The short version. PingStock reads only the parts of your Shopify store we strictly need to count stock — products, variants, inventory levels, and locations. We don't touch orders, customers, or payouts. We don't sell or share your data. We don't train models on it. You can uninstall any time and we delete everything within 30 days.
01 Who we are
PingStock is a Shopify app built and operated by Blossomn Studio, an independent product studio based in Bengaluru, India. In the language of India's Digital Personal Data Protection Act, 2023 (DPDP) and the EU/UK GDPR, Blossomn Studio is the Data Fiduciary / Controller for the personal data described in this policy.
You can reach us at info@blossomn.com. For privacy-specific requests (access, correction, deletion), use the same address and write "PingStock — Privacy" in the subject line.
02 What data PingStock collects
PingStock collects only what it needs to do its job — detect low stock and ping the right people. Specifically:
Titles, SKUs, vendor, tags, collections
Current quantity per variant per location
Aggregate counts of units sold per variant per day
Shop domain, plan, primary email
Names, emails, Slack workspace IDs
Pages viewed, actions taken, error traces
What PingStock does not collect
- Order line items, addresses, or buyer PII (we only read aggregated counts).
- Customer accounts, sessions, or marketing consents.
- Payouts, payment methods, or any financial data outside of Shopify's billing receipts.
- Storefront analytics or visitor data.
03 How we use it
- To run the service — read stock, compute thresholds, deliver pings.
- To send transactional emails (digest summaries, billing receipts, security notices).
- To detect abuse and operational problems (excessive API errors, suspicious sign-ins).
- To improve PingStock — strictly through aggregate, anonymous metrics.
We do not use your data for advertising, profile-building, third-party data brokerage, or AI/ML training of any kind.
04 Where it lives
PingStock runs on infrastructure in the AWS Mumbai (ap-south-1) region. Inventory snapshots and configuration are stored in a managed PostgreSQL database, encrypted at rest (AES-256) and in transit (TLS 1.2+). Daily backups are encrypted and aged out on a 30-day rolling window.
Inventory event history is retained for 90 days, then aggregated and the raw rows discarded. Aggregated counts (used for forecasts) are retained for the lifetime of the install.
05 Sub-processors
PingStock uses a small, deliberate set of sub-processors. Each is bound by a Data Processing Agreement:
- Amazon Web Services (AWS) — Mumbai region. Hosting, database, queues, object storage.
- Shopify Inc. Billing-through-Shopify is handled by Shopify; we never see your card details.
- Postmark (or equivalent). Transactional email delivery for digests and receipts.
- Slack. Outbound Slack messages, where you've connected a workspace.
- Sentry. Crash & error reporting — opt-in, sampled, with PII scrubbed.
We update this list when it changes. If you need the current sub-processor list with effective dates, write to info@blossomn.com.
06 Sharing & disclosure
We don't sell your data. We don't share it with advertisers, data brokers, or AI training pipelines. We disclose data only in three narrow situations:
- To you and the recipients you nominate. That's the entire point.
- To our sub-processors listed above, strictly to perform the service.
- To comply with law. Validly served legal process from an Indian authority of competent jurisdiction. We narrow the disclosure to what is legally required and, where lawful, we tell you.
07 Your rights
Under DPDP (India), GDPR (EU/UK), and similar regimes, you have the right to:
- Access the personal data we hold about you.
- Correct data that is inaccurate or out of date.
- Erase your data (subject to limited legal-hold exceptions, e.g. tax records).
- Port your data to another service in a structured, machine-readable format.
- Withdraw consent to any non-essential processing.
- Lodge a grievance with our Grievance Officer (below) and, if unresolved, with the Data Protection Board of India or your local supervisory authority.
We aim to action requests within 7 working days, and at the outside within 30. Email info@blossomn.com with subject "PingStock — Privacy".
08 When you uninstall
Uninstalling PingStock from your Shopify admin triggers our standard offboarding:
- API access is revoked immediately by Shopify's OAuth layer.
- Live inventory sync stops within minutes.
- All shop data — inventory snapshots, threshold config, recipient list, logs — is hard-deleted within 30 days.
- Aggregated, anonymous metrics may persist (these contain no identifier that ties them back to you).
You can request immediate deletion before the 30-day window closes by emailing us.
09 Security
We use industry-standard practices: TLS 1.2+ on all endpoints, AES-256 at rest, least-privilege IAM, short-lived OAuth tokens, secret rotation, audit logging on production access, and 2FA on every operator account. We run no-warning backups daily and test restores monthly.
If we ever discover a personal-data breach affecting you, we'll notify you and, where required, the Data Protection Board of India within 72 hours of becoming aware of it, with what we know and what we're doing about it.
10 Children
PingStock is a tool for merchants. It isn't directed at children, and we don't knowingly collect data from anyone under 18.
11 Changes to this policy
If we update this policy in a way that materially changes how we treat your data, we'll email the install owner before the change takes effect, and post the updated effective date at the top of this page. Older versions are archived; ask if you want one.
12 Contact & Grievance Officer
Grievance Officer: Apoorva Verma, Founder, Blossomn Studio.
Email: info@blossomn.com
(subject: "PingStock — Privacy")
Address: Bengaluru, Karnataka, India.
If we haven't sorted out your concern within a reasonable time, you can escalate to the Data Protection Board of India (once operational), or to your local supervisory authority under GDPR.