Privacy Policy

Last updated: 21 April 2026

1. Who we are

StockAlert ("we", "us") is a Shopify app that lets merchants collect email subscriptions from customers who want to be notified when an out-of-stock product is restocked. This page explains what data we collect, why, and how you can exercise your rights under the GDPR.

2. Data we collect

From end customers (visitors of merchant stores):

• Email address provided in the "Notify me" widget on an out-of-stock product page.
• Product reference (Shopify product/variant ID, title, image URL, handle) so we can send the restock email.
• Timestamps (subscribe, notified).
• IP address (transient, used only for rate-limiting abuse; never stored long term).

From merchants (installing the app):

• Shop domain (e.g. acme.myshopify.com).
• Shopify OAuth access token (encrypted, stored via Shopify's official session storage).
• Plan (free / starter / pro), configured via Shopify Billing.

3. Legal basis & purpose

The legal basis for processing end-customer email addresses is the customer's explicit consent (submitting the form). The data is used only to send a single transactional restock notification, on behalf of the merchant.

4. Who we share data with

• Resend (resend.com) — our email delivery provider. Customer emails are transmitted to Resend to send the restock notification, then purged from Resend per their retention policy.
• Neon (neon.tech) — our hosted Postgres database, located in the EU (Frankfurt).
• Vercel (vercel.com) — application hosting.
• Shopify — for authentication, webhooks, and billing.

We do not sell data. We do not share data with advertising networks.

5. Data retention

• Subscriber records are kept while the merchant's shop is active. When a merchant uninstalls the app, we mark the shop as uninstalled and purge its subscriber data within 48 hours (via Shopify's shop/redact webhook).
• Individual customer data-deletion requests (via customers/redact) are processed within 30 days.

6. Your rights (GDPR)

If you are a customer who submitted your email via the widget on a merchant's store, you have the right to:

• Access the data we hold about you.
• Request its deletion.
• Withdraw consent (no further emails will be sent).

Contact the merchant of the store where you subscribed first — they can trigger a data request through Shopify, which propagates to us. Alternatively, email us directly at support@stockalert.app and we'll respond within 30 days.

7. Security

All data is transmitted over HTTPS. Database connections use SSL. Merchant OAuth tokens are encrypted at rest. We enforce per-IP rate-limiting on public endpoints to mitigate abuse.

8. Contact

Questions about this policy: support@stockalert.app

Support · StockAlert