TL;DR: HESHE Stocker is a cloud service. Your data is stored on our own VPS server in Germany (Frankfurt) — it never leaves the European Union. We do not use advertising or trackers.
Goodbax Sp. z o.o.
ul. Michała Kajki 32, 11-010 Barczewo, Poland
KRS (registry no.): 0000987721 · VAT ID: PL7393971973 · REGON: 522888955
Share capital: 5 000,00 PLN
Registered with the District Court in Olsztyn, 8th Commercial Division of the National Court Register
Contact: stocker@heshe.pro
At registration we collect:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Data you and your team enter: parts, products, orders, BOM lines, stock movements, shopping list, projects (multi-warehouse on a single account), serial numbers of delivered units (e.g. frame, motor, battery serials — optional, used for warranty and service tracking). This data is accessible only to users within your company (enforced by Row Level Security in Postgres).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Subscription status (trial / active / expired), billing period end date. Purchase receipts and transaction tokens are processed by Apple / Google as merchant of record — we only receive a status confirmation.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
NGINX and the application server collect standard API access logs (IP address, timestamp, endpoint). Logs are retained for 7 days and used solely for error diagnostics.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest — system security).
Some data is stored only on your device and never transmitted to our servers:
This locally-stored data is not in scope for access/portability requests under Art. 15 and 20 GDPR because it is not held on our infrastructure. You can remove it at any time by signing out of the app or uninstalling it.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest — user convenience and device-level access security).
Data is processed with the involvement of the following entities:
| Entity | Purpose | Location |
|---|---|---|
| Hostinger International Ltd. | VPS server (database, authentication, realtime, file storage — all self-hosted) | EU – Frankfurt, Germany |
| Apple Inc. | In-app payments (iOS), receipt validation | USA (Standard Contractual Clauses) |
| Google LLC | In-app payments (Android), receipt validation | USA (Standard Contractual Clauses) |
The entire backend (Postgres database, authentication, sync, file storage) runs on a self-managed VPS in a German data centre operated by Hostinger. Data transferred to Apple and Google is limited solely to the information necessary for purchase verification (transaction token). We do not transfer inventory data outside the European Union.
You have the right to:
We respond to requests within 30 days. Contact: stocker@heshe.pro.
Data in transit is encrypted with TLS 1.3 (Let's Encrypt cert on api.heshe.pro). Passwords are stored in our Postgres database as bcrypt hashes. Access to company data is protected by Row Level Security at the database level — users of one company have no technical ability to access data belonging to another company. Daily database backups + weekly full-server snapshots.
App Lock (optional) — you can enable an additional in-app safeguard: fingerprint / Face ID or an app-level PIN required at every launch or after extended time in the background. This protects your company data when someone gains physical access to your unlocked phone. The PIN and biometrics are handled locally as described in section 2.5.
The app is a professional tool and is not directed at children under the age of 13. We do not knowingly collect data from children.
We will notify you of material changes through an in-app notification or email at least 14 days before they take effect. The current version is always available on this page.