← HESHE Stocker

Privacy Policy

App: HESHE Stocker · Version: 2.3 · Effective: 9 May 2026

TL;DR: HESHE Stocker is a cloud service. Your data is stored on our own VPS server in Germany (Frankfurt) — it never leaves the European Union. We do not use advertising or trackers.

1. Data Controller

Goodbax Sp. z o.o.
ul. Michała Kajki 32, 11-010 Barczewo, Poland
KRS (registry no.): 0000987721 · VAT ID: PL7393971973 · REGON: 522888955
Share capital: 5 000,00 PLN
Registered with the District Court in Olsztyn, 8th Commercial Division of the National Court Register
Contact: stocker@heshe.pro

2. Data We Collect and Why

2.1 Account Data

At registration we collect:

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2.2 Inventory Data

Data you and your team enter: parts, products, orders, BOM lines, stock movements, shopping list, projects (multi-warehouse on a single account), serial numbers of delivered units (e.g. frame, motor, battery serials — optional, used for warranty and service tracking). This data is accessible only to users within your company (enforced by Row Level Security in Postgres).

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2.3 Subscription Data

Subscription status (trial / active / expired), billing period end date. Purchase receipts and transaction tokens are processed by Apple / Google as merchant of record — we only receive a status confirmation.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2.4 Technical Logs

NGINX and the application server collect standard API access logs (IP address, timestamp, endpoint). Logs are retained for 7 days and used solely for error diagnostics.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — system security).

2.5 Data Stored Locally on Your Device

Some data is stored only on your device and never transmitted to our servers:

This locally-stored data is not in scope for access/portability requests under Art. 15 and 20 GDPR because it is not held on our infrastructure. You can remove it at any time by signing out of the app or uninstalling it.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — user convenience and device-level access security).

3. Sub-processors

Data is processed with the involvement of the following entities:

EntityPurposeLocation
Hostinger International Ltd.VPS server (database, authentication, realtime, file storage — all self-hosted)EU – Frankfurt, Germany
Apple Inc.In-app payments (iOS), receipt validationUSA (Standard Contractual Clauses)
Google LLCIn-app payments (Android), receipt validationUSA (Standard Contractual Clauses)

The entire backend (Postgres database, authentication, sync, file storage) runs on a self-managed VPS in a German data centre operated by Hostinger. Data transferred to Apple and Google is limited solely to the information necessary for purchase verification (transaction token). We do not transfer inventory data outside the European Union.

4. Device Permissions (Android / iOS)

5. Data Retention

6. Your Rights (GDPR)

You have the right to:

We respond to requests within 30 days. Contact: stocker@heshe.pro.

7. Security

Data in transit is encrypted with TLS 1.3 (Let's Encrypt cert on api.heshe.pro). Passwords are stored in our Postgres database as bcrypt hashes. Access to company data is protected by Row Level Security at the database level — users of one company have no technical ability to access data belonging to another company. Daily database backups + weekly full-server snapshots.

App Lock (optional) — you can enable an additional in-app safeguard: fingerprint / Face ID or an app-level PIN required at every launch or after extended time in the background. This protects your company data when someone gains physical access to your unlocked phone. The PIN and biometrics are handled locally as described in section 2.5.

8. Children

The app is a professional tool and is not directed at children under the age of 13. We do not knowingly collect data from children.

9. Policy Changes

We will notify you of material changes through an in-app notification or email at least 14 days before they take effect. The current version is always available on this page.

10. Contact

stocker@heshe.pro