Proviand ("the app", "we") is operated by BTNG B.V., a company
registered in the Netherlands. This policy describes what data the app
processes when a merchant installs it on their Shopify store, why, and
what happens to that data.
What we collect, and why
- Product and inventory data — product titles, SKUs, variants, prices, costs and stock levels per location. Used to compute forecasts, reorder points and reports.
- Order data — Proviand reads orders to build sales history. We store this as aggregated daily unit counts per product per location. We do not store customer names, email addresses, shipping addresses, phone numbers or payment details.
- Supplier data you enter — supplier names and contact details you add to send purchase orders. Contact fields (email, phone, address, notes) are encrypted at rest with AES-256-GCM.
- Store metadata — your store domain, plan, and the settings you configure (lead times, safety stock, digest email address).
In short: Proviand is built to know a lot about your
products and nothing about your customers. Customer
personal data is never persisted by the app.
What we never do
- We do not sell or rent data to anyone.
- We do not use your data to train machine-learning models.
- We do not share your data with third parties, except the processors below.
- We do not read more order history than forecasting requires (up to 24 months).
Processors
The app runs on the following infrastructure providers, each bound by their own data-processing agreements:
- Hosting & database — the app and its PostgreSQL database run on EU-region infrastructure.
- Email delivery — used only to send your digest, alerts, and purchase orders you explicitly send to suppliers.
- Cloudflare — serves this website.
GDPR
Proviand implements Shopify's mandatory privacy webhooks:
- Customer data request — because we store no customer personal data, there is nothing to return; we respond accordingly.
- Customer redact — nothing to delete; sales history is aggregated and contains no personal identifiers.
- Shop redact — within 48 hours of Shopify's signal (30 days after uninstall), every record belonging to the store is permanently deleted: settings, forecasts, sales aggregates, suppliers, purchase orders and imports.
You can also request immediate deletion at any time by emailing [email protected].
Data retention
Data is retained while the app is installed. After uninstall, all store data is deleted on Shopify's shop-redact schedule described above. Backups expire within 30 days.
Security
- All traffic is encrypted in transit (TLS).
- Supplier contact details are encrypted at rest.
- Access tokens are stored server-side only and scoped to the minimum Shopify permissions the app needs.
- Supplier contact details are never written to logs.
Contact
BTNG B.V. · Netherlands
[email protected]
If we change this policy materially, we'll note it here with a new date.