Inventra ("we," "our," or "us") is a Shopify app that provides inventory management and stock-taking functionality for Shopify stores. This Privacy Policy explains how we collect, use, and protect your information when you use our app.
Inventra is designed with a "Shopify-native" architecture, meaning we store all data within your Shopify store using Shopify's built-in systems:
- Product and Variant Information: Product names, SKUs, and variant details
- Inventory Data: Stock quantities across different locations (showroom, warehouse, garage)
- Workflow State: Stock-taking session progress and status
- Location Counts: Physical inventory counts for each location
Order Data (Restocking Feature)
To generate restocking recommendations, Inventra reads recent order data from your Shopify store:
- What we read: Order line items — specifically the product variant and quantity sold
- Why we read it: To calculate which products need restocking based on recent sales activity
- What we do NOT read or use: Customer names, email addresses, shipping addresses, payment details, or any other personally identifiable information (PII) from orders
- How it's processed: Order line item data is processed transiently in memory to aggregate quantities sold per variant. It is never stored, persisted, or written to any database, metafield, or external system. Once the restocking recommendations are displayed, the raw order data is discarded.
Data Storage Method
All data is stored using:
- Shopify Metafields: Workflow state and session data stored as JSON in Shopify's metafield system
- Shopify Inventory Levels: Official inventory quantities managed by Shopify
- Shopify Product Tags: Session markers and alert tags
Information We Do NOT Collect
We do not collect, store, or process:
- Customer personal information (names, emails, addresses from orders are never accessed)
- Payment information
- Personal data of store staff
- Any data outside of your Shopify store
How We Use Your Information
We use the collected information solely to:
- Provide inventory management functionality
- Track stock-taking sessions
- Manage workflow states across multiple locations
- Generate inventory reports and analytics
- Generate restocking recommendations based on recent sales volume (order line items only — no customer PII is accessed or stored)
- Maintain app functionality and performance
Data Sharing and Third Parties
We do not share, sell, or transfer your data to any third parties. All data remains within your Shopify store and is subject to Shopify's own privacy policies and data protection measures.
Data Security
Encryption
- In transit: All data exchanged between Inventra and Shopify is transmitted over HTTPS (TLS). The application is served exclusively over HTTPS via a TLS-configured reverse proxy.
- At rest: Inventra stores all persistent data within Shopify's infrastructure (metafields, inventory levels, product tags), which is encrypted at rest by Shopify. Inventra does not maintain any external database, file storage, or data store. Order data used for restocking recommendations is processed transiently in server memory and is never written to disk.
General Security Measures
- We use Shopify's built-in authentication and authorization systems (OAuth 2.0)
- We follow Shopify's security best practices and guidelines
- Access to the production server is restricted to SSH key authentication
Security Incident Response
In the event of a security incident, we follow this response process:
1. Detection and Assessment: We monitor server logs and Shopify compliance webhooks for anomalies. Upon detecting a potential incident, we immediately assess the scope and severity.
2. Containment: We restrict access to affected systems and take the application offline if necessary. Inventra does not manage its own credentials — all merchant access is controlled through Shopify's role-based permissions, so access can be revoked by the merchant at any time by uninstalling the app or adjusting staff permissions in Shopify Admin.
3. Notification: We notify affected merchants and Shopify within 72 hours of confirming an incident, in accordance with GDPR requirements.
4. Remediation: We investigate the root cause, apply patches, and restore service once the vulnerability is resolved.
Because Inventra stores no customer data and no data outside of Shopify's infrastructure, the impact of any server-side compromise is inherently limited — no customer PII can be exposed from our systems.
Your Rights and Data Control
Access and Portability
Since all data is stored in your Shopify store, you have full control over your data through Shopify's standard tools and APIs.
Data Deletion
- App Uninstallation: When you uninstall Inventra, all app-specific data (metafields and tags) is automatically removed by Shopify
- Manual Cleanup: You can manually delete metafields and tags through Shopify Admin
- Compliance Requests: We respond to all data subject requests as required by Shopify's compliance webhooks
Data Modification
You can modify or update your inventory data at any time through:
- The Inventra app interface
- Shopify Admin directly
- Shopify's APIs
Compliance with Privacy Laws
We comply with applicable privacy laws including:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- CPRA (California Privacy Rights Act)
Compliance Webhooks
We implement Shopify's mandatory compliance webhooks:
- `customers/data_request`: Responds to customer data requests
- `customers/redact`: Handles customer data deletion requests
- `shop/redact`: Processes shop data deletion upon app uninstallation
Data Retention
- Active Data: Inventory and workflow data is retained as long as the app is installed
- Upon Uninstallation: All app-specific data is automatically deleted within 48 hours
- Backup Data: We do not maintain separate backups of your data
International Data Transfers
All data processing occurs within Shopify's infrastructure, which may involve international transfers subject to Shopify's data processing agreements and safeguards.
Children's Privacy
Our app is designed for business use and does not knowingly collect information from children under 13 years of age.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy in the app
- Sending a notification through Shopify's app update system
- Updating the "Last Updated" date at the top of this policy
Contact Information
If you have any questions about this Privacy Policy or our data practices, please contact us:
- App Developer: Symanity
- Email: inventra.help@symanity.com
- Website: https://inventra.symanity.com
This Privacy Policy supplements Shopify's Privacy Policy. For information about how Shopify handles your data, please review Shopify's Privacy Policy at https://www.shopify.com/legal/privacy.