Privacy Policy

Last Updated: May 29, 2026

InventoryHub ("we," "us," or "our") operates the InventoryHub platform. This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.

1. Information We Collect

1.1 Information You Provide (Subscribers)

When you create an account and use our Service, we collect:

DataPurposeBasis
Email addressAccount login, magic link authentication, service notificationsContract
Password (hashed)Authentication (optional if using magic link or Google sign-in)Contract
NameAccount profile, display in dashboardContract
Business name, address, phoneOrganization setup, invoice generationContract
Business license, tax IDCompliance, invoice detailsContract
Payment informationSubscription billing (processed by our payment processor; we do not store card numbers)Contract

1.2 Business Data You Enter

During normal use of the Service, you enter business data including:

This data is stored solely to provide the Service to you and is not shared with third parties for any purpose other than operating the platform.

1.3 Information Collected Automatically

DataPurposeRetention
JWT session tokensAuthentication15 minutes (access), 7 days (refresh)
Audit logsSecurity and accountability trackingDuration of account
IP addressesRate limiting (in-memory only, not stored)Not persisted

2. How We Use Your Information

We use collected information to:

We will never sell, distribute, or lease your personal information or business data to third parties unless we have your permission or are required by law to do so.

3. Third-Party Services

We share limited data with the following categories of service providers, solely to operate the Service:

CategoryPurposeData Shared
Payment processorSubscription billingEmail address, billing information (card numbers are never stored by us)
Email delivery providerTransactional email (magic links, notifications)Email address
Cloud hosting providerApplication and database hostingAll account and business data (encrypted at rest)

We do not share your data with advertising networks, data brokers, or marketing platforms.

A current list of our specific sub-processors is available upon request through our contact form.

4. Cookies

We use essential cookies only to keep you logged in to the dashboard. These cookies:

We do not use tracking cookies, advertising cookies, or third-party cookies.

5. Data Security

We implement the following security measures to protect your data:

6. Data Retention

7. Your Rights

7.1 All Users

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

To exercise any of these rights, contact us through our contact form. We will respond within 45 days.

7.3 European Economic Area, UK, and Switzerland Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, the GDPR or equivalent local laws apply to your personal data. InventoryHub is the data controller.

We process your personal data to provide the Service, secure our platform and prevent fraud, and comply with legal obligations. With your consent, we may also send marketing communications. You can withdraw consent at any time.

In addition to the rights in section 7.1, you have the right to access, correct, delete, restrict processing of, port, and object to the processing of your personal data, and to lodge a complaint with your local data protection authority.

Our infrastructure is located in the United States. When personal data is transferred outside the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses and equivalent UK safeguards with our sub-processors. To exercise any GDPR right, contact us through our contact form. We respond within one month.

7.4 Do Not Sell My Personal Information

InventoryHub does not sell, rent, or trade your personal information to any third party for monetary or other valuable consideration. This applies to all users, including California residents under the CCPA.

8. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

9. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which has different data protection laws than your jurisdiction.

For users in the EEA, UK, or Switzerland, transfers are protected by Standard Contractual Clauses (SCCs) and equivalent UK safeguards with our sub-processors. See section 7.3 above for details on your GDPR rights.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard at least 30 days before taking effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach us through our contact form.