RESTOCK NOTIFY — PRIVACY POLICY
Effective Date: 2026-06-01 Last Updated: 2026-06-01 Operator: Austin Kearney d/b/a "Restock Notify" Contact: [email protected]
This Privacy Policy is incorporated into the Restock Notify Terms of Service. Capitalized terms used here without definition have the meanings given in the Terms of Service.
1. SCOPE; ROLES
This Policy describes how Restock Notify collects, uses, discloses, retains, and transfers personal information ("PI") in connection with:
(a) Subscribers — businesses and individuals who create Accounts; and (b) End Customers — natural persons whose data is uploaded or processed through the Service by a Subscriber.
Roles. For information about Subscribers (Section 3 below), Restock Notify is the "business" / "controller." For information about End Customers (Section 4 below), Restock Notify acts as a "service provider" / "processor" on behalf of the Subscriber for most processing; however, with respect to Aggregated Data, de-identified data, security operations, and model training under Section 7 of the Terms of Service, Restock Notify acts as an independent "business" / "controller."
End Customers seeking to exercise rights with respect to their data should contact the Subscriber whose business sent them communications. Restock Notify will forward valid requests to the relevant Subscriber but is not the primary point of contact for End-Customer privacy rights except as expressly required by law.
2. INFORMATION WE COLLECT — AT A GLANCE
| Category | Source | Examples |
|---|---|---|
| Subscriber Account Data | You, when you sign up | Business name, email, hashed password, timezone, brand color, store address |
| Subscriber Billing Data | Stripe (we store tokens, not card numbers; card number, name, billing address, and IP are collected directly by Stripe in its checkout flow and are not transmitted through or stored by Restock Notify) | Stripe customer ID, subscription ID, plan, billing email |
| Subscriber Configuration Data | You, in the Settings pages | SMTP credentials (encrypted), Twilio SID + token (encrypted), Meta access token (encrypted), logo image |
| Customer Data | You (uploaded), Subscriber's End Customers (via the portal) | End Customer name, email, phone, birthday, opt-in status, opt-in source, purchase history, tags, segment, season membership, sticky notes, pinned facts, message threads, anniversary, free-form notes (which Subscribers may use to record family details, customer preferences, scheduling info, or other context Subscriber chooses to capture about an End Customer), and external integration identifiers (Shopify, Squarespace) |
| Usage Telemetry | Automatically | IP address, device + browser type, pages viewed, action timestamps, error logs, queue depth |
| Assistant Interaction Data | You + the AI provider | Questions asked, AI Output returned, prompt history, sticky notes, pinned facts, reminders |
| Ad Platform Data | Meta / Google / TikTok APIs (when connected) | Ad spend, impressions, clicks, conversions, revenue, ad set names, campaign IDs |
| Communication Tracking Data | Automatically, when you send | Open events, click events, unsubscribe events, bounce events |
| Cookies & Local Storage | Automatically | Session cookie, CSRF token, UI preferences |
3. SUBSCRIBER INFORMATION — HOW WE USE IT
We process Subscriber PI to:
- create and operate Accounts;
- charge Fees, process refunds, prevent payment fraud;
- send transactional emails (alerts, billing, security);
- send marketing emails about the Service (Subscriber may opt out of marketing emails at any time without affecting transactional ones);
- monitor and improve the Service, including by tracking feature usage;
- comply with legal obligations and respond to lawful requests; and
- enforce the Terms of Service and protect Restock Notify's rights.
Lawful bases (GDPR-style mapping). Contract performance (Article 6(1)(b)) for delivering the Service; legitimate interests (Article 6(1)(f)) for fraud prevention, product improvement, and direct marketing of similar services to existing customers; legal obligation (Article 6(1)(c)) for tax, accounting, and lawful-process responses; consent (Article 6(1)(a)) for any processing not covered by another basis.
4. END-CUSTOMER INFORMATION — HOW WE USE IT
End-Customer PI is processed primarily on Subscriber's instructions for the purposes of delivering the Service to that Subscriber, including:
- storing customer records and purchase history in the Subscriber's Account;
- generating restock alerts, marketing emails, SMS, portal messages, and automation sequences;
- delivering messages via SMTP, Twilio, and other channels;
- tracking opens, clicks, and unsubscribes;
- generating analytics, segments, retention cohorts, and AI-assistant outputs displayed to the Subscriber;
- enabling the End-Customer portal magic-link (
/c/<token>) and unsubscribe flow (/u/<token>).
In addition to Subscriber-directed processing, Restock Notify uses End-Customer data for the controller-side purposes set out in Section 7 of the Terms of Service, including the production of Aggregated Data, model training, security operations, and product research. End Customers wishing to opt out of these controller-side uses should request that their Subscriber initiate the opt-out under Terms of Service Section 7.4 / 7.5.
4A. AGGREGATED AND ANONYMIZED DATA USE
Effective Date of this subsection. This subsection is effective immediately for Subscribers who create an Account on or after 2026-06-02 and takes effect sixty (60) days after the date of notice for Subscribers whose Account was created before that date, giving existing Subscribers a reasonable window to opt out before any of their data is included.
What we aggregate. Restock Notify combines anonymized data across all Subscribers — including End-Customer behavioral signals (purchase cadence, opt-in and engagement rates), product velocity (sell-through rate, restock frequency, days-to-stockout), and category-level demand patterns — into aggregate insight products. Examples of current and planned products include Restock Notify Benchmarks (peer-cohort performance comparison), Restock Notify Forecast (cross-shop demand prediction), and industry-trend reports licensed to suppliers, distributors, and analysts.
Anonymization standard. Aggregation is performed only across cohorts of no fewer than fifty (50) shops, and direct identifiers (Subscriber name, End-Customer name, email, phone, address, and any free-form notes captured by a Subscriber) are stripped before inclusion. No individual Subscriber and no individual End Customer is identifiable in any aggregate output. Restock Notify additionally applies generalization (e.g. binning revenue into ranges, geographies into regions) and, where appropriate, noise-injection to further reduce re-identification risk, consistent with the standard described in Terms of Service Section 7.3.
Purpose limitation. Aggregated Data produced under this subsection is used solely for (a) improving the Restock Notify Service, (b) producing and selling the benchmarking, forecasting, and industry-research products described above, and (c) general market and category research. Aggregated Data is never sold to advertising networks, used for behavioral or interest-based advertising directed at any End Customer, or used to target individual End Customers with any communication.
Opt-out. Subscribers may opt out of contributing their data to Aggregated Data at any time via a single toggle at /settings/privacy in the Restock Notify dashboard, or by emailing the contact address. Opt-out is honored within thirty (30) days. Opt-out is prospective only and does not require Restock Notify to remove or recompute Aggregated Data already produced. Subscribers who opt out continue to receive the full Service; they simply do not contribute to aggregate products and, accordingly, do not have access to opt-in-only benchmarking comparisons that depend on cohort participation.
Relationship to Terms of Service Section 7. This subsection describes Restock Notify's controller-side use of Aggregated Data in plain language for Subscriber convenience. The full legal terms — including license scope, sublicensing rights, and the limited-revocation mechanism — remain governed by Sections 7.1 through 7.5 of the Terms of Service. Where this subsection narrows the practices described in the Terms of Service (for example, by committing to the 50-shop minimum cohort size or by promising no advertising use), the more protective standard applies.
5. AI ASSISTANT (ATLAS) — SPECIFIC DISCLOSURES
When the assistant feature is enabled:
- Subscriber's questions, Subscriber Data snapshots (customers, products, sales, sticky notes, pinned facts, reminders, ad metrics, special orders), and assistant outputs are transmitted to a third-party AI model provider (currently Anthropic, PBC, headquartered in the United States) acting as a sub-processor.
- Conversation history is stored in the
chat_logstable for as long as the Account is active and for ninety (90) days thereafter. - AI Output is not guaranteed to be accurate. Subscriber is responsible for review before action.
- Restock Notify may use this data for model improvement under Terms of Service Section 7.4. Opt-out is available on written request.
6. COOKIES AND TRACKING
We use:
- Strictly necessary cookies — session cookie (HttpOnly), CSRF token. These cannot be disabled without breaking the Service.
- Functional cookies — UI preferences. Can be disabled in the browser at the cost of resetting preferences.
- Pixel and link tracking — the open-pixel (
/t/o/<token>) and click-redirect (/t/c/<token>) embedded in outbound emails. These collect open and click events from End Customers on behalf of Subscriber. End Customers may opt out by clicking the unsubscribe link in any email.
We do not currently use third-party advertising cookies on the Service itself. If we add them, this Policy will be updated.
7. WHO WE SHARE INFORMATION WITH
We share PI with:
| Recipient | Purpose | Category of PI |
|---|---|---|
| Stripe, Inc. | Payment processing | Subscriber email, Stripe customer ID |
| Twilio Inc. | SMS delivery (when configured) | End-Customer phone + message body |
| Anthropic, PBC | AI assistant | Subscriber Data snapshot + question |
| Meta Platforms, Inc. | Ad analytics (when connected) | OAuth scope per Subscriber's grant |
| Shopify, Inc. (when connected) | Source of imported End-Customer order data | End-Customer name, email, phone, purchase history |
| Squarespace, Inc. (when connected) | Source of imported End-Customer order data | End-Customer name, email, phone, purchase history |
| Amazon Web Services / Cloudflare R2 (when configured) | Image hosting | Uploaded images |
| SMTP relays selected by Subscriber (e.g. Gmail, SendGrid) | Email delivery | End-Customer email + message body |
| Railway, Inc. (or successor cloud host) | Hosting infrastructure | All Subscriber Data and Customer Data in transit and at rest |
| Professional advisors (lawyers, accountants, auditors) | Business operations | As needed for the purpose |
| Successor entity in an acquisition, merger, or asset sale | Business continuity | All categories |
| Law enforcement / regulators | Compliance with lawful process | As legally required |
We do not sell Customer Data containing direct identifiers. We may license, sell, or otherwise commercialize Aggregated Data without restriction (see Terms of Service Section 7).
8. INTERNATIONAL TRANSFERS
Restock Notify is operated from the United States. By using the Service, Subscriber consents to transfer of Subscriber Data and Customer Data to the United States and to any other jurisdiction in which Restock Notify or any sub-processor operates. Where required by law (including for transfers from the EEA, the UK, or Switzerland), the parties will rely on the European Commission's Standard Contractual Clauses or equivalent transfer mechanisms.
9. RETENTION
Restock Notify operates an automated daily purge job that enforces the retention windows below. Backup retention is governed by the underlying cloud host's snapshot policy. Account-level deletion is performed by Restock Notify on Subscriber's written request within thirty (30) days of receipt; data persisting in rolling backups may take up to ninety (90) days to age out.
| Data | Retention |
|---|---|
| Subscriber Account record | Life of Account + 90 days after deletion |
| Customer Data in Subscriber's Account | Life of Account + 90 days after deletion |
| Billing records | 7 years (tax / accounting requirement) |
| Backups | 30 days rolling |
| Audit logs | 365 days |
| Chat / AI assistant logs | 365 days while Account active; deleted within 90 days of Account closure |
| Aggregated Data | Indefinite |
| Data embedded in model weights | Cannot be selectively removed |
Subscriber may request earlier deletion of its Account by emailing the contact address; deletion takes effect within thirty (30) days, subject to the backup-purge cycle.
10. SECURITY
We use encryption in transit (TLS) and at rest for sensitive credentials. We hash passwords with industry-standard algorithms. Specific safeguards include access controls, sub-processor agreements, security monitoring, and incident response. Subscriber acknowledges that no system is impenetrable; Restock Notify cannot guarantee absolute security.
In the event of a confirmed Security Incident affecting Subscriber Data, Restock Notify will notify Subscriber within seventy-two (72) hours as set out in Terms of Service Section 8.2.
11. YOUR RIGHTS
Depending on jurisdiction, Subscriber and End Customers may have rights to:
- access PI we hold about them
- correct inaccurate PI
- request deletion (subject to retention requirements)
- restrict processing
- object to processing based on legitimate interests
- portability (receive data in a structured, machine-readable format)
- withdraw consent
- lodge a complaint with a supervisory authority
Subscriber rights are exercised by emailing the contact address. End-Customer rights are exercised first through the Subscriber whose business processed their data; Restock Notify will forward valid requests when received directly.
California residents additionally have CCPA/CPRA rights to know, delete, correct, opt out of "sale" or "sharing," and limit use of sensitive PI. Restock Notify does not sell Customer Data containing direct identifiers.
Nevada residents may opt out of the sale of certain "covered information" by emailing the contact address.
12. CHILDREN
The Service is not directed to children under thirteen (13) (or under sixteen (16) in the EEA / UK). Subscribers represent that they will not knowingly upload data of any such child. If Restock Notify becomes aware that it has collected data of a child without proper consent, it will delete that data.
13. CHANGES TO THIS POLICY
Restock Notify may update this Policy at any time. Material changes will be highlighted on the Service or sent by email. Continued use after the effective date of an update constitutes acceptance.
14. CONTACT
Privacy inquiries: [email protected].
For EU/UK data-protection inquiries, mark the subject line "Data Protection Inquiry." If a representative under GDPR Article 27 is required for your jurisdiction and we have not appointed one, contact us and we will work with you in good faith.
Same disclaimer as the Terms of Service: this is a template, not legal advice. Have a privacy attorney review before publishing — especially Sections 4, 7, 9, and 11 if you plan to take any EU, UK, or California customers.