Safer InventorySafer Inventory

Privacy

Privacy Policy

Effective April 30, 2026

This policy explains what personal information Pistis Contracting Inc. collects, why we collect it, and how we protect it. It applies to the saferinventory.com marketing site, the app at app.saferinventory.com, our iOS + Android apps, and the public REST API. Drafted to meet our obligations under PIPEDA (Canada) and GDPR (EU).

At a glance

We're a Canadian B2B SaaS company. We collect the minimum personal information needed to operate the product, and we never sell it. Customer inventory data — products, orders, movements — belongs to our customers; we're a data processor for that. Personal data about the people using our product (names, emails, IPs, audit history) is what this policy covers, and we're a data controller for that.

The short version:

  • We collect account info, usage telemetry, and audit-log entries.
  • We use it to run the service, prevent fraud, and improve the product.
  • We share it only with subprocessors that are essential to delivering the service.
  • We retain it for as long as your account is active, plus a defined tail.
  • You can request access, correction, deletion, or export at any time.

Who we are

Pistis Contracting Inc. — a corporation incorporated in Ontario, Canada. Mailing address: 18 Strathearn Ave, Brampton, ON L6T 4L8. For the purposes of Canadian privacy law (PIPEDA), our Privacy Officer is reachable at privacy@saferinventory.com. For GDPR purposes, our EU representative is currently not appointed— we don't target EU residents. If we begin offering the product to EU controllers, we'll appoint a Representative under Article 27 and update this policy.

What we collect

Information you give us

  • Account info — name, email, organisation name, role. Captured at sign-up and when teammates are invited.
  • Billing info — payment method tokenised by Stripe; we never see card numbers. Billing email + address are stored on the organisation record.
  • Support correspondence — when you email hello@saferinventory.com or use the in-app chat, the conversation is retained for support history.
  • Integration credentials — Shopify tokens, QuickBooks Online refresh tokens, etc. Encrypted with AES-256-GCM envelope encryption before persistence.

Information we collect automatically

  • Service usage — pages visited, features used, errors encountered. Captured via PostHog (self-hostable; product analytics) and Sentry (error tracking only, with PII filters).
  • IP address + user-agent — captured per request for rate limiting, fraud prevention, and the audit log.
  • Device + push tokens — for the mobile apps, the Expo push token plus OS / version for delivering low-stock and shipment notifications.
  • Cookies + similar — session cookies for Clerk authentication, first-party preference cookies (theme, table density). We do not use third-party advertising cookies.

Information we do NOT collect

  • We do not collect biometrics. Mobile biometric unlock is handled by your device's OS — fingerprint and Face ID never leave the device.
  • We do not collect precise geolocation. We see only country-level, derived from IP, for fraud signals.
  • We do not train AI models on your data. We do not operate any.
  • We do not sell, rent, or trade your personal information. Ever.

Why we use it

Each category of data has a purpose tied to running the service:

DataPurposeLawful basis (PIPEDA / GDPR)
Account infoAuthentication, role assignment, billingContract performance · Consent
Usage telemetryImproving the product, capacity planningLegitimate interest · Consent (where required)
Audit logSecurity investigation, compliance evidenceLegitimate interest · Legal obligation
IP + UARate limiting, abuse preventionLegitimate interest
Push tokensDelivering notifications you asked forConsent
Integration credentialsSyncing your Shopify and QBO dataContract performance

Who we share with

We share personal information only with subprocessors that are essential to running the service. The current list is at /legal/subprocessors; we'll notify you 30 days before adding a new one with access to customer data.

  • Supabase (Postgres host) — primary database. Toronto region.
  • Cloudflare — CDN, DNS, R2 object storage.
  • Fly.io — API + worker hosting. Toronto region.
  • Vercel — web app hosting (CDN-backed).
  • Clerk — authentication, session management.
  • Stripe — payment processing, Stripe Tax.
  • Resend — transactional email (welcome, alerts).
  • Upstash — Redis (cache, queues, rate limits).
  • PostHog — product analytics (self-hostable; we may move it in-house).
  • Sentry — error tracking with PII redaction filters.
  • Shopify, Intuit (QBO)— only if you connect them. We share only what's required by the integration; you authorise the OAuth scope.

We may also disclose information when legally compelled by a Canadian court order or a valid request from law enforcement. We'll fight overbroad requests and notify you unless prohibited by law.

How long we keep it

  • Account info — for the life of your account, then deleted within 90 days of termination unless you request earlier deletion.
  • Audit log — 7 years for security and compliance evidence. Reduced on request to the shortest period your jurisdiction permits.
  • Backups — 30-day rolling PITR. Personal data inside backups is purged when the backup ages out.
  • Support correspondence — 3 years.
  • Billing records — 7 years (CRA tax retention requirement).

How we protect it

Full detail at /security. Headlines:

  • TLS 1.3 in transit · AES-256-GCM at rest · envelope encryption with annual KEK rotation.
  • Postgres row-level security on every tenant table, verified by integration tests in CI.
  • Append-only audit log, sensitive keys redacted before persistence.
  • 2FA enforced for admin accounts; hardware keys required for production console access.
  • Daily PITR backups, encrypted, tested quarterly.
  • External security reviews and penetration testing as the product matures.

Your rights

Under PIPEDA you have the right to access the personal information we hold about you, to challenge its accuracy, and to know how it's being used and to whom it's been disclosed. Under GDPR (where applicable) you additionally have the right to erasure, portability, restriction, and to object to processing.

To exercise any of these rights, email privacy@saferinventory.com. We'll respond within 30 days. If we can't verify your identity from the request alone, we may ask you to authenticate via your account.

You can also export most of your account's personal data directly from /app/settings/account→ “Download my data”. Inventory data you control as a data controller is exportable per-report (CSV / PDF) at any time.

If you believe we've mishandled your data, you have the right to complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your local EU supervisory authority.

Children

Safer Inventory is a B2B product not directed at people under 18. We don't knowingly collect data from children. If you believe a child has provided us personal information, contact privacy@saferinventory.comand we'll delete it.

International transfers

We default to hosting customer data in Canada (Toronto, yyz). Some subprocessors operate global networks (Cloudflare CDN, Vercel edge, Clerk authentication endpoints) that process data in regions outside Canada. We rely on contractual safeguards (SCCs where EU data is involved, strong DPAs in every other case) to make sure those transfers are protected.

Changes to this policy

We'll notify you 30 days before any material change to this policy by email and an in-app banner. Non-material changes (typos, broken links) we'll just fix and bump the “Effective” date above.

Every version is archived publicly at github.com/safer/inventory git blame tells you exactly who changed what, when.

Contact us

Privacy Officer · Pistis Contracting Inc.
18 Strathearn Ave, Brampton, ON L6T 4L8, Canada
privacy@saferinventory.com

This policy is offered in plain English. If a court ever finds any clause unenforceable, the rest stays in effect.