Stocklyst
PricingSign InStart Free Trial

Privacy Policy

Effective Date: February 15, 2026

Stocklyst ("we", "our", or "us") provides an inventory management platform available as a web application and mobile app. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect your email address and optionally your full name and profile photo. We use passwordless authentication — a 6-digit verification code is sent to your email each time you sign in. We do not collect or store passwords.

Business Data

You provide business data including company details, branch locations, storage zones, inventory items (names, SKUs, descriptions, pricing, quantities, product images), stock transfers, and bundles. This data is created and managed entirely by you and your team.

Usage Data

We collect search queries within the app to improve search results and identify demand patterns. We maintain activity logs that record actions taken within the platform (such as creating items, completing transfers, or adjusting quantities) for audit trail purposes. These logs may include your IP address and browser user agent.

Device Information

Our mobile app requests camera access solely for barcode scanning. We do not collect location data, device identifiers, or biometric information. The mobile app stores a local copy of your data on your device for offline functionality.

2. How We Use Your Information

  • To provide and operate the inventory management service
  • To authenticate your identity and maintain your session
  • To sync data between your devices (web and mobile)
  • To send verification codes and team invitation emails
  • To maintain audit trails for your business records
  • To calculate stock levels, reorder points, and demand alerts
  • To enforce rate limits and prevent abuse

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase with row-level security (RLS) policies that isolate each company's data. Product images are stored in Supabase Storage. All data is encrypted in transit (TLS) and at rest.

Session tokens are stored in HTTP-only secure cookies. The mobile app stores an encrypted local copy of your data in SQLite for offline access.

4. Third-Party Services

We use the following third-party services to operate Stocklyst:

  • Supabase — Database hosting, authentication, and file storage
  • Resend — Transactional email delivery (verification codes, team invitations)
  • Vercel — Web application hosting
  • Expo (EAS) — Mobile app build and distribution
  • Vercel Analytics — Privacy-focused web analytics to understand usage patterns. Loaded only with your consent via our cookie banner.
  • Vercel Speed Insights — Performance monitoring to measure page load times and identify bottlenecks. Loaded only with your consent via our cookie banner.
  • Sentry — Error monitoring service that receives error details and anonymized session data to help us identify and fix issues.

These services process data only as necessary to provide their respective functions. Each service maintains its own privacy policy and security practices.

5. Cookies and Local Storage

Authentication Cookies

We use HTTP-only secure cookies to maintain your authentication session. These are essential for the service to function and cannot be disabled.

Local Storage

We use browser localStorage to store your preferences (selected branch, view mode, sort order) and your cookie consent choice.

Analytics Cookies

Vercel Analytics and Speed Insights are loaded only after you provide explicit consent via our cookie consent banner. If you reject analytics cookies, these services are never loaded and no analytics data is collected.

Error Monitoring

Sentry error monitoring runs automatically under our legitimate interest in maintaining service reliability. It collects error details and anonymized session data but does not use tracking cookies.

Managing Your Preferences

You can reset your cookie consent choice at any time by clearing your browser's localStorage for this site. The cookie consent banner will reappear on your next visit.

6. Data Retention

Your account and business data is retained for as long as your account is active. Activity logs and audit trails are retained indefinitely for business compliance purposes. Verification codes expire and are deleted after 10 minutes. Team invitations and ownership transfer tokens expire after 7 days.

7. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract — Processing your account information and business data is necessary to provide the inventory management service you signed up for.
  • Consent — Analytics cookies (Vercel Analytics and Speed Insights) are loaded only after you provide explicit consent via our cookie banner. You may withdraw consent at any time by clearing your localStorage.
  • Legitimate Interest — Error monitoring (Sentry) and security logging are necessary to maintain service reliability, investigate issues, and protect against abuse.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your business data

To exercise any of these rights, contact us at support@stocklyst.com.

9. Children's Privacy

Stocklyst is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

support@stocklyst.com