Welcome to Stockora
This Privacy Policy explains how Stockora collects, uses, and protects user data across web and mobile platforms. ThriveX AI is committed to protecting your privacy and ensuring transparency in our data practices. Stockora uses AI-powered technology to help businesses manage inventory efficiently.
1. Information We Collect
1.1 Web Application Data
Name, email, phone (optional), company/organization name, warehouse details (codes, names, locations), sub-user information, and authentication credentials (hashed passwords, OAuth tokens)
Pages visited, features used (Data Manager, Scan History, Settings), session duration, scan history with timestamps, inventory CRUD operations, filter queries, export requests, and user interactions
IP address, browser info (type, version, language), device type (desktop, mobile, tablet), screen resolution, operating system, referrer URLs, and JWT authentication tokens
Selected plan (Starter, Pro, Enterprise), payment history, subscription status (active, expired, cancelled), usage limits (scans, users, warehouses), and renewal dates
1.2 Mobile Application Data
Images captured via camera are used for AI-based inventory analysis. The system processes these images to identify items, extract textual information, and generate structured data. Associated metadata may include timestamps, image properties, device information, and location data (if enabled), along with processed outputs such as product model, brand, type, quantity, and other relevant attributes.
Device metadata, model, OS version (Android), unique identifiers (for authentication), app version, crash logs for debugging.
OTP verification codes sent via email/WhatsApp, JWT tokens for session management, sub-user credentials, and login timestamps.
1.3 Shared Data (Both Platforms)
- Inventory records: Product details such as names, models, brands, types, quantities, categories, storage locations, and any additional custom attributes.
- Processed data outputs: System-generated results including detected items, extracted text, structured data, scan history with timestamps, item counts, and location assignments.
- Payment data: Transaction records, billing details, and subscription information processed through secure payment providers. Full payment credentials are not stored; only limited reference information is retained where necessary.
- Support communications: Messages exchanged through email, support requests, chat interactions, demo inquiries, and feedback submissions.
- Authentication data: Login and identity information provided through authentication methods, including email-based verification, third-party sign-in (if used), and session management tokens.
- Organization data: Information related to your organization, including company details, configuration settings, user roles, and team member access.
- System and operational data: Technical information required to operate the platform, such as service configurations, system performance metrics, and operational status data.
2. Data Processing & Storage
2.1 Image Processing
AI-Powered Processing Pipeline
- Real-time processing: Images are analyzed using advanced computer vision techniques to identify and count items efficiently.
- Text recognition: Optical recognition is used to read labels, barcodes, and visible text, including structured and unstructured formats.
- Intelligent data extraction: The system extracts structured information such as item model, brand, type, quantity, and other relevant attributes from detected items.
- Smart deduplication: Duplicate detections are automatically filtered, and items are organized logically to improve counting accuracy.
- Temporary processing: Images are processed transiently and are not permanently stored unless required for features such as scan history or user-enabled storage.
- Scan history: Processed results, associated metadata, and optional image references may be stored for reporting, auditing, and analytics purposes.
- Processing performance: The system is designed for fast response times and high accuracy, though results may vary depending on input quality and conditions.
2.2 Data Storage
Data is stored in secure cloud infrastructure with multi-layered security controls:
A secure relational database with strong access controls, data isolation mechanisms, encryption at rest, and automated backups to ensure data integrity and availability.
Data is logically separated per organization to ensure privacy and prevent unauthorized access between accounts, with dedicated environments or isolation mechanisms where applicable.
Secure storage for images, exported files, and documents with encryption, access controls, and controlled retrieval mechanisms.
Automated backups are performed regularly with defined retention periods, encrypted storage, and support for data recovery when required.
Sensitive information such as API keys and credentials is securely stored using encrypted storage systems with restricted access.
The platform operates on scalable cloud infrastructure with containerized services, secure networking, and encrypted communication protocols to ensure reliability and performance.
2.3 Data Encryption
TLS 1.3 encryption for all data transmission between your devices and our servers
AES-256 encryption for stored data in databases and object storage
JWT tokens with secure session management, OTP verification, and Google OAuth 2.0
3. How We Use Your Data
Process inventory data using AI-based analysis, manage user accounts and team access, provide customer support, send authentication and service-related notifications, deploy and maintain system infrastructure, and enable real-time data synchronization.
Enhance system accuracy and performance by improving object detection, text recognition, and data extraction using anonymized and aggregated data. Users may opt out where applicable without affecting core service functionality.
Process payments through authorized payment providers, prevent fraud and misuse, analyze usage patterns for system optimization, generate invoices and receipts, and manage subscriptions and billing.
Monitor and protect against unauthorized access, detect potential security threats, enforce platform policies, conduct security reviews, comply with applicable laws and legal obligations, and maintain system logs.
Generate usage insights, track activity trends, provide reporting and visualization tools, and support data-driven decision-making.
Send essential service-related communications such as authentication messages, transaction confirmations, system notifications, subscription updates, and responses to user inquiries.
5. Data Security
Encryption (TLS 1.3, AES-256), firewall protection, intrusion detection, regular security audits
Access controls (role-based), employee training, confidentiality agreements, incident response plan
Use strong passwords, enable 2FA, keep devices secure, report suspicious activity
Security Notice
No system is 100% secure. While we implement industry-standard security practices, we cannot guarantee absolute security.
6. Data Retention
Active Accounts
- Account data: Duration of account + 30 days after deletion (grace period for recovery)
- Inventory records: Duration of subscription + 90 days (for audit and compliance)
- Scan history: Based on your plan - Starter (7 days), Pro (30 days), Enterprise (90 days) or until account deletion
- Transaction records: 7 years (tax and legal compliance requirements in India)
- Support communications: 2 years from last interaction
- Audit logs: 1 year for security and compliance monitoring
- Infrastructure data: Duration of subscription
Deleted Accounts
- Most personal data deleted within 30 days of account deletion request
- Dedicated infrastructure decommissioned within 7 days
- Legal/compliance data retained as required by law (transaction records, tax documents)
- Anonymized analytics retained indefinitely for service improvement
- Email addresses permanently added to blocklist to prevent re-registration
- Backup data purged after 30-day retention period
7. Your Rights
View and download all personal data in machine-readable format (CSV/JSON)
Update account information anytime via dashboard or request corrections
Request account and data deletion (processed within 30 days)
Unsubscribe from marketing, opt-out of AI training, disable analytics cookies
To Exercise Your Rights
Email: privacy@stockora.com
Include: Name, email, specific request, verification details
Response Time: Within 30 days (complex requests up to 60 days)
9. Contact Us
Privacy Inquiries
Email: privacy@stockora.com
DPO: dpo@stockora.com
Support: support@stockora.com
Mailing Address
ThriveX AI
Ahmedabad, Gujarat, India
Phone & Hours
Support via email
Mon-Sat: 9:00 AM - 6:30 PM IST
By using Stockora, you consent to the collection and processing of data as described in this Privacy Policy. You may withdraw consent anytime by deleting your account or contacting privacy@stockora.com
Compliance
This Privacy Policy is compliant with:
- Information Technology Act, 2000 (India)
- Personal Data Protection Bill (India)