We collect the data needed to run your stocura workspace and nothing else. We don’t sell it, share it with advertisers, or use it to train models for other customers. You can export or delete everything any time, from settings.
“stocura” is the trading name of the team that operates this service, based in Sydney, Australia. You can reach our privacy team at privacy@stocura.com.
Name, email, workspace name, billing details (handled by Stripe — we store only the last four card digits and the brand). Provided directly by you when you sign up.
From Cin7 Core and Shopify, via integrations you authorise: catalog items, stock levels, supplier records, purchase orders, sales orders (line-item totals only — no customer PII), product costs and prices.
Anonymous product analytics via Plausible (no cookies, no cross-site tracking). Server logs include IP address and user-agent for security and debugging, retained 14 days.
AWS (hosting, ap-southeast-2), Stripe (billing), Postmark (transactional email), Plausible (anonymous analytics). The current list lives at stocura.com/subprocessors; we notify customers 30 days before adding a new one.
All customer data is stored in AWS Sydney (ap-southeast-2). We back up daily with 30-day retention. When you cancel, your workspace becomes read-only for 30 days, then is permanently deleted within 14 days. You can request earlier deletion in writing.
Under the Australian Privacy Principles and (where applicable) the GDPR you have the right to access, correct, export, and delete your personal data. Workspace owners can do most of this self-serve in Settings → Data; for anything else, email privacy@stocura.com and we’ll respond within 30 days.
We use a single first-party cookie to keep you signed in. We don’t use third-party tracking cookies. The cookie banner you saw on first visit gives you the option to decline non-essential storage; declining doesn’t affect functionality.
Stripe and Postmark are based in the United States. When data must transit there for billing or transactional email, we rely on Standard Contractual Clauses and our sub-processors’ own certifications.
We’ll email all account owners at least 30 days before any material change to this notice and post a diff in our changelog.
If you think we’ve mishandled your data, please tell us first — privacy@stocura.com — and we’ll try to fix it. If you’re not satisfied, you can lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) or your local data-protection authority.