LAST UPDATED: MAY 16, 2026 · VERSION 1.0
This Privacy Policy explains how Amazstock OÜ ("we", "us") collects, uses, and protects personal data when you use our Service. We are the data controller for personal data we process about our customers.
What we collect
Account data
Email, name, company, language preference, password (hashed with bcrypt). Required for login and billing.
Billing data
Processed by Stripe (our payment provider). We store: subscription tier, billing email, payment status. We never see or store credit card numbers.
Operational data
Data you upload to use the Service: products, orders, customers, pallets, photos, settings. This is your business data; you own it.
Usage data
Anonymous analytics about how the Service is used (page views, feature usage). Used to improve the product. Powered by Plausible Analytics — no cookies, no cross-site tracking.
Log data
IP address, user agent, request timestamps. Retained 30 days for security and debugging.
How we use your data
- Provide and operate the Service.
- Process payments (via Stripe).
- Communicate with you about your account, security, and product updates.
- Detect and prevent fraud or abuse.
- Comply with legal obligations.
We do not sell your data. We do not use it for advertising. We do not train AI models on your customer data.
Where your data lives
All data is stored in AWS Frankfurt (EU-Central). Data does not leave the EU.
Encryption at rest (AES-256) and in transit (TLS 1.3). Daily encrypted backups, retained 30 days.
Sub-processors
We use a small set of sub-processors:
- AWS (Frankfurt) — infrastructure hosting
- Stripe — payment processing
- Postmark — transactional email (account, billing notifications)
- Plausible — anonymous analytics
- Cloudflare — CDN and DDoS protection
All sub-processors are GDPR-compliant and bound by Data Processing Agreements.
Your rights under GDPR
You have the right to: access your data, correct it, delete it, restrict processing, port it to another service, and object to processing. See GDPR page for details and how to exercise these rights.
Cookies
We use only essential cookies (session, CSRF protection). No tracking cookies, no third-party advertising cookies, no consent banner needed under GDPR rules.
Data retention
Active accounts: data retained while account is active.
Cancelled accounts: data accessible for 90 days for export, then permanently deleted (or sooner on request).
Billing records: retained 7 years per tax regulations.
Children
The Service is not directed at children under 18. We do not knowingly collect data from minors.
Changes to this policy
We'll notify you by email 30 days before significant changes.
Contact
Privacy questions or data requests: privacy@amazstock.online