This Privacy Policy for Stocky Pro ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
Visit our website at https://stockypro.com, or any website of ours that links to this Privacy Policy.
Engage with us in other related ways, including any sales, marketing, or events.
If you are a business customer, our Master Services Agreement (MSA) and Data Processing Addendum (DPA)govern how we handle Customer Data that you submit to the Service. If this Policy conflicts with the MSA/DPA for Customer Data, the DPA controls.
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.
SUMMARY OF KEY POINTS
This summary highlights key points of our Privacy Policy. For more details, use the table of contents below to find the section you need.
What personal information do we process?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information?
Some information may be considered "sensitive" in certain jurisdictions (for example, racial or ethnic origins, sexual orientation, or religious beliefs). We do not process sensitive personal information.
Do we collect any information from third parties?
We do not purchase or obtain personal information from data brokers or unrelated third parties. If we use third-party service providers (such as payment processors or analytics), they process information on our behalf as described in this Policy.
How do we process your information?
We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
In what situations and with which parties do we share personal information?
We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.
How do we keep your information safe?
We have organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.
What are your rights?
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
How do you exercise your rights?
The easiest way to exercise your rights is by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Policy in full.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
In short: We collect information you provide voluntarily and technical data collected automatically when you use our Services.
A. Information you provide to us
When you create an account, request information, transact, participate in features, submit support tickets, or otherwise contact us, you may provide:
Identifiers & contact: name, email, phone, postal address, company, job title, contact preferences.
Account & authentication: username and password*; role/permissions.
Support & content: messages, attachments, and other materials you choose to share with us.
Billing/contact details: billing name, address, tax/GST info.
*Passwords are never stored in plaintext; we store them using salted, adaptive hashing (e.g., bcrypt/Argon2).
Payment data
Where a PCI DSS–compliant payment processor applies, card details are collected and processed directlyby that provider; we receive only limited billing information and transaction tokens/references and do not store full card numbers or CVV. Any third-party services (if used) are governed by their own terms and privacy notices, and we are not responsible for services we do not control.
Sensitive Information
We do not process sensitive information.
Accuracy.
All personal information you provide must be true, complete, and accurate, and you should notify us of changes.
B. Information collected automatically
When you visit or use the Services, we automatically collect certain technical information that does not reveal your specific identity (e.g., IP address, device and browser characteristics, operating system, language preferences, referring URLs, device name, country/region derived from IP, timestamps, feature usage, and diagnostics/performance events). We use this information to operate, secure, and improve the Services and for internal analytics and reporting.
Where browser-based identifiers or similar technologies (e.g., cookies) are deployed, we will publish and maintain a notice on our website and obtain consent where required by law. The information we may collect includes:
Log and Usage Data: This is service-related, diagnostic, usage, and performance information our servers collect when you use the Services and record in log files. It can include your IP address, device and browser details and settings, as well as information about your activity in the Services, such as timestamps, pages and files viewed, searches, features used, and device event information (such as system activity and error/crash reports).
Device Data: We collect information about the computer, phone, or tablet you use to access the Services. This may include your IP (or proxy), device and application identifiers, location, browser, hardware model, operating system, internet service provider or mobile carrier, and basic system configuration.
Location Data: We may infer a general location (city/region) from your IP address. We access precise location only if you turn it on in your device or app settings. You can turn this off at any time, though some features may not work as expected.
2. HOW DO WE PROCESS YOUR INFORMATION?
In short: We process your information to operate and improve the Services, communicate with you, protect security, prevent fraud, comply with law, and—where applicable—based on your consent.
We process personal information for reasons, depending on how you interact with the Services, including:
Account creation & authentication. To let you create an account, sign in securely, and keep your account working.
Provide the Services. To deliver the features you request and operate, maintain, and improve the Services.
Support & inquiries. To respond to questions, troubleshoot issues, and provide customer support.
Administrative communications. To send service-related messages (e.g., product updates, changes to terms or policies, and similar notices).
Orders & billing. To fulfill and manage orders, invoicing, payments, returns, and related records.
User-to-user features (if enabled). To facilitate communications between users where the offering supports it.
Security & fraud prevention. To protect accounts and the Services, detect and prevent fraud, abuse, or harmful activity.
Legal compliance. To comply with applicable laws, enforce our terms, and protect rights and safety.
Vital interests. When necessary to help prevent harm or protect an individual’s vital interests.
With consent. For any additional purpose you consent to; you may withdraw consent at any time where the law allows.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In short: We process your personal information only when we have a valid legal basis under Indian law (including the DPDP Act, 2023)—for example, with your consent, to provide the Services and perform our contract with you, to comply with legal obligations, to protect rights and safety (including security and fraud prevention), and for other legitimate uses permitted by law. We may also process your information for additional purposes with your consent.
In some exceptional cases, we may be legally permitted under applicable Indian law (including the Digital Personal Data Protection Act, 2023 and related rules) to process your information without your consent, including, for example:
If collection is clearly in an individual’s vital interests and consent cannot be obtained in a timely manner.
For investigations and fraud/security detection and prevention, or to investigate/prosecute offences or contraventions of applicable law by competent authorities.
For business transfers/transactions, subject to lawful safeguards and notices where applicable.
Where disclosure or processing is required to comply with a lawful request or order, such as a summons, warrant, or court/authority direction.
To establish, exercise, or defend legal claims.
Customer Data processed on behalf of business customers:where we handle Customer Data as a processor/data processor, we act only on the customer’s documented instructionsunder our Data Processing Addendum (DPA). In case of any conflict for Customer Data, the DPA takes precedence.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, or acquisition of all or a portion of our business to another company.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In short: We may use browser-based identifiers and similar technologies (e.g., cookies, local storage, web beacons, pixels) to operate, secure, and improve the Services. When these technologies are deployed or materially changed, we will publish and maintain a Cookie Notice, obtain consent where required by law, and provide a way to manage your choices.
We may use these technologies to keep you signed in, maintain security, prevent crashes, remember preferences, measure basic usage, and improve performance. If we use third-party tools (for example, for website analytics), they will be disclosed in the Cookie Notice and limited to Service Data as applicable. You can also control certain technologies via your browser settings; blocking non-essential technologies may affect some features.
Third-party tools (if any). If we enable third-party tools (e.g., website analytics), those providers operate under their own terms and privacy notices and are responsible for their processing; we do not control them. We limit such tools to Service Data, do not permit access to Customer Data for advertising, and will list them in our Cookie Notice with a way to manage your choices (and seek consent where required by law).
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.
AI features. Our AI is built entirelyin-house to help ensure privacy and security, and we offer AI-powered capabilities (e.g., bot assistants, suggestions, automations) designed to enhance your experience within the Service.
How we process data with AI. For Customer Data, we act as a processor/data processor under your DPA and only process it to deliver the AI feature you invoke (per your/admin instructions). Where feasible, processing is ephemeral or stored in your tenant per normal product behavior.
No training on your data. We do not use Customer Data (your prompts, inputs, or outputs) to train or improve our models. Training uses internal materials, synthetic data, and other non-customer sources.
Third-party AI. We do not currently route Customer Data to third-party model providers. If we later introduce an external AI integration, it will be opt-in and/or disclosed in our Sub-processor List (with 15 days’ prior notice to paid members), and governed by separate terms/controls.
Security. AI processing is covered by our ISO/IEC 27001:2022 ISMS, encryption, access controls, code reviews, and independent testing.
Accuracy & responsibility. AI can be probabilistic and may produce errors; please review outputs before relying on them. Your use remains subject to our Terms of Service and the DPA.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
In short: We keep your information only as long as needed for the purposes in this Privacy Policy or as required/permitted by law.
Service Data. We retain Service Data for as long as necessary to operate, secure, and improve the Services, comply with legal/record-keeping obligations (e.g., tax/GST, audits), resolve disputes, and enforce our agreements. Where feasible, we de-identify or aggregate data.
Customer Data. We retain Customer Data for the duration of your subscription and any applicable export window. On termination or your written request, we will delete or return Customer Data within 30 days, unless a longer retention period is required by law; any retained copies are securely isolated and deleted when the retention period ends. Backup copies delete on their normal rotation.
When we no longer have an ongoing business need or legal requirement to process personal information, we delete it or irreversibly de-identify it. If immediate deletion is not possible (for example, in rolling backups), we will store it securely and isolate it from further processing until deletion is possible.
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
In short: We protect personal information through organisational and technical measures aligned with Indian law and our ISO/IEC 27001:2022–certified ISMS.
We use layered controls including TLS 1.2+ (HTTPS) with HSTS, role-based access controls, firewalls/IDS, logging and monitoring, salted, adaptive password hashing (e.g., bcrypt/Argon2), and encryption of secrets/tokens at rest with managed key rotation. We follow secure coding standards, run regular code reviews and vulnerability scans, and commission independent penetration testing, remediating findings by risk severity. Access to personal information is limited to authorised personnel on a need-to-know basis and subject to confidentiality obligations.
While no method of transmission or storage is 100% secure, we continuously improve our safeguards. If a personal-data breach affects Customer Data, we will notify the account owner without undue delay (and within 72 hours of confirmation), consistent with our DPA and applicable law. To help protect your account, use strong, unique credentials and keep them confidential.
9. DO WE COLLECT INFORMATION FROM MINORS?
In short: No. We do not knowingly collect, solicit, or market to children under 18 years of age.
By using the Services, you confirm that you are 18 or older. We do not permit targeted advertising to children, and we do not knowingly process children’s personal data. If we become aware that we have collected personal information from a user under 18, we will disable the account and delete the data promptly (subject to any legal retention requirements).
If you believe a child under 18 has provided personal information to us, please contact privacy@stockypro.com and we will take appropriate steps.
10. WHAT ARE YOUR PRIVACY RIGHTS?
Withdrawing consent. Where we rely on your consent, you may withdraw it at any time by emailingprivacy@stockypro.com or using in-product settings (where available). Withdrawal does not affect processing already carried out, and we may continue processing on other lawful grounds (e.g., contract or legal obligation).
Marketing opt-out. You can unsubscribe from marketing emails at any time using the unsubscribe link or by contacting privacy@stockypro.com. We may still send essential, non-marketing messages (e.g., security alerts, billing, service updates).
Account information.
You can review or update your account details via account settings or by contacting us.
If you ask to close your account, we’ll deactivate or delete it and remove associated data from active systems. We may retain minimal records where required or permitted by law (e.g., tax/GST, fraud prevention, dispute resolution, enforcement). Backup copies delete on their normal rotation.
Cookies & similar technologies. You can manage preferences in your browser settings. If we deploy non-essential cookies or similar technologies, controls will also be available through our Cookie Notice (and consent will be obtained where required by law).
To exercise any privacy rights, contact privacy@stockypro.com(subject: “Privacy Request”). We’ll acknowledge and respond within applicable statutory timelines under Indian law. See Section 13, “HOW CAN YOU CONTACT US ABOUT THIS POLICY?” for further details.
11. CONTROLS FOR DO-NOT-TRACK FEATURES
In short: You can manage tracking technologies through your browser settings. There is no uniform Indian technical standard for browser “Do Not Track” or similar preference signals at this time, so we do not respond to such signals. If a recognised standard or legal requirement is adopted in India, we will update this Policy and implement it. In some other regions, we may recognise certain browser-based signals where required by law (see Section 15, “Regional Notices (Outside India)”).
You can configure your browser to block, clear, or limit cookies and similar technologies. If we deploy any non-essential technologies, we will provide controls via our Cookie Notice and obtain consent where required by law. Some features may not function correctly if certain technologies are disabled.
We may also receive personal information when you contact support, participate in surveys, or otherwise interact with us as described in “WHAT INFORMATION DO WE COLLECT?” We retain such information as outlined in “HOW LONG DO WE KEEP YOUR INFORMATION?”
12. DO WE MAKE UPDATES TO THIS POLICY?
In short: Yes—we update this Policy to reflect changes in our practices or applicable Indian law.
We may revise this Privacy Policy from time to time. When we do, we’ll update the Effective Date at the top. For material changes, we’ll provide reasonable advance notice via the Website, email, or an in-product banner; where required by law, we’ll seek your consent. We encourage you to review this Policy periodically to stay informed.
13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this Policy, or wish to raise a privacy grievance, contact us at privacy@stockypro.com. For product support, write to info@stockypro.com.
You can also contact us by post at:
Stocky Pro677, FF, 16th Main, 6th A Cross Rd, 3rd Block, Koramangala,
Bengaluru, Karnataka 560034, India
We’ll acknowledge and respond within applicable statutory timelines under Indian law.
14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Your rights (India). Under applicable Indian law (including the DPDP Act, 2023), you may have rights to access, correct, and erase your personal information, and to withdraw consent for optional processing. These rights may be limited in some circumstances by law.
How to exercise. To review, update, or delete your personal information, email privacy@stockypro.com (subject: “Privacy Request”) or use in-product account settings where available. If we process Customer Data on behalf of your organisation, please contact your organisation’s administrator/data fiduciary; we will assist them under our DPA.
15. REGIONAL NOTICES (OUTSIDE INDIA)
This Privacy Policy is designed for India. If local law where you reside grants additional rights, the following applies:
EU/UK (GDPR). For Service Data we act as controller; for Customer Data we act as processor under your DPA. We process on the legal bases of contract, consent, legal obligation, legitimate interests (balanced against your rights), and vital interests. You may have rights to access, rectify, erase, restrict, object, portability, and not to be subject to a decision based solely on automated processing where it produces legal or similarly significant effects. We may transfer personal data outside the EU/UK with appropriate safeguards (e.g., standard contractual clauses, or other lawful mechanisms). You also have the right to lodge a complaint with your supervisory authority. Contact: privacy@stockypro.com.
United States (certain states). Where applicable state law grants you rights (e.g., to access, correct, delete, portability, and to opt out of “sale,” “sharing,” targeted advertising, or certain profiling), you can exercise them by emailing privacy@stockypro.com. We do not sell personal information and do not use Customer Data for advertising. If we later introduce targeted advertising for Website interactions, we will disclose it in our Cookie Notice and provide required opt-out controls (and honor browser-based signals where the law requires). We may need to verify your identity (and, where permitted, an authorised agent’s authority) before acting on a request.
Canada. Where Canadian privacy laws apply (for example, PIPEDA or substantially similar provincial laws), you may have rights to access and request correction of the personal information we hold about you, to withdraw consent where we rely on consent, and to lodge a complaint with the appropriate privacy commissioner. We collect, use and disclose personal information for purposes described in this Privacy Policy and as otherwise disclosed to you at the time of collection, and we limit such activities to what is reasonable in the circumstances. You can contact us at privacy@stockypro.com to exercise your rights or to ask questions.
Australia and New Zealand. Where the privacy laws of Australia or New Zealand apply, you may have rights to access and request correction of the personal information we hold about you, and to lodge a complaint with the relevant privacy regulator. When we disclose personal information overseas, we will take reasonable steps to ensure that the recipient protects it in a manner consistent with applicable law and this Privacy Policy. To exercise your rights or raise a concern, please contactprivacy@stockypro.com.
Singapore (PDPA). Where Singapore’s PDPA applies, you may have rights to access and request correction of your personal data, to withdraw consent to our collection, use or disclosure of personal data (subject to legal and contractual restrictions), and to lodge a complaint with the Personal Data Protection Commission. We may transfer personal data outside Singapore in accordance with PDPA requirements, including by ensuring a comparable standard of protection for the transferred data. You can contact privacy@stockypro.com to exercise your rights or ask questions.
Other regions. If the privacy or data-protection laws in your country grant you additional rights beyond those described in this Privacy Policy, we will respect those rights to the extent required by applicable law. You can contactprivacy@stockypro.com to exercise them or to raise any privacy-related concern.