Legal

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how iinwentory ("we", "us", "the app") collects, uses, and protects your information when you use our mobile application and web dashboard.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a one-way hash by our authentication provider)
  • Full name
  • Optional business name and business address
  • Optional profile photo

Inventory Data

You provide content to the app, including:

  • Item names, SKUs, barcodes, quantities, prices, locations, and photos
  • Folder and tag organization
  • Pick lists and pick list comments
  • Stock counts and purchase orders
  • Team and team member information

Camera and Photos

  • The camera is used to scan barcodes and QR codes, and to take photos of inventory items.
  • The photo library is accessed only when you choose to select an existing photo as an item image.
  • We do not access, scan, or upload any photos other than those you explicitly choose to attach to an item or your profile.

Biometric Authentication

  • Face ID, Touch ID, and fingerprint data are used only on your device to unlock the app.
  • Biometric data never leaves your device and is never transmitted to our servers. The operating system handles all biometric verification.

Activity and Audit Logs

We log actions you take in the app (creating, editing, deleting items, pick list operations, etc.) for audit and team-collaboration purposes. These logs are tied to your user account and visible to members of your team.

Technical Information

  • Authentication session tokens (stored securely on your device)
  • Crash and diagnostic information may be collected by Apple App Store / Google Play Store via standard platform tooling

What we do NOT collect

  • Advertising identifiers
  • Location data
  • Contacts
  • Microphone audio (the RECORD_AUDIO permission appears as a dependency of the camera library but is not used by the app)
  • Browsing history outside the app

2. How We Use Your Information

We use the information we collect to:

  • Provide core inventory management features
  • Authenticate you and keep your account secure
  • Allow team members to collaborate on shared inventory
  • Provide an audit trail of changes
  • Respond to support requests
  • Comply with legal obligations

We do NOT sell your data, share it with advertisers, or use it for advertising purposes.

3. How Your Data Is Stored

  • Your data is stored in Supabase (PostgreSQL database and object storage), hosted in the EU West (Ireland) region.
  • All data in transit is encrypted via HTTPS/TLS.
  • All data at rest is encrypted by our infrastructure providers.
  • Item photos are stored in a private storage bucket accessible only to authenticated members of your team.
  • Row-level security policies enforce that you can only see and modify data belonging to you or your team.

4. Data Sharing

We share your data only as follows:

  • With members of your team: Other users in the same team can view and modify shared inventory data, pick lists, and team-level activity logs.
  • With our service providers: Supabase (authentication, database, storage). These providers process data on our behalf and are bound by their own privacy and security commitments.
  • When required by law: If we receive a valid legal request (subpoena, court order), we may be required to disclose data.

We do not sell, rent, or trade your personal information to third parties.

5. Your Rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

6. Data Retention

  • We retain your account and inventory data for as long as your account is active.
  • If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal, accounting, or security purposes.
  • Activity log entries may be retained for up to 12 months for audit purposes after account deletion.

7. Children's Privacy

iinwentory is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Permissions Summary (Android & iOS)

PermissionPurpose
CameraScan barcodes / QR codes, take item photos
Photo libraryLet you choose existing photos for items
Biometric / Face ID / FingerprintLocal app lock (data never leaves device)
InternetSync inventory data with our servers
Record audioDeclared as a dependency of the camera library; not used by the app

You can revoke any permission at any time in your device's system settings.

9. Security

We follow industry-standard practices to protect your information, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Strong password hashing
  • Row-level security on the database
  • Regular security review of dependencies

No system is perfectly secure. If you discover a vulnerability, please report it to the contact email below.

10. International Data Transfers

If you access the app from outside the European Union, your data will be transferred to and processed in the EU (where our infrastructure is hosted). By using the app, you consent to this transfer. Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for such transfers.

11. Third-Party Services

The app uses the following third-party services. Each has its own privacy policy:

  • Supabase — authentication, database, and file storage
  • Expo / EAS — over-the-air updates and build infrastructure
  • Apple App Store / Google Play Store — app distribution and standard platform diagnostics

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. For significant changes, we will notify you in the app or via email. Continued use of the app after changes take effect constitutes acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy or your data, please contact:

Email: hello@iinwentory.com

14. Cookies & Similar Technologies

The web dashboard uses a small number of strictly necessary technologies to keep you signed in and to remember your preferences:

  • Session storage / cookies: Hold your authentication token so you stay signed in between page loads.
  • Local storage: Caches non-sensitive UI preferences (theme, sidebar state, last-opened folder) on your device.

We do not use advertising cookies, third-party analytics that fingerprint users, cross-site trackers, or social-media pixels. You can clear these at any time from your browser settings; doing so will sign you out.

15. Marketing Communications

We send transactional emails (account verification, password resets, billing receipts, security alerts) by default — these are necessary for the service and cannot be opted out of while your account is active.

We will only send product-update or marketing emails if you explicitly opt in. You can unsubscribe at any time using the link in any such email, or by contacting us at the email above. Unsubscribing from marketing emails does not affect transactional emails.

16. Automated Decision-Making

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you. Low-stock alerts, reorder suggestions, and similar features operate on rules you configure yourself and never share inferences about you with third parties.

17. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where required by law. Where the breach poses a high risk to you specifically, we will also notify you directly without undue delay, describing the nature of the breach, the data affected, the likely consequences, and the steps we are taking to address it.

18. Account Security & Your Responsibilities

You are responsible for:

  • Keeping your password confidential and using a strong, unique password
  • Enabling biometric or device-level lock on shared devices
  • Promptly removing team members who no longer need access
  • Notifying us immediately at the contact email above if you suspect unauthorized access to your account

We are not liable for losses arising from credentials shared by you or compromised on your device.

19. Legal Bases for Processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:

  • Performance of a contract: To provide the inventory features you signed up for.
  • Legitimate interests: To secure the service, prevent fraud and abuse, and improve product quality. We balance these against your rights and freedoms.
  • Consent: For optional features such as marketing emails. You may withdraw consent at any time.
  • Legal obligation: Where we are required to retain or disclose data by applicable law.

20. Supervisory Authority & Complaints

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to address your concerns before you contact a regulator — please email us first and we will work with you to resolve the issue.

21. California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, the sources, and the purposes
  • Request access to and deletion of your personal information
  • Correct inaccurate personal information
  • Limit the use of sensitive personal information
  • Not be discriminated against for exercising any of these rights

We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under California law.

22. Do Not Track

Our service does not respond to "Do Not Track" browser signals because there is no industry-wide standard for how to interpret them. Regardless, we do not track users across third-party websites.

23. Severability

If any provision of this Privacy Policy is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

24. Governing Law

This Privacy Policy is governed by the laws of the jurisdiction in which iinwentory is established, without regard to conflict-of-laws principles. Mandatory consumer-protection rights you may have under your local law are not affected.

iinwentory is an inventory management app for warehouses and businesses, providing barcode scanning, pick lists, and team collaboration features.