Privacy Policy

Effective Date: March 1, 2026 · Last Updated: March 1, 2026
Bowman Ventures LLC · ItemGrid

Contents

Who We Are
Information We Collect
How We Use Your Information
How We Share Information
Shopify Integration
Cookies & Tracking
Data Retention
Security
Your Rights
Children's Privacy
Changes to This Policy
Contact Us

Bowman Ventures LLC ("Bowman Ventures," "we," "us," or "our") operates ItemGrid, a cloud-based inventory management platform available at itemgrid.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.

By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who We Are

ItemGrid is a product of Bowman Ventures LLC, a limited liability company. We provide multi-location inventory tracking software for businesses, including a Shopify integration that allows merchants to synchronize product and inventory data between their Shopify store and ItemGrid.

For purposes of applicable data protection law, Bowman Ventures LLC is the data controller of your personal information collected through the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration: Name, email address, and password when you create an account.
Organization Profile: Organization name, business type, phone number, website, physical address, timezone, and logo image.
Inventory Data: Item names, descriptions, SKUs, barcodes, UPC codes, quantities, costs, prices, categories, photos, and location assignments that you enter into the Service.
Team Members: Names and email addresses of team members you invite to your organization.
Tasks: Task descriptions, due dates, and assignment information.
Support Communications: Messages you send to us for support or feedback.

2.2 Information Collected Automatically

Usage Data: Pages viewed, features used, actions taken within the Service (such as item creation, updates, transfers, and scans), timestamps, and session duration.
Log Data: IP address, browser type, operating system, referring URLs, and device identifiers.
Audit Trail Data: Records of which user performed which actions within your organization (e.g., created, updated, moved, or deleted items). This data is available to organization owners and admins.
Cookies & Similar Technologies: Session cookies for authentication, preference cookies, and analytics cookies. See Section 6 for details.

2.3 Information from Third Parties

Shopify: If you connect a Shopify store, we receive product data (names, SKUs, inventory item IDs, product IDs) and inventory levels from Shopify's API and webhooks. We also receive shop identification information required to maintain the OAuth connection.
TCGPlayer: If you use our market pricing feature for collectible items, we query TCGPlayer's API to retrieve current market price data for products you specify. We do not receive or store any personal information from TCGPlayer.
Stripe: When you subscribe to a paid plan, billing and payment processing is handled by Stripe. We receive confirmation of payment status, subscription state, and a Stripe customer ID. We do not store full credit card numbers or payment method details — these remain with Stripe.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Creating and managing your account, authenticating users, enabling inventory tracking, syncing with Shopify, and delivering all features described on our website.
Billing & Subscriptions: Processing payments, managing subscription plans, and sending receipts or billing notifications through Stripe.
Communications: Sending transactional emails (email verification, password resets, team invitations, low-stock notifications) and, where you have opted in, product updates or announcements.
Analytics & Improvement: Understanding how the Service is used in aggregate to identify bugs, improve features, and prioritize development. We may use Google Analytics or similar tools for this purpose.
Security & Fraud Prevention: Monitoring for suspicious activity, enforcing our Terms of Service, and protecting the integrity of the Service.
Legal Compliance: Responding to lawful requests from government authorities, complying with applicable law, and establishing, exercising, or defending legal claims.
Customer Support: Responding to your inquiries and resolving issues.

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party vendors who process data on our behalf, subject to appropriate confidentiality and data protection obligations:

Stripe — payment processing and subscription billing
Amazon Web Services (AWS) — cloud infrastructure and file storage
Google Analytics — aggregated usage analytics
TCGPlayer — market price data retrieval (no personal data shared)

4.2 Within Your Organization

Users within the same organization share access to inventory data, location data, task data, and audit logs in accordance with their assigned role (Owner, Admin, or User). Organization owners and admins can see the activity history of all team members within their organization.

4.3 Shopify

If you have connected a Shopify store, inventory updates made in ItemGrid may be pushed back to Shopify through our integration. Your use of the Shopify integration is subject to Shopify's Privacy Policy. See Section 5 for details.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or other governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Bowman Ventures, our users, or the public.

4.5 Business Transfers

If Bowman Ventures LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

5. Shopify Integration

ItemGrid offers an optional integration with Shopify. When you install ItemGrid from the Shopify App Store or connect your Shopify store through our platform:

We request OAuth access to your Shopify store's product and inventory data to enable two-way sync.
We receive and store your Shopify store domain, access token, and the Shopify product and inventory item IDs for products you choose to link.
We register webhooks with Shopify to receive real-time updates when product or inventory data changes in your Shopify admin.
We handle Shopify's mandatory GDPR compliance webhooks: customers/redact, shop/redact, and customers/data_request. When we receive a customer data request or deletion request from Shopify, we process it in accordance with GDPR requirements.
We do not access Shopify customer personal data (names, addresses, order history) — only product and inventory data.
You may disconnect the Shopify integration at any time from your Settings page. Upon disconnection, we retain synced product/inventory data within ItemGrid for continuity, but cease receiving updates from Shopify.

6. Cookies & Tracking

We use the following types of cookies and similar tracking technologies:

Strictly Necessary Cookies: Session cookies required for authentication and to keep you logged in. These cannot be disabled without breaking the Service.
Preference Cookies: Store your in-app preferences such as saved filters and notification settings.
Analytics Cookies: We use Google Analytics to understand how users interact with our site. This data is aggregated and does not identify you personally. You can opt out via Google's opt-out tools or by using a browser extension.

Most browsers allow you to control cookies through their settings. Disabling cookies may affect your ability to use certain features of the Service.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes, or to resolve disputes.

Inventory data, item history, and transfer records associated with your organization are retained for the life of your account. Upon account closure, you may request an export of your data before deletion.

Audit log data (user action history) is retained for 12 months by default and may be purged by organization owners at any time.

8. Security

We implement industry-standard security measures to protect your information, including:

HTTPS/TLS encryption for all data in transit
Hashed passwords (bcrypt) — we never store plaintext passwords
API token authentication for programmatic access
Webhook URL validation to prevent server-side request forgery (SSRF)
Organization-level data isolation — your data is never accessible to other organizations
Role-based access controls enforced at the application and middleware level

No method of electronic transmission or storage is 100% secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

9. Your Rights

9.1 All Users

Regardless of location, you have the right to:

Access and download a copy of your personal information
Correct inaccurate personal information through your account settings
Delete your account and associated personal information
Opt out of non-transactional marketing emails at any time

9.2 European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to:

Request restriction of processing of your personal data
Object to processing based on legitimate interests
Request data portability in a structured, machine-readable format
Lodge a complaint with your local data protection authority

Our lawful bases for processing are: (a) performance of a contract (to provide the Service you signed up for); (b) legitimate interests (security, fraud prevention, service improvement); and (c) consent (where you have opted into specific communications).

9.3 California Users (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, including the right to:

Know what personal information we collect and how it is used
Request deletion of your personal information
Opt out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at the address in Section 12.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) or by posting a prominent notice within the Service at least 14 days before the changes take effect. The "Last Updated" date at the top of this policy reflects the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a privacy concern, please contact us:

Company: Bowman Ventures LLC
Product: ItemGrid
Email: privacy@itemgrid.com
Website: itemgrid.com

We will respond to privacy-related requests within 30 days. For GDPR data subject requests, we will respond within the timeframes required by applicable law.