Dashboard

Privacy Policy

Updated Friday, 27 March 2026

The short version

Wholesale Handler is built and run by me, Dan Edwards. I collect the minimum data needed to run the service. I don't sell it, share it with advertisers, or do anything unexpected with it. Your payment details go directly to Stripe - I never see your card numbers.

What I collect

When you create an account, I store

  • Your name and email address
  • Your business name
  • A hashed version of your password (never stored in plain text)

As you use the service, I also store

  • Products, orders, invoices, and customer relationships you create
  • Business settings you configure (delivery preferences, packing slip text, invoice details)
  • Your currency (detected automatically from your country) and timezone

I do not collect or store payment card details. Payments are handled entirely by Stripe.

What I use it for

Running the service. That's it.

I send the following emails, all transactional

  • Email confirmation when you sign up
  • Password reset requests
  • Email change verification
  • Customer invitations (sent by merchants to their customers)
  • Invoices
  • Restock notifications
  • Subscription confirmation
  • Account deletion notifications (sent to connected businesses)
  • Inactive account warnings (if you haven't signed in for over a year)

I do not send marketing emails.

Where your data is stored

Your data is stored on servers in the United Kingdom

  • Database hosted by Neon (AWS EU-West-2, London)
  • Application hosted by Fly.io (London)
  • Emails sent via Mailgun (EU endpoint)

Stripe processes payment data on their own infrastructure under their own privacy policy.

Who else has access to your data

Stripe
What they receive
Payment and billing data
Why
Processes subscriptions
Mailgun
What they receive
Email addresses
Why
Delivers transactional emails
Neon
What they receive
All account data
Why
Hosts the database
Fly.io
What they receive
All account data
Why
Hosts the application
Inngest
What they receive
Event metadata
Why
Handles background email delivery
Sentry
What they receive
Error details, IP addresses, browser information
Why
Monitors errors and performance

None of these services use your data for their own marketing purposes.

Cookies

I set the following cookies

token
Purpose
Keeps you signed in to your account
Duration
7 days
menu_sidebar
Purpose
Remembers whether the sidebar menu is open or closed
Duration
7 days
ab_variant
Purpose
Assigns you to a test group so I can compare different versions of the site
Duration
90 days
demo_industry
Purpose
Remembers which industry demo you viewed so the demo stays consistent as you browse
Duration
90 days

During checkout, Stripe may set its own cookies (such as __stripe_mid and __stripe_sid) for fraud prevention. I don't control these - see Stripe's cookie policy(opens in a new tab) for details.

Browser local storage

I store a small amount of functional data in your browser's local storage to keep the demo working between page loads

demo-access-token-merchant
Purpose
Remembers your demo session so your changes are saved
demo-access-token-customer
Purpose
Remembers your demo session for the customer view
current-party
Purpose
Remembers whether you are viewing as a seller or buyer in the demo
cloudflare-country
Purpose
Stores your detected country for currency selection

This data stays in your browser and is not sent to any third party.

Analytics

I use Umami, a self-hosted analytics tool that does not use cookies and does not collect personal data. It records anonymous page views, device types, browsers, and country-level location. No individual visitors are identified or tracked.

I do not use tracking pixels, advertising scripts, or any analytics service that profiles users.

Error monitoring

I use Sentry to detect and fix errors. When something goes wrong, Sentry receives technical details about the error including your IP address and browser information.

How long I keep your data

Your data is kept for as long as your account is active. If you cancel your subscription, your data remains available in read-only mode.

If you haven't signed in for over a year, I'll send you an email with 30 days notice before scheduling your account for deletion. Signing in at any point resets the clock.

When a merchant deletes a customer, financial records (orders and invoices) are preserved for accounting compliance.

Deleting your data

You can delete your business data (products, orders, invoices, customers) from the settings page in the app.

To delete your account entirely, go to the Danger zone section on the settings page. Account deletion is scheduled immediately but your data is kept for 90 days in case of mistakes or fraudulent account takeovers. After 90 days, all data is permanently removed.

If you change your mind during the 90-day window, email me at [email protected] and I can restore your account.

Your rights

Under UK GDPR, you have the right to

  • Access the personal data I hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, email me at [email protected].

Changes to this policy

If I make changes, I'll update the date at the top of this page. For significant changes, I'll notify you by email.

Contact

Dan Edwards
[email protected]