Privacy Policy

DIYRepo provides a cloud-hosted, multi-tenant inventory management platform. When you use the Service as part of an organization, we act as a data processor for that organization (the data controller). When you visit our website, sign up for an account, or contact us, we act as a data controller for that information.

• Account data: name, email address, password hash, organization, role.
• Customer Data: the inventory, supplier, branch, and operational data your organization stores in the Service.
• Usage data: pages viewed, actions performed, IP address, device, browser, and timestamps — used for security and product improvement.
• Cookies and similar technologies: we use strictly-necessary cookies for authentication and limited analytics cookies (with consent where required).
• Communications: messages you send to support or sales.

• To provide, secure, and improve the Service;
• To authenticate users and prevent fraud or abuse;
• To respond to support requests and communications;
• To send service notices and, with your consent, marketing;
• To comply with legal obligations.

• Contract: to provide the Service you've signed up for;
• Legitimate interests: to operate, secure, and improve our platform, where not overridden by your rights;
• Consent: for optional cookies and marketing emails (you can withdraw at any time);
• Legal obligation: to comply with applicable laws.

We share personal data only with: (a) sub-processors who help us operate the Service (e.g., cloud hosting, email delivery, analytics) under written data-processing agreements; (b) authorities where required by law; (c) acquirers in the event of a merger or sale, subject to confidentiality. We do not sell personal data and we do not share personal data for cross-context behavioural advertising as defined under the CCPA/CPRA.

If personal data is transferred outside your country, we use appropriate safeguards such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms.

Account data is retained for as long as your account is active and for a reasonable period after closure. Customer Data is retained per your organization's instructions and our deletion schedule. Backups are deleted on a rolling basis.

We use industry-standard technical and organizational measures — encryption in transit and at rest, row-level security, role-based access, audit logging, and least-privilege access — to protect personal data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you;
• Request correction or deletion;
• Restrict or object to certain processing;
• Receive your data in a portable format;
• Withdraw consent at any time;
• (California residents) opt out of sale or sharing, request deletion, request to know, and not be discriminated against for exercising your rights;
• Lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights, email privacy@diyrepo.com. If you use the Service through your employer, please direct rights requests to them as the data controller; we will assist them as needed.

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notice before they take effect.

Privacy enquiries: privacy@diyrepo.com. EU/UK representative and Data Protection Officer details are available on request.