 2026
Stocklyst ("we", "our", or "us") provides an inventory management platform available as a web application and mobile app. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
When you create an account, we collect your email address and optionally your full name and profile photo. We use passwordless authentication — a 6-digit verification code is sent to your email each time you sign in. We do not collect or store passwords.
You provide business data including company details, branch locations, storage zones, inventory items (names, SKUs, descriptions, pricing, quantities, product images), stock transfers, and bundles. This data is created and managed entirely by you and your team.
We collect search queries within the app to improve search results and identify demand patterns. We maintain activity logs that record actions taken within the platform (such as creating items, completing transfers, or adjusting quantities) for audit trail purposes. These logs may include your IP address and browser user agent.
Our mobile app requests camera access solely for barcode scanning. We do not collect location data, device identifiers, or biometric information. The mobile app stores a local copy of your data on your device for offline functionality.
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for marketing purposes.
Your data is stored in a PostgreSQL database hosted by Supabase with row-level security (RLS) policies that isolate each company's data. Product images are stored in Supabase Storage. All data is encrypted in transit (TLS) and at rest.
Session tokens are stored in HTTP-only secure cookies. The mobile app stores an encrypted local copy of your data in SQLite for offline access.
We use the following third-party services to operate Stocklyst:
These services process data only as necessary to provide their respective functions. Each service maintains its own privacy policy and security practices.
We use HTTP-only secure cookies to maintain your authentication session. These are essential for the service to function and cannot be disabled.
We use browser localStorage to store your preferences (selected branch, view mode, sort order) and your cookie consent choice.
Vercel Analytics and Speed Insights are loaded only after you provide explicit consent via our cookie consent banner. If you reject analytics cookies, these services are never loaded and no analytics data is collected.
Sentry error monitoring runs automatically under our legitimate interest in maintaining service reliability. It collects error details and anonymized session data but does not use tracking cookies.
You can reset your cookie consent choice at any time by clearing your browser's localStorage for this site. The cookie consent banner will reappear on your next visit.
Your account and business data is retained for as long as your account is active. Activity logs and audit trails are retained indefinitely for business compliance purposes. Verification codes expire and are deleted after 10 minutes. Team invitations and ownership transfer tokens expire after 7 days.
We process your data under the following legal bases:
You have the right to:
To exercise any of these rights, contact us at support@stocklyst.com.
Stocklyst is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.
If you have questions about this Privacy Policy or our data practices, contact us at: