Last updated · 22 June 2026
Stocka is an offline-first inventory and point-of-sale application for retailers and small businesses, published by BrainBox237 (“we”, “us”, “our”). This policy explains what information Stocka handles, why, where it goes, how long we keep it, and the choices and rights you have over it.
A core design principle of Stocka is that your business data lives on your device first. Stock, sales, debts and expenses are recorded and usable without any internet connection. Data only leaves your device for the specific purposes described below — mainly to sync, back up, license your app, and send notifications.
We do not sell your personal data, and we do not share your business records with advertisers. Stocka contains no advertising networks.
Stocka is built and operated by BrainBox237, a software studio based in Cameroon. For privacy questions, you can reach us at privacy@brainbox237.com. For matters specific to Stocka, you can also use stocka@brainbox237.com.
We are the controller of the personal data described in this policy. The third parties listed in section 06 act as our processors and run the infrastructure that makes sync, storage and notifications work.
We collect only what Stocka needs to do its job. Depending on which features you use, this can include:
| Category | Examples | Source |
|---|---|---|
| Account & identity | Email address, display name, password (stored only as a secure hash), business profile | You, at sign-up |
| Business records | Products, prices, stock levels, sales, debts, expenses, suppliers | You, as you use the app |
| Customer details | Customer names and phone numbers you choose to save for debts and receipts | You |
| Device contacts | A contact you pick from your phone, only if you use the “add from contacts” option | You, with permission |
| Images | Product and expense photos you attach | You |
| Device & technical | Device identifier for licensing, app version, OS, push notification token | Automatically |
| Subscription & payment | Plan, status, and a payment reference from the payment provider (we do not store card or wallet credentials) | Payment provider |
| Diagnostics | Crash reports and basic error logs, if enabled | Automatically |
Stocka only reads your contacts at the moment you tap to add a customer from your phone book, and only the contact you select. We do not upload your whole address book, and we show a plain explanation before the system permission prompt appears. You can decline and still type customer details by hand.
We do not use your business records to build advertising profiles, and we do not sell them.
Where data-protection law requires a legal basis, we rely on: performance of our contract with you (running the app and your subscription); your consent (for optional things like contacts access and notifications, which you can withdraw); our legitimate interests (security, fraud prevention, and improving the app); and legal obligation (keeping certain payment and tax records).
To deliver Stocka we rely on a small number of trusted infrastructure providers. They process data on our instructions only:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, cloud database, sync | Account, business and customer records |
| Cloudflare R2 | Image and backup storage | Product/expense images, backups |
| Firebase (Google) | Push notifications | Push token, device identifier |
| NotchPay | Mobile Money & card subscriptions | Payment reference, plan, status |
We declare each of these, and the data they handle, in the app’s store privacy disclosures. If we add or change a processor, we will update this list.
Our providers may store and process data on servers outside Cameroon, including in the European Union and the United States. Where data crosses borders, we rely on the providers’ own safeguards and standard contractual protections to keep your information protected to a comparable standard.
We use encryption in transit, access controls on our cloud, and row-level security so that one business can never read another’s records. Your app licence is verified offline using a cryptographic (Ed25519) signature, so it cannot be forged on the device. Passwords are never stored in plain text.
No system is perfectly secure, but we work to industry practices and fix issues promptly. If a breach ever affects your personal data, we will notify you and the relevant authorities as required by law.
Depending on where you live, you may have the right to:
To exercise any of these, email privacy@brainbox237.com. We respond within a reasonable time and at most within the period the law requires.
You can delete your Stocka account and its data at any time, either from inside the app (Settings → Account → Delete account) or from the web, without reinstalling the app, at brainbox237.com/stocka/delete-account.
When you delete your account, we remove:
Some payment, licence and tax records are kept for the limited period the law requires, reduced to the minimum non-personal detail. If you own a business that has staff members, deleting your own account does not silently destroy their records — we will guide ownership transfer or shop closure first. Local data on your device is cleared when you delete in-app or uninstall.
Stocka is a business tool intended for adults running or working in a business. It is not directed at children, and we do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we will remove it.
We may update this policy as Stocka evolves or the law changes. We will revise the “last updated” date above and, for significant changes, notify you in the app. Continuing to use Stocka after a change means you accept the updated policy.
Questions, requests or complaints about privacy? Email privacy@brainbox237.com or write to BrainBox237, Buea, South-West Region, Cameroon. You also have the right to complain to your local data-protection authority.