This Privacy Policy for Stoki One ('we', 'us', or 'our') describes how and why we may access, collect, store, use, and/or share ('process') your personal information when you use our services ('Services'), including when you:
- Visit our website at https://www.usestoki.com, or any website of ours that links to this Privacy Policy
- Use Stoki One — a stock-synchronisation app for online sellers that connects to your sales channels (such as Shopify, eBay, and Etsy) and automatically keeps your stock levels accurate across all of them, so a sale on one channel updates the others and you never oversell
- Engage with us in other related ways, including any support or communications
Summary of key points
This summary provides key points from our Privacy Policy. You can find more detail in each section below.
What personal information do we process? When you use our Services, we process the account information you give us (name, email, username, password) and the product and order data we receive from the sales channels you connect.
Do we process any sensitive personal information? No. We do not process sensitive personal information.
From the sales channels you connect, we receive only the order reference and the product and quantity sold. We do not read or store your customers' personal information — no names, addresses, emails, phone numbers, or payment details.
How do we process your information? To provide, operate, and improve our Services, to communicate with you, for security and fraud prevention, and to comply with law. We process your information only where we have a valid legal reason.
With whom do we share personal information? Only with the service providers that run our platform. We do not sell or share your personal information for advertising or any other purpose.
How do we keep your information safe? We use appropriate technical and organisational security measures. No method is perfectly secure, so we cannot guarantee absolute security.
What are your rights? Depending on where you live, you may have rights to access, correct, update, or delete your personal information.
How do you exercise your rights? The easiest way is by visiting https://usestoki.com/contact, or by contacting us.
1. What information do we collect?
Personal information you disclose to us
We collect personal information that you voluntarily provide when you register on the Services, participate in activities on the Services, or otherwise contact us. This may include:
- names
- email addresses
- usernames
- passwords
We do not collect phone numbers, payment card numbers, or billing addresses directly. Payments, when introduced, will be handled by a third-party payment processor (such as Stripe) — we do not store your card details.
Sensitive Information. We do not process sensitive information.
Information automatically collected
We automatically collect certain information when you use the Services. It does not reveal your specific identity but may include:
- Log and usage data — service, diagnostic, usage, and performance information such as IP address, browser type and settings, and information about your activity in the Services (date/time stamps, pages viewed, features used), and device event information such as error reports.
- Device data — information about the device you use to access the Services, such as device identifiers, operating system, hardware model, and IP address.
We do not collect location data — we do not track your physical whereabouts or geolocation.
Information collected from other sources
Central to how Stoki One works: when you connect a sales channel (such as Shopify, eBay, or Etsy), we receive data through that platform's API, including:
- Product information — titles, photos, prices, and stock levels.
- Order information — the order reference number and the product and quantity sold, so we can keep your stock counts correct. We do not read or store your customers' names, addresses, emails, phone numbers, or payment details.
We receive this data only to keep your stock numbers synchronised and accurate across your channels.
Access tokens for connected stores. To connect your channels, we store access tokens (the secure credentials that let us read your products and receive order notifications). These are stored securely and used only to operate the synchronisation service. When you disconnect a channel or delete your account, the associated tokens are deleted.
2. How do we process your information?
We process your personal information for the following reasons:
- To create and manage your account — so you can register, log in, and keep your account in working order.
- To deliver the Services to you — to provide the stock-synchronisation service you signed up for.
- To keep your stock synchronised — we process the product and order data we receive from your connected channels to keep your stock numbers accurate everywhere.
- To respond to your enquiries and provide support.
- To send you administrative information — such as changes to our terms and policies, and service messages.
- To request feedback — to contact you about your use of our Services.
- To protect our Services — including fraud monitoring and prevention.
- To identify usage trends — to understand how the Services are used so we can improve them.
- To save or protect a person's vital interests — where necessary to prevent harm.
We do not process your information for targeted advertising, marketing campaigns, or profiling.
3. What legal bases do we rely on to process your information?
If you are located in the EU or UK, this section applies to you.
The GDPR and UK GDPR require us to explain the legal bases we rely on. These may include:
- Consent — where you have given us permission for a specific purpose. You can withdraw consent at any time.
- Performance of a contract — where processing is necessary to deliver the Services you signed up for. This is our main basis.
- Legitimate interests — where reasonably necessary and fair to you, for example to analyse how our Services are used so we can improve them, to diagnose problems and prevent fraud, and to understand how sellers use our Services.
- Legal obligations — where necessary to comply with the law.
- Vital interests — where necessary to protect someone's vital interests.
If you are located in Canada, this section applies to you.
We may process your information where you have given express consent, or where consent can be implied. You can withdraw consent at any time. In some exceptional cases permitted by law, we may process information without consent (for example, for fraud detection and prevention, where collection is clearly in an individual's interest and consent cannot be obtained in time, or where required by a subpoena, warrant, or court order).
4. When and with whom do we share your personal information?
Service providers. We share data with third-party providers who perform services for us and need access to do that work. We have contracts (data processing agreements) in place with them. They cannot use your information for anything except the work we instruct, and they may not share it with anyone except us.
The types of service providers we share with are:
- Cloud computing and data storage providers
- Website hosting providers
- User account registration & authentication services
- Communication tools (e.g. transactional/service email)
- Performance monitoring tools (error diagnostics)
- AI platforms (for the product-categorisation feature in Section 6)
- Connected e-commerce sales channels (the platforms you choose to connect, such as Shopify, eBay, and Etsy)
We do not share your information with third-party advertisers, ad networks, marketing partners, business affiliates, or business partners.
Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
4A. How we handle order data
When you connect a sales channel, Stoki One reads only what it needs to keep your stock in sync: the product, the quantity, the order reference number, and the sale amount. We do not read or store your customers' personal data — no names, addresses, emails, phone numbers, or payment information. Because we never hold your customers' personal data, there is nothing for us to process on their behalf, sell, market to, or share.
5. Do we use cookies and other tracking technologies?
We use cookies and similar technologies only to keep you securely signed in, to maintain the security of the Services and your account, prevent crashes, fix bugs, and support basic site functions.
We do not use advertising cookies, analytics cookies, third-party tracking cookies, or any cookies for targeted advertising. We do not sell or share information through tracking technologies.
Specific information is set out in our Cookie Policy: https://usestoki.com/cookie-policy.
6. Do we offer artificial intelligence-based products?
As part of our Services, we offer tools powered by AI ('AI Products') to help you manage your stock.
Use of AI technologies. We provide the AI Products through a third-party provider, Anthropic (Claude / Haiku). Your input and the relevant product information are processed by this provider to enable the feature.
Our AI Products are designed for:
- Categorisation / classification of products
7. Is your information transferred internationally?
Our servers are located in the United States. Your information may be transferred to, stored, and processed by us and by the service providers described above, including in the United States and other countries.
If you are in the EEA, UK, or Switzerland, these countries may not have equivalent data protection laws. Where we transfer personal information out of the UK or EEA, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, which can be provided on request.
8. How long do we keep your information?
We keep your personal information for as long as you have an account with us, unless a longer retention period is required or permitted by law (such as tax or accounting requirements). When we no longer need it, we will delete or anonymise it, or securely isolate it until deletion is possible.
9. How do we keep your information safe?
We use appropriate measures including row-level security on our database (each account can access only its own data), cryptographic verification of incoming data from connected channels, an anti-bot security check on sign-up and sign-in, input validation, and rate-limiting to prevent abuse. No transmission or storage is perfectly secure, so we cannot guarantee absolute security. In the event of a personal data breach likely to result in a risk to your rights, we will notify the relevant authority within 72 hours where required, and affected individuals where the law requires.
10. Do we collect information from minors?
Stoki One is a business tool intended for users aged 18 and over. We do not knowingly collect information from anyone under 18, and the Services are not directed at children. By using the Services, you represent that you are at least 18. If we learn we have collected information from a child, we will deactivate the account and delete the data. If you become aware of any such data, please contact us at contact@usestoki.com.
11. What are your privacy rights?
In some regions (such as the EEA, UK, Switzerland, and Canada) you have rights under data protection law, which may include the right to: request access to and a copy of your personal information; request correction or erasure; restrict or object to processing; and data portability. You can make a request using the contact details in Section 16.
If you are in the EEA or UK and believe we are unlawfully processing your information, you may complain to your local data protection authority (in the UK, the Information Commissioner's Office). If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent. Where we rely on your consent, you may withdraw it at any time by contacting us. This will not affect the lawfulness of processing before withdrawal.
Cookies and similar technologies. Most browsers accept cookies by default; you can usually set your browser to remove or reject them, though this may affect certain features. See our Cookie Policy: https://usestoki.com/cookie-policy.
Account information
You may review or change your account information, or terminate your account, by logging into your account settings or contacting us. On termination we will deactivate or delete your account and information, though we may retain some information to prevent fraud, comply with legal requirements, or enforce our terms.
12. Controls for do-not-track features
Most browsers and some mobile systems include a Do-Not-Track ('DNT') feature. No uniform technology standard for recognising DNT signals has been finalised. As such, we do not currently respond to DNT signals. If a standard is adopted in future, we will inform you in a revised version of this Privacy Policy.
13. Do United States residents have specific privacy rights?
The categories of personal information we have collected and disclosed to service providers are:
| Category | Collected | Disclosed |
|---|
| A. Identifiers (name, email, username, account/online identifiers, IP address) | Yes | Yes |
| B. Customer records as defined by applicable US state law | No | No |
| C. Protected classification characteristics | No | No |
| D. Commercial information (order/transaction data) | Yes | Yes |
| E. Biometric information | No | No |
| F. Internet or other electronic network activity (diagnostic/usage data) | Yes | Yes |
| G. Geolocation data | No | No |
| H. Audio, electronic, sensory information | No | No |
| I. Professional or employment information | No | No |
| J. Education information | No | No |
| K. Inferences / consumer profiles | No | No |
| L. Sensitive personal information | No | No |
We retain each collected category for as long as you have an account with us. We have not sold or shared any personal information in the preceding twelve months. We have disclosed Categories A, D, and F to service providers for a business purpose (to operate the Services). The categories of providers are listed in Section 4.
Your rights
Under certain US state laws you may have the right to: know whether we process your data; access it; correct inaccuracies; request deletion; obtain a copy; non-discrimination for exercising your rights; and opt out of processing for targeted advertising, the sale of personal data, or profiling. Because we do not sell or share personal data or run targeted advertising or profiling, there is nothing to opt out of in that respect. Depending on your state, you may also have rights to a list of third parties we disclose to, and to limit use of sensitive data.
How to exercise your rights
Submit a request at https://usestoki.com/contact or email contact@usestoki.com. We may need to verify your identity before acting. You may use an authorised agent where the law allows.
Appeals
If we decline to act on your request, you may appeal by emailing contact@usestoki.com. We will respond in writing with our reasons. If your appeal is denied, you may complain to your state attorney general.
California 'Shine the Light' law
California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information for third-party direct marketing, so there is nothing to report, but you may submit such a request using the contact details in Section 16.
14. Do other regions have specific privacy rights?
Australia and New Zealand
We collect and process your personal information under Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. This Privacy Policy satisfies the notice requirements of both Acts. At any time you may request access to or correction of your personal information using the contact details in Section 16. If you believe we are unlawfully processing your information, you may complain to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.
15. Do we make updates to this notice?
We may update this Privacy Policy from time to time. We will inform you before changes take effect and give at least 30 days' advance notice of material changes. Some changes may take effect immediately where necessary — for example to describe new functionality, address security issues, make bug fixes, or comply with a court order or legal requirement. The updated version is indicated by an updated 'Last updated' date.
16. How can you contact us about this notice?
If you have questions or comments about this notice, you may email us at contact@usestoki.com or use our contact form at https://usestoki.com/contact.
17. How can you review, update, or delete the data we collect from you?
Based on the applicable laws of your country or US state of residence, you may have the right to request access to the personal information we collect, details about how we process it, correct inaccuracies, or delete it. You may also have the right to withdraw your consent. To make a request, please visit https://usestoki.com/contact.