1. Our relationship to you

Inventorygram acts as a data processor on behalf of customers who use our platform to manage their business operations. When you use Inventorygram as a customer or employee of a customer, Inventorygram processes your personal data according to the instructions of the customer (the data controller) and in compliance with GDPR (EU General Data Protection Regulation), UK GDPR, and Swiss Federal Act on Data Protection (FADP).

2. Notice

This notice applies to individuals in the European Union, United Kingdom, and Switzerland. We provide this notice to inform you of how your personal data is processed, your rights under applicable data protection laws, and how to exercise those rights.

If you are a customer of Inventorygram, you are responsible for providing privacy notices to your employees, customers, and other data subjects whose data you submit to our service.

3. Collection of Personal Information

We collect personal information through multiple channels:

Direct submission: Information you provide when creating an account, using the platform, or contacting support;
Automated collection: Technical data collected through cookies, logs, and analytics as you use our service;
Third-party sources: Information received from service providers, payment processors, or other partners in connection with account management and fraud prevention;
Inferred data: Information derived from your usage patterns to improve our service.

Personal information includes name, email, phone, address, business details, transaction records, device information, and any other data that relates to an identified or identifiable individual.

4. Purposes of processing

We process personal information for the following lawful purposes:

Contractual necessity: To provide, maintain, and deliver the Inventorygram service as agreed;
Legal compliance: To comply with legal obligations under EU, UK, and Swiss law;
Legitimate interests: To improve our service, conduct analytics, detect fraud, and enforce our terms;
Consent: Where you have explicitly agreed to specific processing activities such as marketing communications;
Vital interests: To protect the safety and rights of individuals or the public.

5. Third party sources of information

We may receive personal information about you from:

Your employer or the customer organization that uses Inventorygram;
Payment processors and financial service providers;
Third-party service providers such as hosting, analytics, and communications platforms;
Law enforcement or regulatory authorities when required by law;
Public data sources for identity verification and fraud prevention.

When we receive personal data from third parties, we ensure appropriate safeguards are in place and that recipients are contractually bound to comply with data protection obligations.

6. Third party recipients

We share personal information with the following categories of recipients:

Your employer or the customer organization using Inventorygram;
Service providers and subprocessors (hosting, payment processing, email, analytics, customer support);
Professional advisors (legal, accounting, audit firms) engaged to support our business;
Law enforcement, regulators, and authorities when required by legal process or applicable law;
Acquiring entities in connection with mergers, acquisitions, or sale of assets.

All recipients are contractually bound to process personal data only for the specified purposes and in accordance with data protection regulations.

7. Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this notice, subject to applicable legal requirements.

Active account data: Retained while your account is active and for 90 days after account deletion or termination;
Backup copies: Retained according to our disaster recovery and backup policies;
Legal holds: Retained as required by law, court order, or regulatory requirement;
Tax and accounting records: Retained for the period required by applicable law.

After the retention period, personal data is securely deleted or anonymized.

8. International transfers

Inventorygram may transfer your personal data outside the EEA, United Kingdom, or Switzerland for processing and storage. Such transfers are only conducted with appropriate safeguards in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Binding Corporate Rules (BCRs) where applicable;
Adequacy decisions by competent authorities;
Explicit consent from the data subject where applicable.

We process data in Nigeria and other jurisdictions where our subprocessors operate. We maintain contractual commitments ensuring adequate safeguards equivalent to EU/Swiss standards.

9. Accountability for onward transfer

Inventorygram remains accountable for personal data transferred to subprocessors. We ensure all subprocessors are contractually bound to process personal data in accordance with this notice and applicable data protection regulations.

You may request information about our subprocessors and their data protection practices. Inventorygram is liable to you for any breach of data protection obligations by subprocessors, except where we are not responsible for the incident.

10. Security

We implement comprehensive technical and organizational safeguards to protect personal data:

Encryption of data in transit using TLS/SSL and at rest using AES-256;
Access controls using role-based access and least-privilege principles;
Multi-factor authentication for administrative and privileged access;
Network security including firewalls, intrusion detection, and vulnerability management;
Regular security audits, penetration testing, and risk assessments;
Employee training, confidentiality agreements, and background checks;
Incident detection, response, and breach notification procedures;
Business continuity and disaster recovery measures.

11. Direct marketing

We may use your email address to send marketing communications, newsletters, and service updates. You have the right to opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email;
Updating your communication preferences in your account settings;
Contacting us at privacy@inventorygram.com to request removal from our mailing lists.

We will honor opt-out requests within a reasonable timeframe. Service-critical communications (account notifications, security alerts) will continue regardless of marketing preferences.

12. Your rights

Under GDPR, UK GDPR, and Swiss FADP, you have the following rights regarding your personal data:

Right of access: Request and obtain a copy of your personal data;
Right to rectification: Request correction of inaccurate or incomplete data;
Right to erasure: Request deletion of your personal data subject to legal exceptions;
Right to restrict processing: Request limitation of processing for specific purposes;
Right to data portability: Obtain your data in a portable format and transfer it to another service;
Right to object: Object to processing based on legitimate interests or for direct marketing;
Right to withdraw consent: Withdraw consent at any time without affecting prior processing;
Right not to be subject to automated decisions: Request human review of automated processing decisions.

To exercise any of these rights, contact privacy@inventorygram.com with details of your request and evidence of your identity.

13. Limitations to your rights

Your rights may be limited or unavailable in certain situations:

Legal obligations: We may be required to retain or process data by law or court order;
Contractual necessity: Data necessary to perform our service agreement cannot be deleted;
Fraud prevention: We may retain data to detect and prevent fraud or abuse;
Legitimate interests: We may process data where necessary to protect rights and interests;
Third-party rights: Deletion requests may be denied if they would violate another person's rights.

Where rights cannot be fully exercised, we will provide clear explanation and alternatives where possible.

14. Recourse, enforcement, & liability

If you believe your personal data has been processed in violation of applicable law, you have the following recourse options:

Contact Inventorygram directly at privacy@inventorygram.com to resolve the issue;
Lodge a complaint with your supervisory authority (data protection authority) in your jurisdiction;
Pursue legal action in the courts of your jurisdiction;
Request arbitration or mediation through alternative dispute resolution mechanisms.

Inventorygram is liable for damages caused by processing that violates data protection regulations. We will cooperate with regulatory investigations and provide remedies as required by law.

15. Children's data

Inventorygram is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children under 18. In the EU, children under 16 require parental or guardian consent for information society services.

If we discover that we have collected personal data of a child in violation of this policy, we will take steps to delete that information without unnecessary delay.

16. Changes to this Policy

We may update this policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated to affected individuals through email or posting on our website.

Continued use of Inventorygram after an update constitutes acceptance of the revised policy. We encourage you to review this notice periodically.

17. Contact us

If you have questions, requests, or concerns about this notice or our privacy practices, contact us at:

Email: privacy@inventorygram.com
Data Protection Officer: dpo@inventorygram.com
Legal: legal@inventorygram.com

We will respond to requests and inquiries within the timeframes required by applicable law.

EU / Swiss Privacy Policy

Privacy for EU and Swiss users