Privacy Policy

Last updated: April 13, 2026

1. About StockLock

StockLock ("we", "our", "the app") is a Shopify application that synchronises inventory quantities across two Shopify stores owned or operated by the same merchant. This policy explains what data we collect, how we use it, and how it is protected.

2. Data We Collect

We collect and store only the minimum data required to operate the service:

• Store credentials — your Shopify store domain and OAuth access token, obtained during the Shopify app installation flow. These are stored in our database and used solely to call the Shopify Admin API on your behalf.
• Product and inventory data — product variant IDs, SKUs, and inventory quantities fetched from your connected stores. This data is used to detect and propagate inventory changes.
• Webhook payloads — Shopify sends inventory-level update webhooks to StockLock. We process these payloads transiently and log a summary (SKU, quantity delta, result) for your review in the Sync Log.
• Billing information — Shopify manages payment processing directly. We store only a subscription ID and status returned by Shopify Managed Pricing; no card numbers or payment details are stored by StockLock.

3. How We Use Your Data

• To authenticate API requests to your connected Shopify stores.
• To detect inventory changes on one store and apply the equivalent relative adjustment to the paired store.
• To display a Sync Log and discrepancy report inside the app.
• To enforce plan limits and manage your subscription.

We do not sell, rent, or share your data with third parties for marketing purposes.

4. Data Retention

Store credentials and inventory records are retained for as long as your workspace is active. Sync log entries are retained for up to 90 days. When you uninstall StockLock from all stores in your workspace, your access tokens are invalidated and your store record is marked inactive. You may request full deletion of your data by emailing us at the address below.

5. Security

All data is stored in a managed PostgreSQL database with TLS encryption in transit. Access tokens are stored encrypted at rest. All inbound Shopify webhooks are validated using HMAC-SHA256 signatures before processing.

6. Third-Party Services

StockLock uses the following third-party services:

• Shopify — as the host platform. Your data is subject to Shopify's Privacy Policy in addition to this policy.
• DigitalOcean — for application and database hosting in the United States (or your selected region).

7. Your Rights

Depending on your jurisdiction you may have rights to access, correct, or delete your personal data. To exercise these rights, or with any privacy questions, contact us at:

Email: [email protected]

8. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of StockLock after changes are posted constitutes acceptance of the updated policy.