Restock - Privacy Policy

Restock ("the app", "we") helps merchants notify shoppers when a sold-out product is available again. This policy explains what we collect and why.

What we collect

From shoppers (people who ask to be notified): - Email address. - Which product and variant they asked to be notified about. - The date they signed up.

That is all. We do not collect names, payment details, browsing history, or any other personal data from shoppers.

From merchants (stores that install the app): - The store's domain. - An access token that lets the app read products and inventory (encrypted at rest). - Store-level settings you configure (button text, email copy, sender name).

How we use it

Who we share it with

We use the following processors strictly to run the service: - Supabase - database hosting. - Resend - sending the notification emails. - Cloudflare - application hosting. - Shopify - the platform the app runs on.

We do not sell personal data to anyone.

Shopper rights and unsubscribing

Every notification email contains a one-click unsubscribe link. Shoppers may also contact the merchant to be removed. When a merchant or Shopify sends a data-deletion request (GDPR customers/redact / shop/redact), we delete the relevant data promptly.

Data retention

Shopper waitlist entries are retained until the notification is sent and for the merchant's reference thereafter, or until deletion is requested or the merchant uninstalls and requests redaction. Merchant data is deleted on the shop/redact request.

Security

Access tokens are encrypted at rest. All data is transmitted over HTTPS. Access to the database is restricted to the application's server.

Contact

Sandeep Kumar - workupsandy@gmail.com For data requests: workupsandy@gmail.com