StockScan Logo
StockScan

Privacy Policy

Last updated: February 2026

1. Introduction

StockScan ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management platform and related services. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

StockScan Ltd is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at [email protected].

3. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, and password
  • Business Information: Company address, VAT number, and industry sector
  • Inventory Data: Product information, stock levels, supplier details, and transaction history
  • Usage Data: Information about how you interact with our services
  • Device Information: Device type, operating system, and app version
  • Payment Information: Billing address and payment card details (processed securely through Stripe)

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyse trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Personalise and improve your experience

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to perform our contract with you
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Consent: Where you have given explicit consent for specific processing
  • Legal Obligation: Processing necessary to comply with legal requirements

6. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party vendors who assist in providing our services (e.g., cloud hosting, payment processing)
  • Business Partners: With your consent, for integrations you enable (e.g., Sage accounting)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with any merger, acquisition, or sale of assets

We never sell your personal data to third parties for marketing purposes.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Upon account termination, we will delete your data within 90 days, unless retention is required by law.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where consent is the basis for processing

To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, regular security assessments, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

11. Cookies and Tracking

We use cookies and similar tracking technologies to collect and track information about your browsing activity. You can control cookies through your browser settings. For more information, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us and Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues: ico.org.uk