Privacy Policy

Last updated: March 30, 2026

StockBeat ("we", "our", or "the App") is a Shopify application developed by Noema Works that helps merchants monitor inventory levels, detect stockout risks, and recover cash tied in stagnant stock.

This Privacy Policy describes how we collect, use, and protect information when you install and use StockBeat.

1. Information We Collect

When you install StockBeat, we access the following Shopify data through authorized API scopes:

Store & Product Data

  • Product catalog (titles, variants, SKUs, prices)
  • Inventory levels and locations
  • Order history (order IDs, line items, quantities, revenue amounts, dates)

Authentication Data

  • Shopify store domain
  • OAuth access tokens (required to communicate with the Shopify API on your behalf)

Merchant Identity

  • Store owner name and email (provided by Shopify during app installation)

What We Do NOT Collect

  • End-customer personally identifiable information (names, emails, phone numbers, or addresses)
  • Payment or credit card information
  • Customer browsing or behavioral data

2. How We Use Your Data

We use the collected data exclusively to:

  • Inventory Monitoring: Track stock levels across your locations and variants.
  • Stockout Risk Detection: Calculate sales velocity and predict when products may go out of stock.
  • Cash Recovery Analysis: Identify stagnant inventory tying up capital.
  • Dashboard & Reporting: Display insights, metrics, and recommendations within the App.
  • Notifications: Send personalized email summaries with inventory insights (using merchant name and email).
  • Billing: Process subscription charges through Shopify's billing API.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

3. Data Storage & Security

  • Infrastructure: Data is stored in a PostgreSQL database hosted on Supabase, with servers located in secure data centers.
  • Encryption in Transit: All data transmitted between your browser, Shopify, and our servers is encrypted using TLS/HTTPS with HSTS enforcement.
  • Encryption at Rest: Database storage is encrypted at the disk level by our infrastructure provider.
  • Access Control: API access is restricted via bearer token authentication with timing-safe cryptographic comparison.
  • Isolation: Each store's data is logically isolated by shop ID. No store can access another store's data.

4. Data Retention

  • Active stores: We retain your data for as long as the App is installed on your store.
  • After uninstallation: All store data (products, inventory, orders, credentials, sessions) is permanently deleted immediately upon app uninstallation.
  • GDPR shop redaction: Shopify sends a final redaction request 48 hours after uninstallation. We process this request and confirm all data has been purged.

5. Data Sharing

We use the following third-party services to operate the App:

Service Purpose Data Shared
Supabase Database hosting Store and product data (no end-customer PII)
Shopify Platform & billing OAuth tokens, billing events

We do not share data with any other third parties.

6. Your Rights

As a merchant, you have the right to:

  • Access: Request a copy of the data we store about your shop.
  • Deletion: Uninstall the App at any time to trigger immediate deletion of all your data.
  • Portability: Request an export of your data in a machine-readable format.
  • Correction: Contact us to correct any inaccurate data.

End-Customer Rights (GDPR / CCPA)

StockBeat does not store end-customer personally identifiable information. We process Shopify's mandatory GDPR webhooks:

  • Customer Data Request: We acknowledge and confirm no customer PII is stored.
  • Customer Redaction: We acknowledge and confirm no customer PII needs redaction.
  • Shop Redaction: We permanently delete all store data.

If an end-customer contacts you regarding their data, please note that StockBeat only stores aggregated order-line data (product, quantity, revenue) and does not retain any information that could identify individual customers.

7. Cookies & Tracking

StockBeat is an embedded Shopify app and does not use cookies, tracking pixels, or third-party analytics on your storefront. The App operates entirely within the Shopify Admin interface.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Noema Works

Email: contact@noemaworks.com

10. Shopify App Store

This App is distributed through the Shopify App Store and complies with Shopify's API Terms of Service and Shopify's Partner Program Agreement.

Back to StockBeat