Public Launch: April 17th, 2026 · We're now accepting early access partners. Reserve your spot →

Stock-Nest
Stock-Nest
Log in to WorkspaceGet Started Free

Privacy Policy

Last Updated: April 8, 2026

This Privacy Policy describes how Stock-Nest ("we", "us", or "our") collects, uses, stores, and protects information when you use our Business Management System and Point of Sale platform accessible at manage.stock-nest.com and our marketing website at stock-nest.com (collectively, the "Service"). By using the Service you agree to the practices described in this Policy.

This Policy is issued in compliance with the Uganda Data Protection and Privacy Act, 2019 (DPPA) and the Uganda Data Protection and Privacy Regulations, 2021.

1. Who We Are

Stock-Nest is a Software-as-a-Service (SaaS) product built for African wholesalers, distributors, and retailers. The data controller for all personal data processed through the Service is:

  • Entity: Stock-Nest
  • Website: https://stock-nest.com
  • Contact: support@stock-nest.com
  • WhatsApp: +256 704 025 224

2. What Stock-Nest Does

Stock-Nest is a cloud-based Business Management System (BMS) and Point of Sale (POS) platform. It allows business owners and their staff to:

  • Record and track inventory, including break-bulk item conversions
  • Process sales transactions and generate automated daily sales reports
  • Manage a financial ledger including customer debt and credit records
  • Analyse profit and cost of goods using FIFO (First-In, First-Out) accounting
  • Manage staff roles (Admin, Manager, Cashier/Employee) with role-based access control
  • Operate multiple businesses or branch locations under a single account
  • Receive real-time in-app alerts for low stock, new sales, and pending debts

The platform is hosted in the cloud so your business data is safe from device loss, theft, or hardware failure.

3. Data We Collect

3.1 Account and Identity Data

When you register or sign in, we collect your name, email address, and authentication credentials. Authentication is handled via Firebase Authentication (Google LLC). We do not store raw passwords — Firebase manages credential hashing and session tokens securely.

3.2 Business Profile Data

When you set up a business on Stock-Nest, we collect the business name, location or district, and business type. This is used to personalise your dashboard and reports.

3.3 Operational Business Data

The core data you enter while using Stock-Nest includes:

  • Inventory: Product names, quantities, purchase prices, selling prices, and unit configurations (e.g. break-bulk splits)
  • Sales Records: Transaction timestamps, items sold, quantities, prices, and staff member involved
  • Financial Ledger: Customer names, phone numbers, debt amounts, and payment history
  • Reports: Automatically generated daily and periodic summaries of sales and profit margins

This data belongs to you. Stock-Nest processes it only to provide and improve the Service as described in this Policy.

3.4 Staff Data

If you add staff members (Managers, Cashiers, or Employees) to your account, we collect their names and email addresses to create their sub-accounts. You are responsible for obtaining consent from your staff before adding them to Stock-Nest.

3.5 Payment and Subscription Data

When you subscribe to a paid plan, payment is processed through Pesapal Limited, a licensed payment service provider operating across East Africa including Uganda. We do not store your mobile money PINs, card numbers, or any raw payment credentials on our servers. We receive only a transaction reference, payment status, and subscription tier confirmation from Pesapal.

3.6 Technical and Usage Data

We may automatically collect technical information including your IP address, browser type, device type, operating system, pages visited within the Service, and timestamps of activity. This is used for security, debugging, and service improvement purposes only.

3.7 Contact Form Data

If you submit a message through our contact page, your name, email, business name, and message content are forwarded via Formspree to our support team. We retain this data to respond to your enquiry and for support records.

4. How We Use Your Data

We process your data for the following purposes:

  • Providing the Service: To authenticate your account, store your business records, and display your dashboard, reports, and analytics.
  • Subscription Management: To verify your payment status, grant or restrict access to features based on your plan, and send billing notifications.
  • Real-Time Notifications: To push in-app alerts about low stock, new sales activity, or financial ledger updates via our Socket.io event system.
  • Customer Support: To respond to enquiries submitted through our contact page or WhatsApp.
  • Service Improvement: To monitor performance, fix bugs, and improve the reliability and features of the platform.
  • Legal Compliance: To comply with applicable Ugandan law and respond to lawful requests from authorities.

We do not sell, rent, or trade your data to any third party for marketing purposes. We do not use your operational business data (inventory, sales, ledger) for any purpose other than operating your account.

5. Legal Basis for Processing

Under the Uganda Data Protection and Privacy Act, 2019, we rely on the following legal bases:

  • Contractual necessity: Processing required to deliver the Service you signed up for (account management, data storage, billing).
  • Consent: Where you have explicitly agreed, such as when adding staff members' contact details or submitting a contact form.
  • Legitimate interests: Technical logging and performance monitoring to keep the Service secure and functional.
  • Legal obligation: Where we are required by law to retain or disclose data.

6. Third-Party Processors

We use carefully selected third-party service providers to operate the Service. Each processor is contractually required to handle your data securely and only for the purposes we specify:

  • Firebase Authentication (Google LLC) — User authentication and session management. Data may be stored on Google's global infrastructure.
  • MongoDB Atlas (MongoDB, Inc.) — Cloud database hosting for all business data. Data is encrypted at rest and in transit.
  • Render (Render Services, Inc.) — Backend API server hosting. Our application server runs on Render's infrastructure.
  • Cloudflare, Inc. — CDN, DNS, and edge hosting for our marketing website and frontend application. Cloudflare may process request metadata for security purposes.
  • Pesapal Limited — Payment processing for subscription payments via MTN Mobile Money, Airtel Money, and supported bank cards. Pesapal is a licensed and established payment service provider operating across East Africa including Uganda.
  • Formspree, Inc. — Contact form submissions forwarded to our email.

7. International Data Transfers

Some of our third-party processors (Firebase/Google, MongoDB Atlas, Render, Cloudflare) operate infrastructure outside of Uganda. Where data is transferred internationally, we rely on the contractual safeguards provided by those processors (standard contractual clauses, data processing agreements) to ensure your data is protected to a standard at least equivalent to the Uganda DPPA, 2019.

8. Data Retention

We retain your data for as long as your account is active or as necessary to provide the Service. Specific retention periods:

  • Active account data: Retained indefinitely while your subscription is active or your Free account is in use.
  • After cancellation: We retain your data for 30 days after you cancel your subscription or close your account, to allow you to export your records or reactivate.
  • After 30 days: All personally identifiable business data is permanently deleted from our systems, unless we are required to retain it by law.
  • Payment transaction logs: Retained for 7 years as required under Ugandan financial regulations.
  • Support communications: Retained for 2 years for service continuity purposes.

9. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS (HTTPS). Plain HTTP connections are rejected.
  • Database data is encrypted at rest by MongoDB Atlas.
  • Authentication uses Firebase's secure token infrastructure with short-lived JWT sessions.
  • Role-based access control (Admin, Manager, Cashier) ensures staff can only access the data appropriate for their role.
  • Our API uses JWT verification middleware on every protected endpoint.
  • We do not store mobile money PINs, card CVVs, or raw payment credentials at any point.

While we take all reasonable precautions, no system is completely immune to breaches. In the event of a security incident affecting your data, we will notify you within 72 hours as required by the Uganda DPPA.

10. Your Rights

Under the Uganda Data Protection and Privacy Act, 2019, you have the following rights:

  • Right of Access: You may request a copy of the personal data we hold about you and your business.
  • Right to Rectification: You may correct inaccurate or incomplete data directly in your account settings, or contact us to do so.
  • Right to Erasure: You may request deletion of your account and all associated business data. We will action this within 30 days, subject to any legal retention obligations.
  • Right to Data Portability: You may export your inventory, sales history, and ledger data at any time from within your dashboard as a PDF or spreadsheet.
  • Right to Object: You may withdraw consent for any processing based on consent (e.g. marketing communications) at any time.
  • Right to Restriction: You may request that we limit how we process your data in certain circumstances, such as while a dispute is being investigated.

To exercise any of these rights, contact us at support@stock-nest.com or via WhatsApp at +256 704 025 224. We will respond within 14 days.

11. Cookies and Session Storage

Stock-Nest uses browser session storage and HTTP-only cookies to maintain your authenticated session. We do not use third-party advertising cookies or tracking pixels. The cookies we set are strictly necessary for the Service to function. By using Stock-Nest, you consent to these functional cookies.

12. Children's Privacy

The Service is intended for business owners and their staff. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor has registered, please contact us immediately and we will delete the account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice within the application at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

For any privacy-related questions, requests, or complaints, please contact us:

  • Email: support@stock-nest.com
  • WhatsApp: +256 704 025 224
  • Website: https://stock-nest.com/contact

If you are not satisfied with our response, you may lodge a complaint with the National Information Technology Authority – Uganda (NITA-U), which is the supervisory authority for data protection in Uganda.