Shopify Stockyshuts down August 2026 — migrate free →

How it worksFeaturesPricingBlog

Legal

Privacy Policy

Effective date: 30 March 2026

Governing law: Information Technology Act, 2000 (India) & Digital Personal Data Protection Act, 2023

1. Who We Are

Forestock ("we", "us", "our") is an AI-powered inventory forecasting service for Shopify merchants, accessible at getforestock.com. This Privacy Policy explains how we collect, process, store, and protect your information when you use our service.

By accessing Forestock, you agree to the practices described in this policy. If you do not agree, please do not use the service.

Data Controller: Forestock

Contact: support@getforestock.com

2. Information We Collect

Account Information

Name, email address, and authentication credentials collected via Clerk when you sign up or sign in. We do not store passwords — authentication is handled entirely by Clerk.

Inventory & Sales Data (CSV)

CSV files you upload containing product names, SKUs, sales figures, stock levels, and prices. This data is sent to our AI inference layer (Groq) solely to generate your forecast. Groq does not retain or train on this data. The resulting forecast is stored in your account for history and trend tracking.

Forecast History

Health scores, product analyses, reorder recommendations, and AI summaries generated from your uploads, stored in Supabase under your account ID so you can view trends over time.

Payment Information

Payment transactions are processed by Razorpay. We never receive, store, or handle your card details. We store only: plan type, payment confirmation ID, and timestamp.

Usage & Technical Data

Server logs (IP address, request timestamps, HTTP status codes) retained for up to 30 days for security monitoring and debugging. No third-party analytics SDK is installed.

3. How We Use Your Information

  • Generate AI-powered inventory forecasts from your uploaded CSV data
  • Store your forecast history so you can track trends over time
  • Process and verify subscription payments via Razorpay
  • Send transactional emails (e.g. stockout alerts) when you opt in
  • Monitor for fraud, abuse, and security incidents
  • Improve service reliability and fix technical issues

4. What We Will Never Do

Sell, rent, or trade your personal or business data to any third party
Use your inventory or sales data to train AI or machine learning models
Share your data with other merchants or expose it through any API
Send marketing emails without your explicit opt-in consent
Store your raw CSV data after the forecast is generated — only the result is kept

5. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure. Security measures include:

  • Row Level Security (RLS) — database policies ensure only you can query your data, even if a bug occurred in application code
  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all connections
  • Regular automated backups with point-in-time recovery
  • Service role key (admin access) used only server-side, never exposed to the browser

6. AI & Third-Party Processing

When you upload a CSV, the data is transmitted over TLS to Groq (inference API) for analysis. Groq processes it to generate your forecast and does not retain or train on your data. The raw CSV is not stored by us — only the AI-generated analysis result is saved to your account.

Clerk

Authentication and user management

Privacy →

Supabase

Database — forecast history and account data

Privacy →

Groq (Meta Llama)

AI inference — CSV sent for forecast generation, not stored

Privacy →

Vercel

Hosting, edge network, and deployment

Privacy →

Razorpay

Payment processing — card details never reach our servers

Privacy →

Resend

Transactional email delivery (alerts only)

Privacy →

7. Cookies

We use only necessary cookies for authentication (Clerk session tokens), payment security (Razorpay), and database sessions (Supabase). We do not use advertising or tracking cookies. See our full Cookie Policy.

8. Data Retention

Forecast History

Retained for as long as your account is active. Deleted within 30 days of account deletion.

Raw CSV Data

Not stored — the CSV is sent to the AI for processing and discarded. Only the generated forecast result is kept.

Server Logs

Security and access logs retained for 30 days for fraud monitoring and debugging, then automatically deleted.

Payment Records

Payment confirmation IDs and subscription status retained for 7 years to comply with Indian financial regulations.

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 (India) and general data protection principles, you have the right to:

  • Access a copy of the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your account and all associated data (right to erasure)
  • Withdraw consent for data processing at any time
  • Know the third parties your data has been shared with
  • Nominate a representative to exercise these rights on your behalf

To exercise any of these rights, email support@getforestock.com. We will respond within 30 days.

10. Children's Privacy

Forestock is a business tool intended for adults (18+). We do not knowingly collect data from anyone under 18 years of age. If you believe a minor has provided us with personal data, contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy as our service evolves or regulations change. When we make material changes, we will notify you by email (if you have an account) and update the effective date at the top of this page. Continued use after changes constitutes acceptance.

12. Contact & Grievance Officer

For privacy questions, data requests, or complaints:

Forestock

Email: support@getforestock.com

Subject line: Privacy Request — [Your Name]

Response time: within 30 days of receipt