How StallVantage collects, uses, and protects information

1. Scope

This Privacy Policy applies to:

• StallVantage iOS applications
• StallVantage Android applications
• StallVantage websites and landing pages
• Customer support interactions
• Integrations made available through the Services

2. Information We Collect

A. Information You Provide Directly

We may collect information you provide when creating an account or using the Services, including:

• Name
• Email address
• Password credentials (stored through secure authentication providers)
• Business name
• Business tagline
• Contact person name
• Phone number
• Website URL
• Business vocation/category (e.g., bakery, jeweler, woodworker)
• Subscription and billing selections
• Customer order details you enter
• Notes, forms, templates, and uploaded content
• Product photos and logos
• Support messages and communications

B. Customer and Business Data You Enter

Depending on your use of StallVantage, we may process data you create or upload, including:

• Customer names, emails, phone numbers
• Order history and fulfillment status
• Product catalog data
• Recipe and ingredient data
• Inventory quantities and costs
• Supplier names and pricing
• Expenses and accounting records
• Market events, schedules, locations, and calendars
• Team member invitations and role assignments
• Compliance logs, allergen data, lot tracking, cleaning logs, temperature logs, QC notes
• Analytics and forecasting data derived from your usage data

C. Payment Information

Payments for subscriptions or card transactions may be processed by third parties such as Apple App Store, Google Play, Square, Stripe, or other payment processors.

We generally do not store full payment card numbers on our own servers unless explicitly stated for a specific feature. Payment processors may collect payment information subject to their own privacy policies.

D. Automatically Collected Information

When you use the Services, we may automatically collect:

• Device type and operating system
• App version
• Unique device identifiers
• IP address
• Approximate location inferred from IP
• Language and region settings
• Crash logs and diagnostics
• Usage events and feature interactions
• Authentication events
• Offline sync status and queue events
• Push notification tokens

E. Information From Integrations

If you connect third-party services, we may receive data from them, such as:

• Square orders, products, locations, payment status
• Stripe account and terminal-related data
• QuickBooks export metadata
• OAuth tokens and authorization status

3. How We Use Information

We use information to:

• Create and manage accounts
• Provide core app functionality
• Process orders and workflows
• Sync data across devices
• Enable offline storage and later synchronization
• Generate analytics, reports, and forecasts
• Send receipts, order-ready notices, and operational emails
• Deliver notifications you enable
• Process subscriptions and purchases
• Prevent fraud, abuse, and security incidents
• Troubleshoot bugs and improve performance
• Provide customer support
• Comply with legal obligations
• Enforce our Terms of Service

4. Forecasting and Automated Insights

StallVantage may analyze historical sales, inventory, or usage data to generate recommendations such as demand forecasts, suggested prep quantities, margin alerts, or operational insights.

These outputs are estimates only and should be reviewed by you before business use.

5. Legal Bases for Processing (EEA/UK if applicable)

Where required by law, we process personal data under one or more of the following legal bases:

• Performance of a contract
• Legitimate interests
• Consent
• Compliance with legal obligations
• Protection of vital interests

6. Sharing of Information

A. Service Providers

Vendors who help us operate the Services, such as hosting, analytics, crash reporting, authentication, email delivery, cloud storage, and customer support providers.

B. Payment and Commerce Partners

Processors such as Apple, Google, Square, Stripe, and similar partners.

C. Integrations You Authorize

When you connect third-party services, we may transmit relevant data to complete requested actions.

D. Business Transfers

In connection with a merger, acquisition, financing, restructuring, or sale of assets.

E. Legal Requirements

If required by law, subpoena, court order, or to protect rights, safety, users, or the public.

7. Advertising

Free-tier versions of StallVantage may display advertising, including banner or app open ads.

We may work with advertising partners such as Google AdMob. Depending on platform permissions and applicable law, advertising partners may use device identifiers or similar technologies to provide or measure ads.

On iOS, App Tracking Transparency prompts may be presented where required.

8. Analytics and Diagnostics

We may use analytics and crash reporting tools (such as Sentry or similar providers) to understand app performance, diagnose crashes, and improve reliability.

We may attempt to scrub or minimize sensitive data in logs.

9. Data Storage and Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information.

These may include:

• Encryption in transit
• Encrypted local/offline queues
• Secure credential storage
• Access controls
• Role-based permissions
• Logging and monitoring
• Token refresh and session revocation mechanisms

No system is completely secure, and we cannot guarantee absolute security.

10. Data Retention

We retain information for as long as reasonably necessary to:

• Provide the Services
• Maintain your account
• Comply with law
• Resolve disputes
• Enforce agreements
• Preserve backups and audit records

You may also have tools to delete older data, export data, or delete your account.

11. Backups, Imports, and Exports

The Services may allow:

• Automatic cloud backups
• Manual backups
• JSON exports
• Data imports/migrations

You are responsible for securing exported files and backups you store outside StallVantage.

12. Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

• Access personal data
• Correct inaccurate data
• Delete data
• Export data
• Object to certain processing
• Restrict processing
• Withdraw consent where applicable
• Appeal certain privacy decisions

To exercise rights, contact us using the details below.

13. Team and Multi-User Accounts

If you join a team workspace, account owners or authorized managers may be able to view and manage workspace data, users, and certain operational records.

14. Children’s Privacy

The Services are not directed to children under 13 (or higher age where required by local law). We do not knowingly collect personal information from children.

15. International Data Transfers

Your information may be processed in countries other than your own.

Where required, we use appropriate safeguards for cross-border transfers.

16. Third-Party Services

The Services may link to or integrate with third-party services. Their privacy practices are governed by their own policies.

Examples may include:

• Apple App Store
• Google Play
• Square
• Stripe
• QuickBooks
• Supabase
• Google AdMob
• Sentry
• Postmark

17. California Privacy Notice (if applicable)

California residents may have rights under the California Consumer Privacy Act (CCPA/CPRA), including rights to know, delete, correct, and opt out of certain sharing or sales as defined by law.

We do not sell personal information in exchange for money unless explicitly disclosed.

Placeholder to review: Confirm whether any ad tech flows could be considered “sharing” under CPRA.

18. Changes to This Policy

We may update this Privacy Policy periodically. We will update the Last Updated date and provide notice where required.

20. App Store Disclosures

Where required by Apple App Store, Google Play, or other platforms, platform-specific privacy disclosures may supplement this policy.