Terms of Service

Acceptance. By installing or using InventoryIntel, the merchant agrees to these Terms, our Privacy Policy, and the Data Processing Agreement set out below for the data we process on the merchant's behalf. Where a separate signed agreement is in place for an Alliance or enterprise plan, that signed agreement controls to the extent of any conflict.

Service scope. InventoryIntel provides software tools for inventory analysis, campaign automation and recovery recommendations for Shopify merchants. Use of the service is subject to these terms and to Shopify's own platform policies.

No guarantee of results. Recommendations are predictive and operational in nature. Commercial outcomes depend on merchant execution, demand conditions, pricing decisions and store-specific factors outside InventoryIntel's control.

Merchant responsibilities. Merchants are responsible for the accuracy of their store data, compliance with applicable laws governing customer communications, the configuration and use of any third-party services connected to their Shopify account.

Acceptable use. The service may not be used for unlawful activity, unsolicited communications, or any purpose that breaches applicable privacy, consumer protection, or marketing regulations.

Availability. We aim for high availability but do not warrant uninterrupted or error-free service. Scheduled maintenance, platform outages, or issues with third-party services may affect delivery.

Limitation of liability. To the maximum extent permitted by applicable law, InventoryIntel's liability for any claim arising from use of the service is limited to the amounts paid by the merchant in the three months preceding the claim.

Contact. For legal enquiries, please contact legal@inventory-intel.app.

1. Roles of the parties. For personal data contained in the merchant's Shopify store, the merchant is the data controller and InventoryIntel is the data processor. We process that data only on the merchant's documented instructions — which include these Terms, the app's configuration, and the actions merchants take in the app — and as required by applicable law. We rely on the merchant's lawful basis for the underlying store data.

2. Scope, nature and purpose. Processing lasts for the term of installation plus the retention windows described in the Privacy Policy. Its nature and purpose are inventory monitoring, velocity and stock-risk analysis, AI-assisted recovery recommendations, campaign execution, reporting, and the security and operation of the service. Data subjects are the merchant's staff and authorised users, and — only where a specific privacy, audit or support workflow requires it — the merchant's customers. Categories of personal data are as described in the Privacy Policy, primarily merchant/staff authentication and audit data and operational store data; core workflows are designed to avoid storing customer PII.

3. Sub-processors. The merchant authorises InventoryIntel to engage sub-processors under contracts imposing data-protection obligations consistent with this DPA, and we remain responsible for their performance. Current categories are cloud hosting and secrets (Microsoft Azure), our managed PostgreSQL database, the AI provider that generates recommendations and copy, our transactional-email provider, and our error-monitoring and telemetry provider (with sensitive fields redacted). We will give merchants notice of new or replacement sub-processors and a reasonable opportunity to object on legitimate data-protection grounds before the change takes effect for them.

4. Security measures. We maintain the administrative, technical and organisational safeguards described in the Privacy Policy, including MFA on core control planes, secret management in Azure Key Vault, authenticated Shopify sessions, redaction of sensitive fields in logs, and separation of production from development data where possible. We protect access tokens and API credentials as sensitive data.

5. Data-subject requests. We assist the merchant, taking into account the nature of processing, in responding to data-subject rights requests. We honour Shopify's mandatory privacy webhooks — customers/data_request, customers/redact and shop/redact — and provide a merchant data-export endpoint. Where customers submit requests directly, we direct them through the merchant or Shopify.

6. Personal data breach notification. We maintain a documented incident-response process. If we become aware of a personal data breach affecting merchant data, we will notify the affected merchant without undue delay, provide the information reasonably available to support the merchant's own notification obligations, and take reasonable steps to contain and remediate the incident.

7. International data transfers. Merchant data may be processed in the regions where InventoryIntel and its sub-processors operate, which may be outside the merchant's country. Where personal data is transferred across borders, we rely on an appropriate transfer mechanism — such as Standard Contractual Clauses or an equivalent safeguard — as required by applicable law.

8. Return and deletion on termination. On uninstall we promptly remove Shopify session data and revoke access tokens, and on the shop/redact webhook we delete the shop record and related operational data, unless a legal retention obligation applies. Merchants who reinstall during the billing-period restore window keep only the minimum non-PII operational data needed to restore paid-for settings; choosing Start Fresh permanently deletes the preserved data. Full detail is in the Privacy Policy.