Privacy Policy

This Privacy Policy explains how Stoccly ApS ("Stoccly," "we," "us," or "our") collects, uses, shares, stores, and protects personal data when you visit our website, create an account, use our inventory and production management platform, contact us, or otherwise interact with our services.

Stoccly ApS is a Danish company. Our contact details are:

Stoccly ApS
CVR no.: 42825050
Address: Provstevænget 5, 4000 Roskilde, Denmark
Email: hello@stoccly.com
Website: https://stoccly.com

This Privacy Policy is intended to comply with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other applicable data protection laws where relevant.

1. Scope

This Privacy Policy applies to:

• visitors to our website;
• customers, trial users, account administrators, and authorized users of the Stoccly platform;
• people who contact us for support, sales, partnerships, billing, or other enquiries;
• recipients of our marketing communications;
• suppliers, partners, and business contacts.

The Stoccly platform is primarily intended for business use. Where a customer uses Stoccly to upload, manage, or process information about its own employees, suppliers, customers, products, purchase orders, inventory, warehouses, or production processes, Stoccly normally acts as a data processor on behalf of that customer. In those cases, the customer is the data controller, and Stoccly processes personal data according to the customer's instructions and our Data Processing Agreement.

This Privacy Policy mainly describes how Stoccly processes personal data as a data controller, for example in relation to account administration, billing, security, website analytics, marketing, support, and business communications.

2. Personal Data We Collect

We may collect and process the following categories of personal data.

2.1 Account and user data

This may include name, work email address, phone number, company name, job title, user role, login credentials, authentication data, account settings, workspace membership, user permissions, and subscription details.

2.2 Customer and business data

This may include company information, billing information, tax or VAT details, plan type, payment status, purchase history, invoices, customer notes, sales communications, support history, and contract records.

2.3 Platform usage data

This may include logins, actions performed in the platform, feature usage, warehouse or inventory-related workflows, audit logs, access logs, device type, browser type, operating system, IP address, approximate location, timestamps, error logs, performance data, and security events.

2.4 Support and communication data

This may include messages, emails, support tickets, chat messages, call notes, meeting notes, attachments, feedback, survey responses, and other information you provide when communicating with us.

2.5 Website and analytics data

This may include pages visited, referral URLs, UTM parameters, interaction events, cookie identifiers, device identifiers, browser information, approximate location, session data, and similar online identifiers.

2.6 Marketing data

This may include contact details, marketing preferences, email engagement, campaign interactions, demo requests, newsletter subscriptions, and information about your interests in Stoccly's products and services.

2.7 Payment data

Payments may be processed by third-party payment providers. Stoccly may receive limited payment information such as billing name, billing address, payment status, invoice details, transaction identifiers, card brand, and partial card details. We do not intentionally store full payment card numbers unless expressly stated and handled by a compliant payment provider.

2.8 Customer-uploaded data

When customers use Stoccly, they may upload or generate data relating to inventory items, SKUs, suppliers, warehouses, purchase orders, bills of materials, production records, users, and related business operations. Some of this information may contain personal data, such as supplier contact names, employee user accounts, comments, notes, or audit logs. Stoccly generally processes this data as a processor on behalf of the customer.

3. How We Collect Personal Data

We collect personal data:

• directly from you when you create an account, request a demo, start a trial, contact us, subscribe to communications, or use the platform;
• automatically through cookies, logs, analytics tools, and similar technologies;
• from your company or account administrator when they invite you to use Stoccly;
• from third-party services you connect to Stoccly, such as payment providers, authentication providers, email providers, or integrations;
• from public sources and business databases where permitted by law, for example for B2B sales and marketing.

4. Purposes and Legal Bases

We process personal data for the purposes and legal bases below.

4.1 Providing the service

We process account, user, platform, and customer data to create accounts, provide access, operate the platform, enable inventory and production workflows, manage subscriptions, provide support, and deliver the services requested by customers.

Legal basis: Performance of a contract or steps prior to entering into a contract; legitimate interests in operating and delivering a B2B SaaS service.

4.2 Account administration and billing

We process customer, billing, subscription, and payment-related data to manage plans, invoices, payments, renewals, account records, and customer communications.

Legal basis: Performance of a contract; compliance with legal obligations; legitimate interests in managing our customer relationships.

4.3 Security, fraud prevention, and service integrity

We process logs, usage data, device data, IP addresses, authentication data, and audit data to protect accounts, detect unauthorized access, investigate suspicious activity, prevent abuse, debug errors, maintain availability, and secure the platform.

Legal basis: Legitimate interests in securing our services and protecting customers; compliance with legal obligations where applicable.

4.4 Product improvement and analytics

We process usage, performance, analytics, and feedback data to understand how the service is used, improve features, develop new functionality, fix bugs, measure performance, and improve usability.

Legal basis: Legitimate interests in improving and developing our services. Where required by law, we rely on consent for non-essential cookies or similar technologies.

4.5 Customer support

We process communication, support, account, and technical data to respond to enquiries, troubleshoot issues, provide guidance, and manage support requests.

Legal basis: Performance of a contract; legitimate interests in assisting customers and users.

4.6 Marketing and sales

We process contact, company, marketing, and communication data to send product updates, newsletters, offers, event invitations, onboarding messages, and other B2B marketing communications, subject to applicable marketing laws.

Legal basis: Consent where required; legitimate interests in marketing similar B2B products and services; compliance with applicable direct marketing rules.

You can opt out of marketing emails at any time by using the unsubscribe link or contacting us.

4.7 Legal compliance and dispute handling

We process personal data where necessary to comply with accounting, tax, corporate, data protection, sanctions, regulatory, or legal obligations, and to establish, exercise, or defend legal claims.

Legal basis: Compliance with legal obligations; legitimate interests in protecting our rights and managing disputes.

5. Cookies and Similar Technologies

We may use cookies, pixels, SDKs, local storage, and similar technologies to operate our website and platform, remember preferences, secure sessions, analyze usage, improve performance, and support marketing.

Cookies may include:

• strictly necessary cookies, required for website and platform functionality;
• preference cookies, used to remember settings;
• analytics cookies, used to understand traffic and usage;
• marketing cookies, used to measure campaigns and deliver relevant communications.

Where required by law, we request consent before placing non-essential cookies. You can manage cookies through our cookie banner, browser settings, or other tools we make available.

6. Sharing Personal Data

We may share personal data with:

• hosting and infrastructure providers;
• database, storage, and cloud service providers;
• authentication and security providers;
• payment and billing providers;
• email, communication, CRM, and support tools;
• analytics and product improvement tools;
• professional advisers, including lawyers, accountants, auditors, and insurers;
• authorities, courts, regulators, or law enforcement where required by law or necessary to protect rights and safety;
• buyers, investors, lenders, or advisers in connection with a merger, acquisition, financing, restructuring, or sale of assets.

We do not sell personal data in the ordinary sense. If any applicable law defines certain analytics or advertising activities as a "sale" or "sharing," we will provide any required rights or opt-outs.

7. International Transfers

Stoccly is based in Denmark. We may use service providers located in the EU/EEA and in other countries. Where personal data is transferred outside the EU/EEA or another jurisdiction with equivalent protection, we will use appropriate safeguards where required, such as the European Commission's Standard Contractual Clauses, adequacy decisions, transfer impact assessments, supplementary security measures, or other lawful transfer mechanisms.

8. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention criteria include:

• account data is retained while the account is active and for a reasonable period after closure;
• customer and billing records are retained as required for accounting, tax, and audit purposes;
• support records are retained as needed to provide service history and resolve issues;
• security logs are retained for a limited period unless needed for investigation or legal purposes;
• marketing data is retained until you unsubscribe or object, subject to suppression lists needed to respect your preferences;
• customer-uploaded platform data is retained according to the customer agreement, product functionality, backup cycles, and deletion practices.

When personal data is no longer needed, we will delete, anonymize, or securely archive it in accordance with applicable law and our internal retention practices.

9. Security

We use commercially reasonable technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, disclosure, or misuse. These measures may include access controls, authentication, encryption in transit, logging, monitoring, backups, least-privilege access, and vendor review processes.

No system or transmission method is completely secure. You are responsible for maintaining strong passwords, protecting login credentials, managing user permissions, and promptly notifying us of suspected unauthorized access.

10. Your Data Protection Rights

Depending on your location and the applicable law, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data;
• request restriction of processing;
• object to processing based on legitimate interests;
• object to direct marketing;
• request data portability;
• withdraw consent where processing is based on consent;
• lodge a complaint with a supervisory authority.

If you are in Denmark, the relevant supervisory authority is Datatilsynet.

To exercise your rights, contact us at hello@stoccly.com. We may need to verify your identity before responding. Where Stoccly processes personal data as a processor on behalf of a customer, we may refer your request to the relevant customer, who is responsible for responding as controller.

11. Data Processing on Behalf of Customers

When Stoccly processes customer-uploaded workspace data on behalf of a customer, Stoccly acts as data processor and the customer acts as data controller. In those cases:

• the customer determines the purposes and means of processing;
• Stoccly processes the data according to the customer's instructions;
• the customer is responsible for ensuring that it has a lawful basis for the data it uploads or connects to Stoccly;
• the customer is responsible for responding to data subject requests relating to customer-controlled data;
• Stoccly will support the customer as required under the applicable Data Processing Agreement.

Customers should ensure that their own employees, suppliers, contractors, and other relevant individuals receive appropriate privacy information about how their personal data is used in Stoccly.

12. Children

The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate authorization, we will take steps to delete it.

13. Automated Decision-Making

Stoccly may provide automated calculations, predictions, reorder suggestions, stockout alerts, analytics, and operational insights based on inventory and usage data. These features are intended to support business decision-making and do not produce legal or similarly significant effects for individuals within the meaning of GDPR Article 22, unless expressly stated otherwise.

Customers and users remain responsible for reviewing and approving operational decisions, including purchasing, production, supplier, inventory, and financial decisions.

14. Third-Party Links and Services

Our website or platform may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party services. You should review the privacy policies of any third-party services you use or connect to Stoccly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice by updating the date above, posting the revised policy on our website, sending an email, or providing an in-product notice where appropriate.

Your continued use of the Service after an updated Privacy Policy becomes effective means that you have been informed of the updated practices. Where required by law, we will request renewed consent.

16. Contact

If you have questions about this Privacy Policy or how Stoccly processes personal data, contact:

Stoccly ApS
CVR no.: 42825050
Address: Provstevænget 5, 4000 Roskilde, Denmark
Email: hello@stoccly.com

You also have the right to lodge a complaint with the Danish Data Protection Authority:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Website: https://www.datatilsynet.dk