Privacy FAQs

Frequently asked questions about how Inventorygram handles data, privacy, and your rights.

Updated: May 20, 2026

Privacy FAQs

Frequently asked questions about how Inventorygram handles data, privacy, security, and your rights under applicable privacy regulations. These FAQs supplement our Privacy Policy and provide additional clarity on common questions.

1. Disclaimer

These FAQs are provided for informational purposes and to help explain our privacy practices in accessible language. In the event of any conflict between these FAQs and our formal Privacy Policy, Data Processing Addendum, or EU/Swiss Privacy Policy, the formal policy documents shall control.

These FAQs do not create additional legal obligations beyond those stated in our published policies. We update these FAQs periodically as our practices evolve. If you have specific legal questions about your privacy rights, we recommend consulting our full privacy policies or contacting our legal team at legal@inventorygram.com.

2. Some background before we dive in

Inventorygram is a business management platform designed to help shops, restaurants, and service businesses manage operations including inventory, sales, staffing, and customer relationships. To deliver this service, we process various types of data including business information, transaction records, and employee/customer details.

Our approach to privacy is built on several key principles:

  • Data minimization: We collect only the data necessary to provide our service and fulfill our legal obligations;
  • Purpose limitation: We use data only for the purposes disclosed in this FAQ and our policies;
  • Security: We implement appropriate technical and organizational safeguards to protect data;
  • Transparency: We are open about how we collect, use, and share data;
  • User control: We provide you with tools and options to control your data.

This FAQ addresses common questions from customers, employees, and data subjects about how we handle privacy.

3. Definitions

To help clarify this FAQ, here are definitions of key terms:

  • Customer: An organization or individual who purchases a subscription to Inventorygram and controls what data is submitted to our platform;
  • Personal data: Any information relating to an identified or identifiable individual (name, email, phone, location, transaction history, etc.);
  • Data controller: The organization that decides what data to collect and how it will be used. Customers are typically data controllers for business data they submit;
  • Data processor: A service provider that processes data on behalf of a controller. Inventorygram acts as a processor for customer data;
  • Processing: Any operation performed on data, including collection, storage, use, analysis, sharing, deletion, or transfer;
  • Subprocessor: A third-party service provider (e.g., hosting, payment processor) that processes data on behalf of Inventorygram;
  • Data subject: An individual whose personal data is processed (e.g., an employee, customer, or vendor of your business);
  • Retention: The period for which data is kept before being deleted or anonymized.

4. Inventorygram's relationship to you

Q: Is Inventorygram the owner of my data?

No. You (the customer) retain ownership and control of your business data. Inventorygram acts as a data processor and handles your data according to your instructions and our contract with you. You remain responsible for determining what data to collect and how it is used.

Q: What is the difference between being a "processor" and a "controller"?

A data controller decides what personal data to collect and how to use it. A data processor handles the data on the controller's behalf but does not decide the purposes of processing. Inventorygram typically acts as a processor because:

  • You (our customer) decide what data to submit to Inventorygram;
  • You decide which employees and customers have access;
  • You determine retention periods for your records;
  • Inventorygram processes the data only to provide the contracted service.

Q: What responsibility do I have as a customer?

As a data controller, you are responsible for:

  • Ensuring you have legal authority to submit data to Inventorygram;
  • Providing privacy notices to employees, customers, and other data subjects;
  • Obtaining necessary consents before collecting or processing data;
  • Complying with applicable data protection laws;
  • Monitoring Inventorygram's use of data to ensure compliance.

5. Your obligations as a Customer

Q: What do I need to tell my employees and customers about privacy?

You must provide privacy notices informing individuals that their data is being collected and processed. At a minimum, you should disclose:

  • What data you collect (names, contact info, transaction history, etc.);
  • How the data is used (invoicing, customer service, reporting, etc.);
  • That data is processed by Inventorygram (a service provider);
  • How long data is retained;
  • Their rights (access, deletion, correction);
  • How to contact you with privacy questions.

Inventorygram provides privacy policy templates to help customers meet these obligations. For EU, UK, and Swiss customers, additional privacy notices may be required under GDPR, UK GDPR, and Swiss FADP.

Q: What if someone requests access to their data?

If a data subject requests access to their information, you should:

  • Contact Inventorygram support to retrieve the requested data;
  • Provide the individual with a copy in a portable format;
  • Respond within the timeframe required by applicable law (typically 30 days).

Inventorygram will assist you in fulfilling such requests and can provide data exports in standard formats.

Q: Am I responsible for GDPR compliance?

If you are a data controller under GDPR (processing data of EU residents), you have primary responsibility for compliance. Inventorygram assists as a processor by:

  • Implementing appropriate security measures;
  • Processing data only as instructed;
  • Assisting with data subject rights requests;
  • Maintaining a Data Processing Agreement (DPA);
  • Providing documentation for compliance audits.

You are responsible for obtaining consents, providing notices, and conducting impact assessments where required.

6. Data storage and international transfers

Q: Where is my data stored?

Inventorygram data is hosted on cloud servers managed by Namecheap and related infrastructure partners. Physical servers may be located in multiple jurisdictions including the United States, Europe, and potentially other regions. For specific information about your data's location, contact privacy@inventorygram.com.

Q: Is my data secure when transferred internationally?

Yes. When data is transferred outside the EU, UK, or Switzerland, we implement safeguards including:

  • Standard Contractual Clauses (SCCs) approved by data protection authorities;
  • Encryption in transit using TLS/SSL (256-bit);
  • Contractual requirements on subprocessors to maintain equivalent protections;
  • Regular security audits and compliance reviews.

Q: Can I request that my data stay in a specific location?

Due to our infrastructure architecture, we cannot guarantee data storage in a specific country or region. However, we can discuss your requirements. Contact legal@inventorygram.com to discuss specific data residency needs.

7. Security

Q: How does Inventorygram protect my data from unauthorized access?

We implement multiple layers of security:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256);
  • Access controls: Only authorized employees can access data, and access is restricted by role;
  • Authentication: We require multi-factor authentication (MFA) for all administrative access;
  • Monitoring: We use intrusion detection systems and logging to detect unauthorized access attempts;
  • Firewalls: Network traffic is controlled and monitored;
  • Audits: We conduct regular security audits and penetration testing;
  • Backups: Data is backed up to prevent loss due to system failures.

Q: What happens if there is a data breach?

In the event of a security incident or data breach, Inventorygram will:

  • Immediately investigate the cause and scope of the breach;
  • Take steps to contain the breach and prevent further unauthorized access;
  • Notify affected customers without unnecessary delay;
  • Cooperate with law enforcement and regulatory authorities as required;
  • Provide guidance on steps individuals should take to protect themselves.

For breach notifications, contact security@inventorygram.com or legal@inventorygram.com.

Q: Can I perform security audits of Inventorygram?

Customers under contract can request security documentation and audit results. Enterprise customers may negotiate on-site security audits. Contact legal@inventorygram.com to discuss audit requirements.

8. GDPR Rights

Q: What rights do I have under GDPR?

If you are an individual in the EU, UK, or Switzerland, you have rights over your personal data:

  • Right of access: Request a copy of your data in a portable format;
  • Right to rectification: Request correction of inaccurate data;
  • Right to erasure ("right to be forgotten"): Request deletion of your data subject to legal exceptions;
  • Right to restrict processing: Request that processing be limited for specific purposes;
  • Right to data portability: Request your data in a portable format to transfer to another service;
  • Right to object: Object to processing based on legitimate interests or for direct marketing;
  • Right to withdraw consent: Withdraw consent to processing at any time without penalty;
  • Rights related to automated decisions: Request human review of automated decisions that affect you.

Q: How do I exercise my GDPR rights?

To exercise your rights, contact your data controller (the organization that submitted your data to Inventorygram). If you need assistance, contact Inventorygram directly:

We will respond within the timeframe required by law (typically 30 days).

Q: What if I disagree with how my data is being used?

If you believe your rights are being violated, you can:

  • Contact your data controller (the organization processing your data);
  • File a complaint with your local data protection authority;
  • Contact Inventorygram directly at dpo@inventorygram.com.

9. A quick word on the CCPA

Q: What is the CCPA and does it apply to me?

The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), provide rights to California residents regarding personal data. If you or your business are subject to CCPA, these rights apply to how we handle personal data of California residents.

Q: What rights do I have under CCPA?

California residents have the right to:

  • Know what data we collect about them;
  • Delete personal data we hold about them;
  • Opt-out of the sale of their data;
  • Opt-out of targeted advertising and profiling;
  • Receive a portable copy of their data.

Q: Does Inventorygram sell personal data?

No. Inventorygram does not sell personal data in the manner described by CCPA. We share data with service providers and partners only to deliver our service or as required by law. We do not sell or share data for cross-context behavioral advertising.

If you are a California resident and want to exercise your rights, contact privacy@inventorygram.com.

10. Additional Questions

Q: How long is my data kept?

We retain your data while your account is active and for 90 days after account deletion to allow for recovery. After this period, data is securely deleted. Some data may be retained longer to comply with legal obligations (e.g., tax records, financial statements). For details, see our Privacy Policy.

Q: Can I delete my account and all my data?

Yes. You can request account deletion and data removal by contacting privacy@inventorygram.com. Upon account deletion, your data will be removed from active systems within 90 days. Some backup copies may remain temporarily but will be deleted according to our backup retention policy.

Q: Can I export my data?

Yes. Inventorygram provides data export functionality in your account settings. You can download your business records, customer data, sales history, and other information in standard formats (CSV, JSON, etc.). For assistance, contact support.

Q: Does Inventorygram use my data for marketing purposes?

Inventorygram may use aggregate or anonymized data for analytics, service improvement, and business purposes. We do not use your business data for marketing without your consent. If you receive marketing emails, you can unsubscribe using the link in the email or by updating your communication preferences.

Q: What if I have more privacy questions?

We're here to help. Contact our privacy team:

We will respond to privacy questions and requests within 30 days. For urgent matters, please mark your email as urgent.

Q: Where can I find more detailed information?

For complete information about our privacy practices, see: