Legal

Privacy Policy

Last updated: 26 April 2026Controller: StockedSoft

This policy explains how StockedSoft Ltd collects, uses and protects your personal data. It is written in plain English in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If something is unclear, please contact us at executiveteam@stockedsoft.com.

1. Who we are

StockedSoft ("StockedSoft", "we", "us" or "our") is the controller of the personal data described in this policy. We are registered in England and Wales and operate the inventory and warehouse management platform available at stockedsoft.com.

If you have any questions about how we handle your data, contact us at executiveteam@stockedsoft.com.

2. What this policy covers

This Privacy Policy explains how we collect, use, share and protect personal data when you:

•Visit our website at stockedsoft.com

•Register for and use the StockedSoft platform

•Apply for or participate in our partner programme

•Contact us for support or other enquiries

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. What personal data we collect

We collect personal data in the following categories:

Account and identity data

Name, email address, job title, and company name when you register for an account.

Billing and payment data

Billing name, address and payment card details. Card details are processed directly by Stripe and are never stored on our servers.

Usage and technical data

IP address, browser type, pages visited, session duration, feature usage, and error logs. Collected automatically when you use the platform.

Communications data

Records of emails, support tickets and other correspondence you send to us.

Partner data

For partner programme applicants: name, email, company name, bank account name, sort code and account number, for the purpose of paying commission.

Customer data processed on your behalf

As a data processor, we store and process data you enter into the platform (such as customer records, supplier records, stock data and orders) on your behalf. You remain the controller of this data.

4. How we use your personal data

We use your personal data for the following purposes, each supported by a lawful basis under UK GDPR:

To provide the service — Lawful basis: Performance of a contract

To create and manage your account, process your subscription, deliver platform features and provide technical support.

To bill you — Lawful basis: Performance of a contract

To process payments via Stripe and issue invoices and receipts.

To operate the partner programme — Lawful basis: Performance of a contract

To assess partner applications, issue referral codes, track commissions and make commission payments by bank transfer.

To improve our platform — Lawful basis: Legitimate interests

To analyse usage patterns, fix bugs and develop new features. We balance this interest against your right to privacy.

To communicate with you — Lawful basis: Legitimate interests / Consent

To send service-related emails (password resets, invoices, important notices) and, where you have opted in, product updates and news. You may unsubscribe from marketing emails at any time.

To comply with legal obligations — Lawful basis: Legal obligation

To retain records required by law (e.g. financial records for HMRC purposes) and to respond to lawful requests from authorities.

5. Who we share your data with

We do not sell your personal data. We share data only with trusted third parties as necessary to operate our service:

Stripe — Payment processing. Stripe is a PCI-DSS compliant payment processor. Their privacy policy is available at stripe.com/gb/privacy.

Supabase — Database hosting and authentication. Your data is stored in EU/UK data centres.

Vercel — Platform hosting and content delivery. Processes technical data such as IP addresses in connection with serving the platform.

Postmark / email provider — Transactional email delivery (password resets, invoices, support replies).

Legal and regulatory bodies — We may disclose personal data to law enforcement or regulatory authorities where required to do so by law.

All third-party processors are subject to data processing agreements and are required to handle data in accordance with UK GDPR.

6. International data transfers

Some of our third-party processors may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), to ensure your data receives an equivalent level of protection.

7. How long we keep your data

We retain personal data only as long as necessary for the purposes described in this policy:

•Account data — Retained for the duration of your subscription plus 6 years after termination, in line with our legal obligations under the Companies Act 2006.

•Billing and financial records — Retained for 6 years from the end of the relevant tax year, as required by HMRC.

•Support correspondence — Retained for 3 years.

•Partner bank details — Retained for the duration of the active partnership plus 6 years for accounting purposes.

•Usage and technical logs — Retained for up to 12 months.

When data is no longer required, we delete or anonymise it securely.

8. Your rights under UK GDPR

You have the following rights in relation to your personal data:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can ask us to correct inaccurate or incomplete data.

Right to erasure — You can ask us to delete your personal data in certain circumstances (for example, where it is no longer necessary for the purpose it was collected).

Right to restrict processing — You can ask us to pause processing of your data in certain circumstances.

Right to data portability — You can request your data in a structured, machine-readable format.

Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.

Rights related to automated decision-making — We do not make decisions about you solely by automated means that have legal or similarly significant effects.

To exercise any of these rights, email us at executiveteam@stockedsoft.com. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Cookies

We use cookies and similar technologies on our website and platform. These include:

Strictly necessary cookies — Required for the platform to function (for example, session authentication). These cannot be disabled.

Analytics cookies — Help us understand how visitors use our site so we can improve it. We use anonymised analytics and do not fingerprint individual users.

You can control non-essential cookies through your browser settings. Blocking cookies may affect the functionality of the platform.

10. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include:

•Encryption in transit (TLS) and at rest

•Role-based access controls within our platform

•Regular security reviews

•Incident response procedures

However, no method of transmission over the internet is entirely secure. If you believe your account has been compromised, contact us immediately at executiveteam@stockedsoft.com.

11. Children's data

StockedSoft is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

13. Contact us

If you have any questions, concerns or requests relating to this Privacy Policy or your personal data, please contact us:

StockedSoft

StockedSoft, England, United Kingdom

Email: executiveteam@stockedsoft.com

For complaints, you may also contact the Information Commissioner's Office:

icо.org.uk | 0303 123 1113

Note: This Privacy Policy was last reviewed on 26 April 2026. StockedSoft Ltd is not a law firm and this document does not constitute legal advice. We recommend you seek independent legal counsel if you have specific data protection compliance questions.