Dashboard

Privacy Policy

Updated Thursday, 26 February 2026

The short version

Wholesale Handler is built and run by me, Dan Edwards. I collect the minimum data needed to run the service. I don't sell it, share it with advertisers, or do anything unexpected with it. Your payment details go directly to Stripe - I never see your card numbers.

What I collect

When you create an account, I store

  • Your name and email address
  • Your business name
  • A hashed version of your password (never stored in plain text)

As you use the service, I also store

  • Products, orders, invoices, and customer relationships you create
  • Business settings you configure (delivery preferences, packing slip text, invoice details)
  • Your currency (detected automatically from your country) and timezone

I do not collect or store payment card details. Payments are handled entirely by Stripe.

What I use it for

Running the service. That's it.

I send the following emails, all transactional

  • Email confirmation when you sign up
  • Password reset requests
  • Email change verification
  • Customer invitations (sent by merchants to their customers)
  • Invoices
  • Restock notifications
  • Subscription confirmation

I do not send marketing emails.

Where your data is stored

Your data is stored on servers in the United Kingdom

  • Database hosted by Neon (AWS EU-West-2, London)
  • Application hosted by Fly.io (London)
  • Emails sent via Mailgun (EU endpoint)

Stripe processes payment data on their own infrastructure under their own privacy policy.

Who else has access to your data

Stripe
What they receivePayment and billing data
WhyProcesses subscriptions
Mailgun
What they receiveEmail addresses
WhyDelivers transactional emails
Neon
What they receiveAll account data
WhyHosts the database
Fly.io
What they receiveAll account data
WhyHosts the application
Inngest
What they receiveEvent metadata
WhyHandles background email delivery

None of these services use your data for their own marketing purposes.

Cookies

I set the following cookies

token
PurposeKeeps you signed in to your account
Duration365 days
menu_sidebar
PurposeRemembers whether the sidebar menu is open or closed
Duration7 days
ab_variant
PurposeAssigns you to a test group so I can compare different versions of the site
Duration90 days
demo_industry
PurposeRemembers which industry demo you viewed so the demo stays consistent as you browse
Duration90 days

During checkout, Stripe may set its own cookies (such as __stripe_mid and __stripe_sid) for fraud prevention. I don't control these - see Stripe's cookie policy(opens in a new tab) for details.

Browser local storage

I store a small amount of functional data in your browser's local storage to keep the demo working between page loads

demo-access-token-merchant
PurposeRemembers your demo session so your changes are saved
demo-access-token-customer
PurposeRemembers your demo session for the customer view
current-party
PurposeRemembers whether you are viewing as a seller or buyer in the demo
cloudflare-country
PurposeStores your detected country for currency selection

This data stays in your browser and is not sent to any third party.

Analytics

I use Umami, a self-hosted analytics tool that does not use cookies and does not collect personal data. It records anonymous page views, device types, browsers, and country-level location. No individual visitors are identified or tracked.

I do not use tracking pixels, advertising scripts, or any analytics service that profiles users.

How long I keep your data

Your data is kept for as long as your account is active. If you cancel your subscription, your data remains available in read-only mode.

When a merchant deletes a customer, financial records (orders and invoices) are preserved for accounting compliance.

Deleting your data

You can delete your business data (products, orders, invoices, customers) from the settings page in the app.

To delete your account entirely, email me at [email protected]. I'll handle it within 30 days, but I aim to do it much faster.

Your rights

Under UK GDPR, you have the right to

  • Access the personal data I hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, email me at [email protected].

Changes to this policy

If I make changes, I'll update the date at the top of this page. For significant changes, I'll notify you by email.

Contact

Dan Edwards
[email protected]