Restock ("the app", "we") helps merchants notify shoppers when a sold-out product is available again. This policy explains what we collect and why.
From shoppers (people who ask to be notified): - Email address. - Which product and variant they asked to be notified about. - The date they signed up.
That is all. We do not collect names, payment details, browsing history, or any other personal data from shoppers.
From merchants (stores that install the app): - The store's domain. - An access token that lets the app read products and inventory (encrypted at rest). - Store-level settings you configure (button text, email copy, sender name).
We use the following processors strictly to run the service: - Supabase - database hosting. - Resend - sending the notification emails. - Cloudflare - application hosting. - Shopify - the platform the app runs on.
We do not sell personal data to anyone.
Every notification email contains a one-click unsubscribe link. Shoppers may also contact
the merchant to be removed. When a merchant or Shopify sends a data-deletion request
(GDPR customers/redact / shop/redact), we delete the relevant data promptly.
Shopper waitlist entries are retained until the notification is sent and for the
merchant's reference thereafter, or until deletion is requested or the merchant
uninstalls and requests redaction. Merchant data is deleted on the shop/redact request.
Access tokens are encrypted at rest. All data is transmitted over HTTPS. Access to the database is restricted to the application's server.
Sandeep Kumar - workupsandy@gmail.com For data requests: workupsandy@gmail.com