Privacy Policy

The data controller is Oscar Albert, reachable at hello@restocking.app. Restocking is a sole proprietorship registered in France. For any questions about your data, you can write to us at any time.

We only collect data strictly necessary for the service: your email address (for authentication and notifications), your language preference (English or French), the product URLs you monitor, the size and color you're tracking for each product, your subscription plan (Free or Pro), and notification history. We do not collect your full name, postal address, or payment details (payments are handled by Stripe).

We process your data to: (1) create and manage your account (legal basis: contract performance), (2) monitor stock for products you follow and send alerts (legal basis: contract performance), (3) send essential service information (legal basis: legitimate interest), (4) improve the service through anonymized analytics (legal basis: legitimate interest). We do not engage in profiling, automated decision-making, or ad targeting.

Your data is shared only with strictly necessary processors: Supabase (database and authentication, Frankfurt servers), Resend (transactional email delivery), and Stripe (payment processing, only if you upgrade to Pro). Each processor is GDPR-compliant. We do not sell, rent, or share your data with any other third party for commercial or any other purposes.

Your data is hosted in Europe (Supabase, Frankfurt region). Some processors operate from the United States (Resend, Stripe). They adhere to the EU-U.S. Data Privacy Framework (DPF) or have signed Standard Contractual Clauses approved by the European Commission, ensuring an equivalent level of protection.

Account data is retained as long as your account is active. If you delete your account, all personal data is erased within 30 days. Technical logs (stock check timestamps, statuses) are anonymized after 90 days. Payment data is retained by Stripe according to their retention policy (legal requirement of 10 years for invoices).

We implement appropriate technical and organizational measures: encryption in transit (TLS 1.3) and at rest (AES-256), strong authentication via Supabase Auth, server access restricted by SSH keys and VPN, continuous monitoring of access and anomalies, and automated security updates. In the event of a data breach, we will notify you within 72 hours, in accordance with the GDPR.

You have the following rights over your data, exercisable at any time by writing to hello@restocking.app: right of access (know what data we hold and obtain a copy), right of rectification (correct inaccurate data), right to erasure (delete your account and all data), right to restriction (temporarily freeze processing), right to portability (receive your data in a readable format), and right to object (refuse processing based on legitimate interest). We respond to all requests within 30 days.

We only use cookies strictly necessary for the site to function: an authentication session cookie, and a language preference cookie. No advertising cookies, no third-party tracking cookies. Our full cookie policy is detailed on the dedicated page.

The service is not intended for individuals under 16. We do not knowingly collect personal data from minors. If you are a parent and discover your child is using the service, contact us so we can delete their data.

If you believe your data processing is not GDPR-compliant, you have the right to lodge a complaint with your national data protection authority (in France: CNIL, cnil.fr; in Germany: BfDI; in the UK: ICO). We encourage you to contact us first so we can resolve the issue directly.

We may update this policy to reflect legal or technical changes. For substantial modifications, we will notify you by email at least 14 days before they take effect. The last updated date is shown at the top of this page.