Privacy Policy

Last updated: April 2026

SkuPing ("we," "our," "us") operates the SkuPing application and website at skuping.com. This policy describes how we collect, use, and protect information when you use our service.

Information We Collect

From Merchants (App Users): When you install SkuPing on your BigCommerce store, we receive your store name, store URL, timezone, and an API access token through BigCommerce's OAuth process. We also store your widget and email template customization settings.

From Storefront Visitors (Subscribers): When a customer signs up for a back-in-stock notification on a merchant's storefront, we collect their email address, optionally their name (if the merchant enables the name field), the product and variant they're interested in, and a Cloudflare Turnstile verification token. We do not collect any other personal data from storefront visitors.

How We Use Information

We use merchant information to operate the app, display the dashboard, inject the widget script, and send notification emails on the merchant's behalf.

We use subscriber information solely to send back-in-stock notification emails when the requested product returns to inventory. Subscriber emails are not used for marketing, are not shared with third parties, and are not sold.

Third-Party Services

We use the following third-party services to operate SkuPing:

Cloudflare — hosting, DNS, and Turnstile bot protection. Cloudflare may process IP addresses in accordance with their privacy policy.

Supabase — database hosting. All data is stored in Supabase's cloud infrastructure with encryption at rest.

Resend — email delivery. When a notification email is sent, the subscriber's email address and the email content are transmitted to Resend for delivery. No other subscriber data is shared with Resend.

BigCommerce — we interact with BigCommerce's APIs to read product and inventory data, manage scripts, and register webhooks. We do not access customer personal data beyond order email addresses for conversion attribution.

Data Retention

Active subscriber data is retained as long as the merchant's app is installed and the subscription is active. When a subscriber unsubscribes via the email link, their record is marked as unsubscribed and purged after 90 days.

When a merchant uninstalls SkuPing, all store data (including subscriber records) is retained for 30 days to support reinstallation. After 30 days, all data is permanently deleted.

Notification logs are retained indefinitely for analytics purposes but contain only email addresses, product IDs, and timestamps.

Data Security

All data is transmitted over HTTPS. BigCommerce API tokens are stored server-side and never exposed to the dashboard frontend. Database access is controlled through row-level security policies. Session tokens are signed with HMAC-SHA256 and expire after 24 hours.

GDPR Compliance

Every widget form includes a consent line that cannot be removed by merchants. Every notification email includes a one-click unsubscribe link. Merchants can customize the consent text but cannot disable it.

If you are a storefront visitor and wish to have your data deleted, contact the merchant whose store you subscribed on, or email us at support@skuping.com with your email address and the store name.

Children's Privacy

SkuPing is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact

For privacy questions or data requests, contact us at support@skuping.com.