Legal
Privacy Policy
Our philosophy
open_inventory is built for privacy. We collect the minimum data needed to fulfill an order and delete it as soon as we can.
What we collect
Account number, shipping address, derived location (geoip), IP (optional, when the merchant has IP collection enabled). Order history is kept in the database with personal fields nulled — see "What gets deleted" below.
What we never collect
Email, real name (unless provided in shipping), browsing history, tracking cookies, third-party scripts.
What gets deleted, and when
The moment an order's status changes to fulfilled or cancelled, a database trigger nulls these columns: customer IP, derived location, wallet address, and the full shipping address (8 fields). The order itself stays — order number, total, item count, on-chain payment details — for accounting and lookups.
Shrinking that retained footprint further is on our roadmap. We aim to add per-store settings that null transaction hashes after a configurable window, then aggregate older orders into monthly summaries. Privacy is a direction we keep moving in, not a destination we've reached.
Payment data
For crypto payments we store the transaction hash, chain, token, and amount on the order record. Wallet address is purged when the order closes (fulfilled or cancelled). Monero and Zcash are protocol-level private; on transparent chains (BTC / ETH / Base / Polygon / Arbitrum) the transaction hash links the order to a public on-chain payment until we ship the retention work above.
Cookies
First-party only:
• account_number — your customer login (1 year)
• browse_auth — proves you cleared the store's browse password (30 days)
• forum_session — set if you sign in to the per-store forum (30 days)
• admin_session — set only on the merchant admin login
No tracking cookies, no third-party cookies, no analytics.
Your rights
View, export, or delete your data from your account privacy dashboard at /account/privacy.