Last Updated: May 29, 2026
InventoryHub ("we," "us," or "our") operates the InventoryHub platform. This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.
When you create an account and use our Service, we collect:
| Data | Purpose | Basis |
|---|---|---|
| Email address | Account login, magic link authentication, service notifications | Contract |
| Password (hashed) | Authentication (optional if using magic link or Google sign-in) | Contract |
| Name | Account profile, display in dashboard | Contract |
| Business name, address, phone | Organization setup, invoice generation | Contract |
| Business license, tax ID | Compliance, invoice details | Contract |
| Payment information | Subscription billing (processed by our payment processor; we do not store card numbers) | Contract |
During normal use of the Service, you enter business data including:
This data is stored solely to provide the Service to you and is not shared with third parties for any purpose other than operating the platform.
| Data | Purpose | Retention |
|---|---|---|
| JWT session tokens | Authentication | 15 minutes (access), 7 days (refresh) |
| Audit logs | Security and accountability tracking | Duration of account |
| IP addresses | Rate limiting (in-memory only, not stored) | Not persisted |
We use collected information to:
We will never sell, distribute, or lease your personal information or business data to third parties unless we have your permission or are required by law to do so.
We share limited data with the following categories of service providers, solely to operate the Service:
| Category | Purpose | Data Shared |
|---|---|---|
| Payment processor | Subscription billing | Email address, billing information (card numbers are never stored by us) |
| Email delivery provider | Transactional email (magic links, notifications) | Email address |
| Cloud hosting provider | Application and database hosting | All account and business data (encrypted at rest) |
We do not share your data with advertising networks, data brokers, or marketing platforms.
A current list of our specific sub-processors is available upon request through our contact form.
We use essential cookies only to keep you logged in to the dashboard. These cookies:
We do not use tracking cookies, advertising cookies, or third-party cookies.
We implement the following security measures to protect your data:
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
To exercise any of these rights, contact us through our contact form. We will respond within 45 days.
If you are located in the EEA, UK, or Switzerland, the GDPR or equivalent local laws apply to your personal data. InventoryHub is the data controller.
We process your personal data to provide the Service, secure our platform and prevent fraud, and comply with legal obligations. With your consent, we may also send marketing communications. You can withdraw consent at any time.
In addition to the rights in section 7.1, you have the right to access, correct, delete, restrict processing of, port, and object to the processing of your personal data, and to lodge a complaint with your local data protection authority.
Our infrastructure is located in the United States. When personal data is transferred outside the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses and equivalent UK safeguards with our sub-processors. To exercise any GDPR right, contact us through our contact form. We respond within one month.
InventoryHub does not sell, rent, or trade your personal information to any third party for monetary or other valuable consideration. This applies to all users, including California residents under the CCPA.
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.
Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which has different data protection laws than your jurisdiction.
For users in the EEA, UK, or Switzerland, transfers are protected by Standard Contractual Clauses (SCCs) and equivalent UK safeguards with our sub-processors. See section 7.3 above for details on your GDPR rights.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard at least 30 days before taking effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.
If you have questions about this Privacy Policy or wish to exercise your data rights, please reach us through our contact form.