policy

Policy Page

Last updated: March 1, 2026

Plan A SAS, a company registered in France operating under the trade name "Stash" ("we", "us", "our"), is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our inventory management platform at https://app.getstash.io (the "Service").

1. Data Controller

Plan A SAS

Trade name: Stash

Country: France

Contact: privacy@getstash.io

2. What Data We Collect

Account Data: Name, email address, and password credentials when you create an account.

Organization Data: Business name, locations, team member details, and role assignments you provide during onboarding and use of the Service.

Inventory Data: Product information, stock levels, supplier details, purchase orders, and other inventory-related data you enter into the Service.

Usage Data: How you interact with the Service, including pages viewed, features used, and session duration.

Payment Data: Billing information processed through our payment provider. We do not store your full credit card details on our servers.

Technical Data: IP address, browser type, device information, and operating system collected automatically when you access the Service.

3. How We Use Your Data

We process your data on the following legal bases under the GDPR:

Performance of contract (Art. 6(1)(b)): To provide and maintain the Service, manage your account, process transactions, and deliver customer support.

Legitimate interest (Art. 6(1)(f)): To improve the Service, monitor usage patterns, prevent fraud, and ensure security.

Consent (Art. 6(1)(a)): To send marketing communications. You can withdraw consent at any time.

Legal obligation (Art. 6(1)(c)): To comply with applicable laws and regulations.

4. Third-Party Services

We use the following third-party services to operate Stash. Each processes data in accordance with their own privacy policies:

ServicePurposeSupabaseDatabase and backend infrastructureClerkAuthentication and user managementStripePayment processingIntercomCustomer supportPostHogProduct analyticsGoogle AnalyticsWebsite analytics and accounting integrationsResendTransactional emailsLoopsMarketing emails

We ensure all sub-processors meet GDPR requirements through appropriate contractual safeguards (Standard Contractual Clauses or adequacy decisions where applicable).

5. Data Storage and Transfers

Your data is stored on EU-based servers (AWS, European region). Where third-party services process data outside the EU/EEA, we ensure adequate safeguards are in place, including EU Standard Contractual Clauses.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required by law to retain it longer.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at privacy@getstash.io. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.

8. Cookies

We use only essential cookies required for the Service to function (authentication and session management). We do not use advertising or tracking cookies.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews.

10. Children

The Service is not directed at individuals under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For any questions about this Privacy Policy or your personal data:

Email: privacy@getstash.ioCompany: Plan A SAS (Stash)Country: France

Start Today

Stop hoping your numbers are right. Start trusting them.

Start free trial
features
InventoryMulti-Location InventoryReportingAISuppliersPOs
industries
RetailCoffee ShopsFranchisesFood and BeverageMulti-Location
Integrations
Square POSShopifySumUp POSQuickBooksSquare Inventory Management
company
About usPricingBlogBook a DemoContactPrivacy PolicySitemap
stash logo