Privacy Policy
Last updated 27 June 2026
How KillStock collects, uses, shares, and protects personal data, and the rights you have over it.
Introduction
KillStock ("we", "us", "our") provides inventory-management software for small and medium businesses. This Privacy Policy explains what personal data we process, why, who we share it with, and the rights available to you under India's Digital Personal Data Protection Act, 2023 (DPDP) and, where applicable, the EU/UK General Data Protection Regulation (GDPR).
It covers our marketing website, the web and mobile applications, and related services (together, the "Services"). It does not cover third-party websites or services we link to, which have their own policies.
Who is responsible for your data
For personal data about visitors and account holders (for example, sign-up and billing details), we act as the data fiduciary (controller) and decide how it is processed.
For the operational data you enter into the product about your own customers, suppliers, and staff, you are the data fiduciary (controller) and we are the data processor acting on your instructions. Our obligations for that data are set out in our Data Processing Addendum.
Information we collect
Account and contact details you provide — name, work email, company name, country, role, and (for paid plans) billing information processed by our payment partner.
Operational data you enter into the product — catalogue, customers, suppliers, transactions, and related records. You control this data; we process it to provide the Services.
Usage, log, and device data — pages and features used, approximate location derived from IP, browser and device type, and diagnostic logs needed to run, secure, and improve the Services.
Communications — messages you send us for support or sales, and your responses to surveys or forms.
How we use personal data
To provide, maintain, and secure the Services and to authenticate users.
To respond to enquiries and provide customer support.
To send service and transactional messages (for example, security alerts, billing, and material changes).
To understand and improve usage, reliability, and performance — using analytics that load only after you consent.
To send marketing communications where you have opted in; you can unsubscribe at any time.
To comply with legal obligations, prevent fraud and abuse, and enforce our terms.
We do not sell personal data, and we do not use your operational data to train AI models without your explicit consent.
Legal bases for processing
Where the GDPR applies, we rely on: performance of a contract (to deliver the Services you signed up for); your consent (for non-essential cookies and opt-in marketing); our legitimate interests (to secure and improve the Services, where not overridden by your rights); and compliance with a legal obligation.
Where the DPDP applies, we process personal data on the basis of your consent or for legitimate uses permitted by the Act, and only for the purposes notified to you.
Cookies and analytics
Our website uses strictly necessary cookies to function and, only with your consent, privacy-conscious analytics to understand usage. You can accept or decline non-essential cookies via the cookie banner and change your choice at any time. See our Cookie Policy for details.
Sharing and disclosure
Service providers and sub-processors — vetted infrastructure partners (cloud hosting, managed database, authentication, error monitoring, analytics, email, and payments) that process data on our behalf under contractual data-protection obligations. A current list is available on request.
Legal and safety — where required by law, regulation, or valid legal process, or to protect the rights, property, or safety of our users, the public, or us.
Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy and applicable law.
We do not sell personal data and do not share it for cross-context behavioural advertising.
International transfers
We aim to host and route data regionally where feasible. Where personal data is transferred across borders, we use appropriate safeguards — such as standard contractual clauses or transfers to jurisdictions recognised as providing adequate protection — and only to countries not restricted by applicable law.
Data retention
We keep personal data only as long as needed to provide the Services, meet legal, tax, or accounting obligations, resolve disputes, and enforce our agreements, after which we delete or anonymise it. Operational data is retained for the life of your subscription and deleted or returned after a defined grace period following termination.
Security
We maintain technical and organisational measures appropriate to the risk, including encryption of data in transit, role-based access controls with tenant isolation, audit logging of sensitive actions, and routine backups. No method of transmission or storage is completely secure, but we work to protect your data and to notify affected parties of breaches as required by law.
Your rights
Subject to applicable law, you may access, correct, update, or request erasure of your personal data; obtain a portable copy; object to or restrict certain processing; and withdraw consent at any time (without affecting prior processing).
Within the product, customer and supplier records support per-record export and erasure; account-level export and deletion are available on request.
To exercise any right, contact us using the details below. We respond within the timelines required by applicable law. You may also nominate another person to exercise your DPDP rights in the event of death or incapacity.
Grievances and complaints
If you have a concern about how we handle your personal data, contact our Grievance Officer / Data Protection contact via our contact page and we will work to resolve it.
If you are not satisfied, you may complain to the Data Protection Board of India (under the DPDP Act) or, in the EU/UK, to your local supervisory authority.
Children
The Services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children; where the DPDP requires, we will obtain verifiable parental consent or refrain from such processing.
Changes to this policy
We may update this policy from time to time. We will post the updated version with a new effective date and, for material changes, provide reasonable notice through the Services or by email.
Contact us
You can reach KillStock about this policy or to exercise your rights through our contact page. We will route your request to the appropriate team, including our Data Protection contact where relevant.
Questions about this policy? Contact us.