BoxiStock

Privacy Policy

Effective date: May 24, 2026

1. Introduction

BoxiStock ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using BoxiStock, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account information: When you sign up, we collect your name, email address, and authentication credentials via Google OAuth. We do not store passwords directly.

Inventory and sales data: All stock lots, product names, quantities, prices, individual and bundle sale records, and related data you enter are stored in our database (Supabase) and are associated with your user account.

Usage data: We collect usage information such as page visits and feature interactions via PostHog to help us understand how the Service is used and improve it. This data is associated with a pseudonymous identifier and is not sold to third parties.

Contact messages: If you contact us via the contact form, we collect your name, email address, and message content to respond to your inquiry.

Share link access: When a third party views a share link you have created, basic access information (such as request timestamps) may be logged for security and abuse-prevention purposes. We do not collect personal information about share link viewers beyond what is described here.

3. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To authenticate you and secure your account.
  • To process and display your inventory and sales data as requested.
  • To respond to your support inquiries and messages.
  • To improve and develop the Service based on aggregated usage patterns.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Share Links and Public Data Exposure

BoxiStock allows you to create share links that make selected inventory and sales data publicly accessible to anyone with the link. When you activate a share link, the data included in that share (product names, quantities, prices, and related figures) is accessible without authentication, subject to any password you have set.

You control what data is shared and may revoke a share link at any time. Once revoked, the link will no longer display your data. However, we are not responsible for any copies or screenshots taken by third parties while the link was active. Do not include information in a share link that you are not comfortable making publicly available.

5. Third-Party Services

BoxiStock uses the following third-party services to operate:

  • Supabase — Authentication, database storage for your inventory and sales data, hosted on secure cloud infrastructure.
  • Vercel — Hosting and edge network infrastructure. All HTTP requests to BoxiStock pass through Vercel's servers. Vercel may log request metadata (IP addresses, timestamps) for operational purposes in accordance with their Privacy Policy.
  • PostHog — Product analytics platform used to collect usage data (page views, feature interactions). PostHog processes this data in accordance with their Privacy Policy.
  • Anthropic — AI model provider (Claude) used to power AI-assisted import features. When you use AI features, the text you submit is sent to Anthropic's API for processing. Do not include sensitive personal data in AI import prompts.
  • Upstash — Rate limiting infrastructure. No personally identifiable information is stored by Upstash beyond anonymized request identifiers.
  • Resend — Email delivery service used to process contact form submissions.

6. Data Retention

We retain your account and inventory data for as long as your account is active. If you delete your account, we will delete your data from our active systems within a reasonable period, subject to any legal retention requirements. All share links associated with your account are deactivated upon deletion. Some residual data may remain in backups for a limited time.

7. Data Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. Data is stored using industry-standard encrypted infrastructure. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal obligations).
  • Object to or restrict certain processing of your data.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at boxistock@gmail.com.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, please contact us at boxistock@gmail.com.