Privacy Policy

Last updated: September 11, 2025

Forstock Technologies Inc. (“Forstock,” “we,” “us,” or “our”) operates forstock.io as well as our web and mobile applications (together, the “Services”). This Privacy Policy (the “Policy”) explains how we collect, use, disclose, and safeguard information when you use the Services. By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services. For questions, contact privacy@forstock.io.

Quick Summary (At a Glance)

  • We collect account information you provide (e.g., name, email), usage data (how you use the Services), and—if you connect integrations—business data needed to run core features.

  • We use data to provide, secure, and improve the Services; support you; and comply with law.

  • We do not sell personal data and do not share it for cross-context behavioral advertising.

  • Depending on your location, you can request access, correction, deletion, and other rights.

  • The Services are not for individuals under 18.

Table of Contents

  1. Information We Collect

  2. How We Use Your Information

  3. Legal Bases (EEA/UK/Switzerland)

  4. When We Share Information

  5. Cookies & Similar Technologies

  6. Social Logins & Integrations

  7. How Long We Keep Information

  8. How We Protect Information

  9. Children’s Privacy (Under 18)

  10. Your Privacy Rights & Choices

  11. Do-Not-Track

  12. U.S. State-Specific Disclosures

  13. International Transfers

  14. Changes to This Policy

  15. How to Contact Us

  16. Reviewing, Updating, or Deleting Your Data

1) Information We Collect

a) Information you provide

  • Account & profile: name, email, password (hashed), job title, company, preferences.

  • Business & billing: company details, billing address, tax/VAT info. Payments are processed by our payment provider; we do not store full card numbers.

  • Support & communications: messages, tickets, survey responses.

  • Content you upload: files/data you import (e.g., CSVs).

b) Information from your use of the Services

  • Device & usage data: IP address, device/browser type, operating system, language, referring/exit pages, pages viewed, clicks, timestamps, and crash/performance logs.

  • Cookies & similar technologies: see Section 5.

c) Information from third parties

  • Integrations you connect (e.g., your commerce platform): catalog and variant identifiers, stock levels and movements, order and fulfillment metadata, supplier/lead-time/MOQ data, and derived analytics needed to provide forecasting, inventory, and purchasing features.

  • Service providers & partners: where lawful, we may receive business contact or engagement data (e.g., CRM, event tools).

  • Public/enterprise sources: publicly available business details.

Sensitive data: We do not intentionally collect sensitive personal data.
Minors: See Section 9 (Services are not intended for under-18s).
Controller vs. Processor: For website visitors and Forstock account users, Forstock is the data controller. For merchants who connect their store or systems, the merchant is the data controller of the connected business data and Forstock processes it as a data processor under the merchant’s instructions. If you are a merchant’s customer, please contact that merchant first regarding your data.

2) How We Use Your Information

We process personal data to:

  • Provide and maintain the Services (account creation, authentication, core features, support).

  • Communicate with you (service, security, and administrative messages; product updates consistent with your preferences).

  • Operate, analyze, and improve the Services (troubleshooting, analytics, quality assurance, product research).

  • Protect the Services (security monitoring, fraud prevention, abuse detection).

  • Comply with legal obligations and enforce our terms.

  • With your consent, for any other purposes you authorize.

We do not use your data to run targeted advertising or remarketing.

3) Legal Bases (EEA/UK/Switzerland)

Where GDPR/UK GDPR/Swiss law applies, we rely on:

  • Contract: to provide the Services you requested.

  • Legitimate interests: to operate, secure, and improve the Services (balanced against your rights).

  • Consent: for certain cookies/communications where required (you can withdraw at any time).

  • Legal obligation and vital interests where applicable.

4) When We Share Information

We share personal data only with:

  • Service providers (processors): cloud hosting, databases, email delivery, analytics, logging/monitoring, support tools, and payment processing—solely to provide the Services and under confidentiality and security obligations.

  • Business transfers: in connection with a merger, acquisition, or asset sale.

  • Legal & safety: to comply with law, enforce terms, or protect rights and safety.

  • With your direction or consent.

We do not sell personal data and do not share it for cross-context behavioral advertising.

5) Cookies & Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and measure usage. You can manage cookies in your browser settings and, where offered, via our cookie banner. Blocking some cookies may affect functionality.

6) Social Logins & Integrations

If you register or sign in using a third-party account, or connect an integration, the provider may share certain information with us under their policies. We use such data only as needed to provide the Services. Your use of third-party services is governed by their terms and privacy policies.

7) How Long We Keep Information

We retain personal data only as long as necessary for the purposes described here, including:

  • while you have an account or we provide Services;

  • for legitimate business needs (e.g., security, fraud prevention, accounting);

  • as required by law.

When no longer needed, we delete or anonymize data. If immediate deletion isn’t possible (e.g., backups), we securely store and isolate it until deletion is feasible.

8) How We Protect Information

We use industry-standard safeguards, including encryption in transit, least-privilege access controls, monitoring/logging, vulnerability management, and periodic reviews of our security measures. No system is 100% secure; if we learn of a breach affecting your data, we will notify you and regulators as required by law.

9) Children’s Privacy (Under 18)

The Services are not intended for individuals under 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe a minor provided us personal data, contact privacy@forstock.io and we will take appropriate steps to delete it. By using the Services, you represent that you are at least 18.

10) Your Privacy Rights & Choices

Depending on your location, you may have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. Where we rely on consent, you may withdraw it at any time.

To exercise rights, email privacy@forstock.io with your request and the email associated with your account. We will verify your identity and respond within the time required by law. We will not discriminate against you for exercising your rights.

Marketing communications: You can unsubscribe using the link in our emails or by contacting us. We may still send non-marketing messages (e.g., service or security notices).

11) Do-Not-Track

Most browsers include a Do-Not-Track (DNT) setting. There is no consistent industry standard for responding to DNT signals, so we do not respond to DNT at this time.

12) U.S. State-Specific Disclosures

If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may have additional rights under applicable law, including to know/access, delete, correct, portability, and to opt out of certain processing (targeted advertising, sale, or profiling with legal/significant effects).

Forstock does not sell personal data and does not share it for cross-context behavioral advertising.

To exercise your state-specific rights, contact privacy@forstock.io; we will verify and respond as required. If we deny a request, you may be able to appeal by replying to our decision notice.

13) International Transfers

We may process data globally. Where we transfer personal data from the EEA/UK/Switzerland to countries without an adequacy decision, we rely on the EU Standard Contractual Clauses (SCCs) and, where applicable, the UK Addendum/IDTA, and implement appropriate safeguards.

14) Changes to This Policy

We may update this Policy from time to time. The updated version will be effective when posted, with the “Last updated” date revised. If we make material changes, we will provide additional notice where required (e.g., in-app or by email).

15) How to Contact Us

Email: privacy@forstock.io

16) Reviewing, Updating, or Deleting Your Data

You can review or update certain account information in your account settings. To request access, correction, deletion, restriction, objection, or portability, contact privacy@forstock.io. Upon a verified request, we will act in accordance with applicable law. If you close your account, we will delete or anonymize your data, except where retention is required by law or legitimate business needs (in which case it will be securely stored and isolated until deletion).