Privacy Policy

This policy applies to:

• store owners and administrators who subscribe to and manage a store;
• staff and workers invited to a store;
• consignors whose items, balances, and payouts are managed in the Service; and
• visitors to our website.

When a store uses ConsignPilot to manage its consignors, inventory, and sales, the store is responsible for the personal information it enters about its consignors and customers. In those cases we process that information on the store’s behalf and under its instructions.

Information you provide directly. Account and profile details (name, email address, password stored in hashed form, business or store name, and role); store and consignor records (consignor names and contact details, commission terms, inventory items such as titles, descriptions, categories, SKUs and barcodes, prices, and photos, drop-off and pickup details, sales records, ledger balances, and payout details such as an e-transfer email or cheque information); and any messages you send us through contact forms, email, or support requests.

Information collected automatically. Usage and device data such as IP address, browser type, pages viewed, and actions taken, which we use to operate, secure, and improve the Service, along with cookies and similar technologies (see “Cookies” below).

Information from connected integrations. If you connect a point-of-sale or e-commerce account (Square, Clover, or Shopify), we receive the data needed to sync products, inventory, and sales — such as product listings, orders, locations, and fulfillment status — and we store the access tokens for those services in encrypted form.

Subscription billing is handled by Stripe. When you subscribe, your payment card details are collected and processed directly by Stripe under Stripe’s own privacy policy; we do not store full card numbers on our servers. We retain limited billing records such as your Stripe customer and subscription identifiers, plan, billing interval, and subscription status.

We use the information we collect to:

• provide, operate, and maintain the Service and your store;
• authenticate users and keep accounts secure;
• process subscriptions, free trials, and payments;
• sync inventory and sales with the point-of-sale and e-commerce systems you authorize;
• send transactional and service emails, such as sale notifications, low-stock alerts, payout confirmations, and trial or subscription notices;
• respond to your inquiries and provide support;
• monitor, troubleshoot, and improve the Service; and
• comply with legal obligations and enforce our terms.

We do not sell your personal information.

We share information with trusted third parties that help us run the Service, only as needed to provide it:

• Stripe — subscription billing and payment processing;
• Supabase — database hosting and authentication;
• DigitalOcean — application hosting and infrastructure;
• Resend — delivery of transactional and notification emails; and
• Square, Clover, and Shopify — point-of-sale and e-commerce synchronization, only where you connect those accounts.

These providers are authorized to use your information only to perform services for us.

We may disclose information:

• with your consent or at your direction, such as when you connect an integration;
• to the service providers described above;
• to comply with applicable law, legal process, or lawful requests from public authorities;
• to protect the rights, property, or safety of KitStack, our users, or others, and to detect or prevent fraud or security issues; and
• in connection with a merger, acquisition, financing, or sale of assets, in which case we will continue to protect your information consistent with this policy.

We retain your information for as long as your account is active and as needed to provide the Service. After an account or store is closed, we may retain certain records for a reasonable period to meet legal, accounting, tax, and audit requirements, or to resolve disputes. Item photos are automatically deleted a set period (currently 90 days) after the related item is sold. You may request deletion of your data as described below.

We use technical and organizational measures designed to protect your information, including encryption in transit, hashing of passwords, and encryption at rest for sensitive credentials such as third-party access tokens. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Depending on your location and applicable law — including Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) — you may have the right to access, correct, update, export, or delete your personal information, and to withdraw consent. Store administrators can manage much of their data directly within the Service, including exporting store data and closing stores. To make a request, contact us using the details below. If you are a consignor and your information was entered by a store, please also contact that store; we will assist the store in fulfilling your request.

We use cookies and similar technologies that are necessary to sign you in, keep your session secure, and remember your preferences. You can control cookies through your browser settings, but disabling them may affect how the Service works.

The Service is intended for businesses and is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

We are based in Canada, and our infrastructure providers may process and store data in Canada, the United States, or other countries. Where information is transferred across borders, we take steps to ensure it remains protected consistent with this policy and applicable law.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

If you have questions or requests regarding this Privacy Policy or your personal information, contact us at privacy@kitsconsignpilot.com, or through the Contact section of our site.