Privacy Policy

1. Introduction

Welcome to LoveStock. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management platform and related services.

LoveStock is operated as a sole proprietorship doing business as "LoveStock," based in Puerto Rico. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

• Account Information: Name, email address, phone number, organization name, and password
• Business Information: Restaurant/business details, address, cuisine type, timezone preferences
• Inventory Data: Product names, quantities, categories, vendor information, pricing, and related inventory management data
• Payment Information: Billing address and payment method details (processed securely by our payment processor)
• Communications: Messages, feedback, and support requests you send to us
• User-Generated Content: Photos of inventory items, notes, spreadsheets, and other files you upload

2.2 Automatically Collected Information

When you use our service, we automatically collect:

• Usage Data: Features used, actions taken, time spent, and interaction patterns
• Device Information: Device type, operating system, browser type, and IP address
• Log Data: Access times, pages viewed, and technical errors
• Analytics Data: Usage patterns and performance metrics (via analytics tools)

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our inventory management services
• Process your subscription payments and manage your account
• Send you operational notifications (inventory reminders, count completion alerts)
• Respond to your support requests and communicate with you
• Analyze usage patterns to improve product features and user experience
• Detect, prevent, and address technical issues, fraud, and security threats
• Comply with legal obligations and enforce our Terms of Service
• Send you important service updates and policy changes

We do NOT use your information for marketing purposes. We only send transactional and operational communications necessary for the service.

4. Third-Party Services

We use trusted third-party service providers to help us operate our business. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data.

4.1 Service Providers We Use

5. SMS Notifications

5.1 How SMS Works in LoveStock

LoveStock provides SMS notification features that are entirely controlled by your organization's administrators. We do not send marketing messages or unsolicited texts.

5.2 Types of SMS Messages

You may receive the following types of operational SMS messages:

• Inventory Count Reminders: Scheduled by your organization's admin to remind employees to count inventory
• Count Completion Notifications: Sent to managers when an inventory count is completed
• Missed Count Alerts: Sent to managers when a scheduled count was not completed

5.3 Consent and Control

• Who Manages SMS: SMS messages are initiated by your organization's administrator, not by LoveStock directly. LoveStock is a B2B platform where employers manage operational notifications for their teams.
• For Organization Admins: By providing phone numbers and enabling SMS notifications in your organization settings, you represent that you have obtained appropriate consent from the recipients (employees/team members) to receive operational work-related SMS messages from LoveStock on behalf of your organization. Admins have contractual authority as employers to manage work-related operational notifications.
• For All Recipients: Any recipient can opt-out at any time by texting "STOP" to any message. Organization admins are responsible for ensuring recipients are aware of and consent to receiving operational notifications as part of their employment or business relationship.
• Additional Opt-Out Methods: Recipients can also:
  • Contact your organization's administrator to remove your phone number
  • Request removal by emailing support@lovestock.app
• Message Frequency: Varies based on your organization's schedules (typically daily or weekly)
• Charges: Message and data rates may apply based on your mobile carrier's plan

5.4 SMS Privacy and Security

We use Twilio as our SMS service provider. Your phone number and message content are transmitted securely and are used solely for delivering the requested operational notifications. We do not sell or share your phone number with third parties for marketing purposes.

5.5 Compliance

Our SMS notifications comply with the Telephone Consumer Protection Act (TCPA) and CTIA guidelines. All messages are transactional/operational in nature and are sent with appropriate consent.

6. Email Communications

6.1 Types of Emails We Send

We send only transactional and operational emails, including:

• Account Emails: Welcome messages, password resets, account verification
• Data Import Status: Updates on your uploaded inventory data import requests
• Subscription Emails: Payment confirmations, subscription changes, billing notifications
• Service Updates: Critical service announcements, security alerts, policy changes
• Support Communications: Responses to your support requests

6.2 No Marketing Emails

We do not send marketing emails, newsletters, or promotional content. All emails are necessary for the operation of your account and the service.

6.3 Email Service Provider

We use Resend to send emails. Resend is GDPR compliant and does not sell or share your email address with third parties. All emails are sent from notifications@lovestock.app with a reply-to address of support@lovestock.app.

6.4 CAN-SPAM Compliance

While we don't send marketing emails, all our communications comply with the CAN-SPAM Act and include:

• Accurate sender information and subject lines
• Our physical business address
• Clear identification of the message type

7. Data Storage and Security

7.1 Where Your Data is Stored

Your data is stored on secure servers provided by Convex, which are hosted on Amazon Web Services (AWS) infrastructure in the United States. Convex maintains SOC 2 Type II compliance and follows industry-standard security practices.

7.2 Security Measures

We implement multiple layers of security to protect your data:

• Encryption at Rest: All data is encrypted using 256-bit AES encryption
• Encryption in Transit: All data transmission uses TLS/SSL encryption
• Access Controls: Role-based access controls ensure users only see their organization's data
• Authentication: Secure authentication provided by Clerk with industry-standard protocols
• Database Isolation: Each organization's data is isolated with unique credentials
• Monitoring: Continuous monitoring for security threats and anomalies via Sentry
• Regular Updates: We keep our systems updated with the latest security patches

7.3 Payment Security

Payment information is handled directly by Stripe (via Clerk Billing) and never stored on our servers. Stripe is PCI-DSS Level 1 compliant, the highest level of payment security certification.

7.4 No Guarantee

While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your information using industry best practices.

8. Data Retention

8.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations and resolve disputes.

8.2 Cancelled Subscriptions

If you cancel your subscription but do not delete your account, we retain your inventory data and account information so you can reactivate your subscription without data loss. This data remains subject to the same security and privacy protections.

8.3 Account Deletion

When you delete your account through the account settings portal, we delete your personal information and inventory data within 30 days. However, we may retain certain information if required by law or for legitimate business purposes such as:

• Preventing fraud and abuse
• Resolving disputes or legal claims
• Complying with legal or regulatory requirements
• Enforcing our Terms of Service

8.4 Backup Retention

Deleted data may persist in backup systems for up to 90 days before being permanently removed.

9. Your Rights and Choices

9.1 Access and Update Your Information

You can access and update your account information at any time through your account settings in the LoveStock application. This includes your name, email, phone number, organization details, and notification preferences.

9.2 Delete Your Account

You can delete your account at any time through the account settings portal. Account deletion will permanently remove your data as described in Section 8.3.

9.3 California Residents (CCPA Rights)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, email us at support@lovestock.app with "CCPA Request" in the subject line.

9.4 European Residents (GDPR Rights)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of whether we process your data and access to it
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request restriction of processing under certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, email us at support@lovestock.app with "GDPR Request" in the subject line.

9.5 Response Time

We will respond to your data rights requests within 30 days. If we need additional time, we will notify you of the reason and extension period.

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies necessary for the operation of our service, including:

• Authentication Cookies: Keep you logged in and maintain your session (managed by Clerk)
• Security Cookies: Detect and prevent security threats
• Preference Cookies: Remember your settings and preferences

10.2 Analytics Cookies (Future)

We may implement analytics cookies in the future to understand how users interact with our service. If we do, we will:

• Update this Privacy Policy with specific information about the analytics provider
• Provide clear notice to users
• Offer opt-out options where required by law
• Respect "Do Not Track" browser settings where applicable

10.3 Third-Party Cookies

Some third-party services we use (such as Clerk for authentication) may set their own cookies. We do not control these cookies. Please review the privacy policies of these services for more information.

10.4 Managing Cookies

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may prevent you from using certain features of our service.

11. Children's Privacy

LoveStock is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@lovestock.app, and we will delete such information from our systems.

By using LoveStock, you represent that you are at least 18 years of age.

12. International Users

12.1 Data Transfer

LoveStock is operated from Puerto Rico, and our servers are located in the United States. If you access our service from outside the United States, your information will be transferred to, stored, and processed in the United States.

12.2 European Users

While LoveStock primarily serves the U.S. market, we recognize that some users may be located in the European Economic Area (EEA), United Kingdom, or Switzerland. For such users:

• We comply with GDPR requirements for data protection
• Data transfers from the EEA to the U.S. are based on appropriate safeguards, including our service providers' compliance with relevant frameworks (e.g., Convex and Clerk have GDPR-compliant practices)
• You have the rights described in Section 9.4

12.3 Legal Basis for Processing (GDPR)

For European users, our legal basis for processing your personal data includes:

• Contract Performance: Processing necessary to provide the service you requested
• Consent: Where you have given explicit consent (e.g., for SMS notifications)
• Legitimate Interests: For improving our service, preventing fraud, and ensuring security
• Legal Obligations: To comply with applicable laws and regulations

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or through a prominent notice in the application
• Changes become effective immediately upon posting unless otherwise stated

We encourage you to review this Privacy Policy periodically. Your continued use of LoveStock after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: