Privacy Policy
Last updated: 12 May 2026
1.Introduction
Invastokk (“we”, “us”, or “our”) is committed to protecting your personal data and handling information responsibly.
This Privacy Policy explains how we collect, use, process, store, and protect information when you use the Invastokk platform and related services (“the Service”).
We process personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Applicable UK privacy and data protection laws
By using the Service, you acknowledge the practices described in this Privacy Policy.
2.Data We Collect
We may collect and process the following categories of information.
Account Information
Including:
- Name
- Email address
- Username
- Passwords (stored in hashed form)
- User roles and permissions
Organisation Information
Including:
- Business name
- Location information
- Operational settings
- Subscription details
Inventory and Operational Data
Including:
- Product information
- SKUs
- Stock levels
- Purchase orders
- Supplier information
- Transfers
- Reporting data
- Forecasting related data
Uploaded Documents and OCR Data
Including:
- Uploaded invoices
- PDFs
- Spreadsheets
- Images
- OCR extracted content
Usage and Technical Information
Including:
- IP addresses
- Browser type
- Device information
- Session activity
- Authentication logs
- Error logs
- Usage analytics
Integration Data
Including:
- Shopify connection information
- API credentials and tokens
- Third party integration settings
- Webhook configuration data
3.How We Use Your Data
We use your information to:
- Provide and operate the Service
- Authenticate users and maintain sessions
- Enable integrations and synchronisation
- Process uploaded data and documents
- Generate analytics and forecasting outputs
- Improve performance and functionality
- Monitor security and prevent fraud
- Troubleshoot technical issues
- Communicate service updates
- Comply with legal obligations
4.Legal Basis for Processing
Under UK GDPR, we process personal data on the following legal bases.
Contractual Necessity
Processing required to provide the Service you have requested.
Legitimate Interests
Including:
- Improving the platform
- Preventing fraud and abuse
- Maintaining security
- Monitoring performance
- Developing new features
Legal Obligations
Where processing is required to comply with applicable laws or regulatory obligations.
Consent
Where consent is required by law, you may withdraw consent at any time.
5.Data Storage and Security
Your data is stored using secure infrastructure and databases.
Security measures may include:
- SSL/TLS encrypted connections
- Password hashing
- Role based access controls
- Session authentication
- Infrastructure monitoring
- Logging and auditing
- Backup systems
- Organisational data isolation
While we implement reasonable safeguards, no system can guarantee absolute security.
Customers remain responsible for:
- Protecting their account credentials
- Managing user permissions
- Maintaining endpoint/device security
6.Data Retention
We retain information only for as long as necessary to:
- Provide the Service
- Maintain platform security
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
If your account is closed, personal data may be deleted or anonymised within 90 days unless retention is legally required.
Certain limited records may be retained for:
- Security
- Fraud prevention
- Financial compliance
- Legal obligations
7.Third Party Services and Subprocessors
We may use third party providers to support operation of the Service.
These may include:
- Shopify
- WooCommerce
- Lightspeed
- EPOS Now
- Replit
- Cloud hosting providers
- Analytics providers
- Email delivery services
When integrations are enabled, data may be exchanged with external systems under your direction.
We are not responsible for the privacy or security practices of third party platforms.
We do not sell personal data to third parties.
8.International Data Transfers
Some data may be processed or stored outside the United Kingdom.
Where international transfers occur, we implement appropriate safeguards as required under UK data protection laws.
9.Your Rights
Under UK GDPR, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent where applicable
Requests may be submitted through the platform or via:
We may require verification of identity before fulfilling requests.
10.Cookies and Session Technologies
We use cookies and similar technologies to:
- Maintain secure sessions
- Authenticate users
- Remember preferences
- Improve functionality
- Monitor platform performance
Certain cookies are essential for the Service to function properly.
Disabling cookies may affect platform functionality.
11.Automated Processing and Forecasting
The Service may provide:
- Forecasting tools
- Suggested purchase orders
- Analytics
- OCR extracted outputs
- AI assisted recommendations
These outputs are generated automatically and may contain inaccuracies.
Customers remain responsible for verifying information and making operational decisions.
12.Children's Privacy
The Service is intended for business use only and is not directed toward children under 18 years of age.
13.Changes to This Policy
We may update this Privacy Policy periodically.
Updated versions will be published on this page with a revised “Last updated” date.
Continued use of the Service after changes constitutes acceptance of the updated Policy.
14.Contact and Complaints
For privacy related questions or to exercise your rights, contact:
- Invastokk
- admin@invastokk.com
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
