Legal
Last updated: July 11, 2026 · Effective: July 11, 2026
This Privacy Policy explains how [YOUR LEGAL ENTITY] (“Restock”, “we”, “us”) collects, uses, shares and protects personal data when you visit our website, join our waitlist, or install and use the Restock app for Shopify (the “App”).
We are the data controller for personal data collected through our website and waitlist. When you install the App on your Shopify store, you (the merchant) are the controller of your customers’ personal data, and we act as your data processor.
With the permissions you approve at install, the App accesses store data needed to run inventory workflows:
We do not receive or store payment card numbers. Billing is handled by Shopify.
restock_waitlist_joined) so we don’t show you the form again. It stays on your device and we cannot read it remotely.We do not use advertising cookies, third-party trackers, or cross-site profiling.
We do not sell personal data, and we do not share it with advertisers.
| Purpose | Legal basis |
|---|---|
| Providing the App to a merchant | Performance of a contract |
| Waitlist emails | Consent (withdraw any time) |
| Security, fraud prevention, debugging | Legitimate interests |
| Processing merchant customer data | Processing on the merchant’s documented instructions |
| Tax, accounting and legal records | Legal obligation |
We share data only with service providers (“subprocessors”) who help us run Restock, under contracts that require them to protect it:
| Provider | Purpose | Data |
|---|---|---|
| Shopify Inc. | App platform and billing | Store, product, inventory and order data |
| Vercel Inc. | Website hosting | Log data, IP address |
| Formspree Inc. | Waitlist form delivery | Email address you submit |
| [YOUR EMAIL PROVIDER] | Sending waitlist and support email | Email address |
We may also disclose data if required by law, or as part of a merger or acquisition — in which case we will notify you before your data becomes subject to a different privacy policy.
Our providers may process data outside your country, including in the United States. Where data leaves the UK/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
As required by Shopify, the App responds to the mandatory GDPR/privacy webhooks:
customers/data_request — we provide the merchant with any personal data we hold about the named customer.customers/redact — we erase personal data we hold about the named customer.shop/redact — 48 hours after uninstall, Shopify notifies us and we erase the store’s data on our systems.Merchants can also contact us directly to request access, export or deletion at any time.
Depending on where you live, you may have the right to:
California residents: we do not sell or share personal information as defined by the CCPA/CPRA, and we will not discriminate against you for exercising your rights.
To exercise any right, email hello@restockpos.com. We respond within 30 days.
We protect data with encryption in transit (TLS), encryption at rest, least-privilege access controls, and regular patching. Access to production data is limited to staff who need it. No system is perfectly secure, but if a breach affects your personal data we will notify you and the relevant regulator as required by law.
Restock is a business tool and is not directed at children under 16. We do not knowingly collect their personal data.
We may update this policy as the App evolves. We will change the “Last updated” date above and, for material changes, notify you by email or in the App before they take effect.
[YOUR LEGAL ENTITY]
[REGISTERED ADDRESS]
Email: hello@restockpos.com
If you are in the UK/EU and have concerns we have not resolved, you may complain to your local supervisory authority.