Privacy Policy
Last updated: April 2026
Overview
Inventory AI ("we", "our", or "the App") is a Shopify application that provides inventory forecasting and sales analytics. This Privacy Policy explains what data we collect, how we use it, and your rights as a merchant or end-customer.
1. Data We Collect
When you install Inventory AI on your Shopify store, we collect the following via Shopify's API:
- Store information — shop domain, store name, contact email, country
- Products & variants — titles, SKUs, prices, inventory quantities
- Orders & line items — order values, quantities, fulfillment status, discount codes, source channel, billing geography (city, province, country)
- Collections — product categorisation data
- Refunds — returned quantities and amounts
Customer emails are never stored in plain text. If an order contains a customer email, it is immediately hashed using SHA-256 before being saved. We cannot recover the original email address from this hash.
2. How We Use Your Data
All collected data is used exclusively to provide the App's features:
- Generating demand forecasts and reorder recommendations
- Displaying inventory, sales velocity, and returns analytics
- Sending you email alerts when SKUs need reordering
- Improving forecast model accuracy over time
We do not sell your data, use it for advertising, or share it with third parties.
3. Data Storage & Security
Your data is stored in Cloudflare's D1 database infrastructure, hosted in data centers within the United States and European Union. Data in transit is encrypted via TLS. Access to the database is restricted to authenticated API requests using signed JWT tokens.
4. Data Retention & Deletion
Your store data is retained for as long as Inventory AI is installed on your Shopify store. When you uninstall the App:
- Shopify sends us a
shop/redactwebhook - All store data — including products, orders, forecasts, and hashed customer signals — is permanently deleted within 48 hours
You can also request immediate deletion by emailing support@insights.sale.
5. GDPR & Customer Rights
We comply with Shopify's GDPR requirements and the EU General Data Protection Regulation. We handle the following mandatory Shopify GDPR webhooks:
- customers/data_request — we acknowledge the request within 30 days. Since we only store hashed email addresses, no personally identifiable customer data can be provided.
- customers/redact — we remove the customer's hashed signal record from our database.
- shop/redact — we delete all data for the store within 48 hours of uninstall.
6. Third-Party Services
We use the following sub-processors:
- Cloudflare Workers & D1 — compute and database hosting
7. Cookies
The App dashboard does not use cookies for tracking. Authentication is handled via a short-lived JWT token stored in your browser's localStorage, which is cleared when you sign out.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or the App dashboard. The "last updated" date at the top of this page reflects the most recent revision.
9. Contact
For privacy questions, data requests, or deletion requests, please contact us at support@insights.sale.