Privacy Policy
skubase (“skubase,” “we,” “our”) is operated as an independent, founder-led company. This policy describes what we collect, why we collect it, who we share it with, and your rights.
What we collect
When you sign up for the waitlist or create an account we collect: your email address, optional Shopify domain, and the source page you signed up from. When you connect a Shopify store we collect: product catalog, inventory levels, vendor records, and order history necessary to compute reorder recommendations. When you upload a ShipStation or Stocky CSV, we ingest only the rows in that file.
Server logs include standard request metadata (IP, user agent, path, status code) for the purpose of operating the service. Vercel Analytics and Vercel Speed Insights are deployed in privacy-preserving (cookieless, no personal identifiers) modes.
How we use it
We use your data only to operate the service: rank reorder actions, score suppliers, surface dead-stock plans, deliver alerts you configure, and respond to support requests. We do not sell your data. We do not train AI models on your store data. We do not share your data with advertisers.
Sub-processors
We rely on the following sub-processors to operate the service. Each receives only the minimum data necessary for its function:
- Vercel — frontend hosting, analytics, speed insights.
- Railway — backend hosting and managed PostgreSQL.
- Shopify — source of catalog, inventory, and order data when you connect a store.
- Resend — transactional email delivery (planned).
- Stripe — payment processing (when paid plans launch).
Retention and deletion
You can delete your account and associated data at any time by emailing hello@skubase.io. We will purge your data from production within 30 days. Backups are encrypted and rotated within 90 days. Aggregated, anonymized metrics may be retained for service operation.
Your rights
You have the right to access, correct, export, and delete your personal data. Contact privacy@skubase.io for any such request. EU residents have rights under GDPR; California residents have rights under CCPA; we honor both equivalently for all users.
Cookies and storage
We use the minimum browser storage required to operate the service: a small amount of localStorage to remember your shop domain on the dashboard, and standard session cookies once authentication is in place. We do not use third-party advertising cookies.
Security
Data in transit is encrypted via TLS. Database snapshots are encrypted at rest. Shopify access tokens are stored encrypted. Internal access is limited to a small founder team and logged.
Changes
If this policy changes materially, we'll notify all registered users by email at least 30 days before the change takes effect. Minor clarifications and typo fixes will be reflected here without notification.
Contact
Questions about this policy: privacy@skubase.io.