Privacy Policy — stock.link

1. Introduction

stock.link ("we", "us", or "our") is the operational layer for manufacturers — handling marketing, sales, logistics, and material replenishment through a single API. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our platform, or otherwise interact with us.

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation and Data Protection Act 2018 (UK GDPR), and applicable US privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA).

2. Data Controller

For the purposes of EU and UK data protection law, the data controller responsible for your personal data is:

stock.link

Email: privacy@stock.link

3. Information We Collect

3.1 Information you provide

Contact and account information — name, email address, company name, job title, and phone number when you request a demo, create an account, or contact us.
Business information — production volumes, services of interest, and messages you submit through our forms.
Communications — records of correspondence when you reach out to our support or sales teams.

3.2 Information collected automatically

Device and usage data — IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and click patterns.
Cookies and similar technologies — see Section 9 below.

3.3 Information from third parties

Business partners and integrations — if you connect your production system to our API, we receive operational data as described in your service agreement.
Publicly available sources — we may supplement your information with data from public business registries or professional networking platforms.

4. How We Use Your Information

We process your personal data for the following purposes:

Providing our services — operating the platform, processing orders, managing logistics, and facilitating material replenishment.
Communicating with you — responding to inquiries, sending service updates, and providing support.
Marketing — sending relevant information about our services where you have consented or where we have a legitimate interest (you can opt out at any time).
Improving our platform — analysing usage patterns to enhance functionality, performance, and user experience.
Security and fraud prevention — detecting, investigating, and preventing unauthorised access or malicious activity.
Legal compliance — meeting our obligations under applicable laws and regulations.

5. Legal Bases for Processing

Under the GDPR and UK GDPR, we rely on one or more of the following legal bases for each processing activity:

Legal basis	When we rely on it
Contract	Processing necessary to perform our agreement with you or to take pre-contractual steps at your request.
Legitimate interest	Improving our services, securing our platform, and direct marketing to existing clients — balanced against your rights.
Consent	Where you have opted in — for example, subscribing to marketing communications or accepting non-essential cookies.
Legal obligation	Where processing is required by EU, UK, or member state law (e.g., tax, anti-money laundering).

We do not sell your personal data. We may share it with the following categories of recipients:

Service providers — hosting, analytics, payment processing, logistics partners, and CRM providers who process data on our behalf under written agreements.
Business partners — carrier and supplier networks as necessary to fulfil our services.
Legal and regulatory authorities — when required by law, regulation, or legal process.
Corporate transactions — in connection with a merger, acquisition, or sale of assets, with appropriate confidentiality safeguards.

7. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA) or the United Kingdom. When we transfer data internationally, we ensure an adequate level of protection through one or more of the following mechanisms:

EU–US Data Privacy Framework (and UK Extension) adequacy decisions.
Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement / Addendum.
Other applicable adequacy decisions or derogations under Article 49 GDPR / UK GDPR.

You may request a copy of the relevant safeguards by contacting us at privacy@stock.link.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. Criteria we use to determine retention periods include:

The duration of our business relationship with you.
Whether there is a legal obligation to retain the data (e.g., tax or accounting records).
Whether retention is advisable in light of our legal position (e.g., applicable statutes of limitation or regulatory investigations).

When personal data is no longer required, we securely delete or anonymise it.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to:

Essential operation — remember your preferences (e.g., light/dark theme) and maintain session state.
Analytics — understand how visitors interact with our site so we can improve it.
Marketing — deliver relevant advertising and measure campaign effectiveness (only where you have consented).

You can manage your cookie preferences at any time through your browser settings. Blocking certain cookies may affect site functionality.

10. Your Rights

10.1 EU and UK residents

Under the GDPR and UK GDPR, you have the right to:

Access — obtain confirmation of whether we process your personal data and request a copy.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion of your data where there is no compelling reason for continued processing.
Restriction — request that we limit processing in certain circumstances.
Data portability — receive your data in a structured, commonly used, machine-readable format.
Object — object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Automated decision-making — not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise these rights, contact us at privacy@stock.link. We will respond within one month, as required by law. You also have the right to lodge a complaint with your local supervisory authority — for example, the Information Commissioner's Office (ICO) in the UK or your national data protection authority in the EU.

10.2 US residents

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with applicable privacy legislation, you may have the following rights depending on your state of residence:

Right to know / access — request the categories and specific pieces of personal information we have collected about you.
Right to delete — request deletion of personal information we hold, subject to certain exceptions.
Right to correct — request correction of inaccurate personal information.
Right to opt out of sale or sharing — we do not sell your personal data or share it for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.
Right to non-discrimination — exercise your rights without receiving discriminatory treatment.
Right to data portability — obtain your data in a portable and readily usable format (where applicable under state law).

To submit a request, email privacy@stock.link. We will verify your identity before processing the request. You may also designate an authorised agent to make a request on your behalf.

California-specific disclosures (CCPA / CPRA)

In the preceding twelve months, we have collected the following categories of personal information as defined under the CCPA:

Identifiers (name, email, IP address).
Commercial information (services requested, business details).
Internet or electronic network activity (browsing behaviour, interactions with our site).
Professional or employment-related information (company name, job title).

We collect this information for the business purposes described in Section 4. We do not sell personal information and have not done so in the preceding twelve months. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.

11. Children's Privacy

Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. No system is completely secure, however, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the revised policy on this page with an updated effective date. Where required by law, we will obtain your consent before making changes that affect how your data is processed.

14. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

stock.link — Privacy Team