Privacy Policy

Effective 15 June 2026.

This policy explains what personal data Bestand · Inventory (“the Service”) processes, why, and the rights you have under the EU General Data Protection Regulation (GDPR / DSGVO).

1. Who we are

The controller for your account data and the processor for your store data is Durn Studio UG (haftungsbeschränkt), Kienitzer Str. 5, 12053 Berlin, Germany. Company details are in our Impressum. Contact: support@thebestand.com.

2. Data we process

• Account data: email, password hash (web signups), workspace name, team-member roles.
• Store data (via Shopify): products, variants, inventory levels, and order data — order quantities, line items, product/variant identifiers, and timestamps — pulled through the Shopify API only after you install and authorize the app.
• Configuration: supplier directory, defaults, variant overrides, and forecasting rules you create.
• Operational data: error reports (Sentry, with PII scrubbing) and access logs (Vercel).

3. Shopify customer data

Forecasting needs order quantities over time, not customer identities. While an order payload from Shopify may contain customer personal data (name, email, address), we drop those fields at the ingestion boundary — they are not persisted in our database. We retain only the order quantities, product/variant identifiers, and placed-at timestamps required to compute demand. We honour Shopify’s mandatory data-protection webhooks (customers/data_request, customers/redact,shop/redact).

4. Legal basis

• Art. 6(1)(b) GDPR — performance of the contract (delivering the service you signed up for).
• Art. 6(1)(f) GDPR — legitimate interest (operational logging, security, and fraud prevention).
• Art. 6(1)(a) GDPR — your consent (analytics cookies via Google Tag Manager; only loaded when you click “Accept all” on the cookie banner).

5. Cookies and analytics

Essential cookies. We use strictly necessary cookies to keep you signed in (including the partitioned session cookie used when the app runs embedded inside Shopify Admin). These are always set and don’t require consent under Art. 5(3) ePrivacy Directive.

Analytics (optional, consent-gated). If you click “Accept all” on the cookie banner, we load Google Analytics 4 (measurement ID G-PK2N1JY2KM) and Google Tag Manager (container ID GTM-WLF9W9J2). GA4 writes its own cookies (_ga, _ga_*) under.thebestand.com to count sessions and pageviews; we use this to understand which parts of the site are useful and where visitors get stuck. GTM is a tag container that may load additional measurement tags in future. Picking “Essential only” leaves both unloaded — no request is sent to Google, no analytics cookie is set.

Withdrawing consent. Open developer tools and clear the cookie-consent-v1 entry from this site’s Local Storage, or clear the site’s data via your browser’s privacy settings. The banner re-appears on the next page load so you can choose again. Existing analytics cookies set under your previous choice can be cleared from the same browser settings.

We do not use advertising or cross-site tracking cookies.

6. Subprocessors

• Supabase (EU region) — database and authentication.
• Vercel (EU edge) — application hosting.
• Railway (EU region) — forecasting service hosting.
• Resend — transactional email delivery.
• Stripe — payment processing for direct (web) signups.
• Sentry (EU instance) — error monitoring.
• Shopify — source of your store’s order and product data via the Shopify API.
• Google LLC (USA) — Google Tag Manager and any analytics tag loaded through it. Only invoked with your explicit consent (see section 5). Transfer to the US is covered by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.

A Data Processing Agreement is in place with each subprocessor. Our DPA with you is available at /legal/dpa.

7. International transfers

Our infrastructure is hosted in the EU. Where a subprocessor processes data outside the EU/EEA, the transfer is covered by the European Commission’s Standard Contractual Clauses or an adequacy decision.

8. Retention

We retain merchant data while the account is active. When you request deletion — or when you uninstall the app — data is soft-deleted immediately and hard-purged within 30 days. Aggregated, anonymous metrics that contain no personal data may be retained indefinitely.

9. Your rights

You have the right to access, rectify, port, restrict, and erase your data, and to object to processing:

• Access / port: Settings → Data → Export my data.
• Erase: Settings → Data → Delete workspace, or simply uninstall the app.
• Anything else: email support@thebestand.com.

10. Complaints

You may lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit) or with your local supervisory authority.