Privacy
Privacy Policy
Read the short plain-language summary first, then review the full Privacy Policy below.
Simple version
This summary is here to make the main points easier to understand. It does not replace the full Privacy Policy below, which is the controlling version.
1. We collect what we need to run STOQ — your account details, the data you enter, payment records, and technical information like device and usage data.
2. We use your data to provide and secure the service, support you, improve the product, and meet legal requirements — nothing more than needed.
3. We do not sell your personal data. We share it only with service providers and where the law requires, always limited to what is necessary.
4. Payment details are handled by certified providers (Stripe, Apple Pay, Google Pay, PayPal). We never store your full card details.
5. You have rights over your data — access, correction, deletion, and more. To exercise them, contact privacy@stoq.global.
6. If we make material changes to this Policy, we will notify you and post the updated version here before it takes effect.
Privacy Policy
Last updated: May 20, 2026
This Privacy Policy has been developed by STOQ FZ-LLC (FDRK5298, Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates), the rights holder of the STOQ platform (hereinafter — “STOQ”, “we”).
This Privacy Policy (hereinafter — the “Policy”) establishes the principles and rules governing the processing of personal data in connection with the use of STOQ services, including the mobile application, web application, websites, application programming interfaces (APIs), integrations, administration tools, and other digital products, features, and services provided under the STOQ brand (collectively referred to as the “Service”).
STOQ is provided by a legal entity incorporated in the United Arab Emirates. We process personal data in accordance with applicable UAE law. Where the laws of other countries apply to the processing of data, we comply with such requirements to the extent prescribed by applicable law.
The Policy explains, in particular: which categories of personal data we may collect and receive; the sources from which such data is obtained; the purposes for which and the legal bases on which we use data; the circumstances in which and to whom data may be disclosed (e.g., to infrastructure providers and subcontractors); how long data is retained and the principles governing its deletion, anonymisation, or archiving; the security measures applied to protect personal data; the rights users hold in respect of their data and how to exercise those rights; the rules governing cross-border data transfers (including through the use of cloud infrastructure); and how we notify users of changes to the Policy and how to contact us regarding privacy matters.
1. Scope of the Policy
This Policy applies to all instances of personal data processing carried out in connection with the use of the STOQ Service. It covers any circumstances in which you interact with the Service, irrespective of the method of access, the device used, or the format of use.
The Policy applies regardless of whether you access STOQ via the mobile application, a web browser interface, the desktop version (where available), or through programmatic interfaces or other technical means of connection. Its provisions extend to both registered users and persons who use certain features of the Service without creating an account, where such features are available.
This Policy applies to the processing of data related to the creation and use of an account, including registration, account verification, login, access recovery, session management, profile configuration, and user preferences, as well as measures to ensure account security and prevent unauthorised access.
The Policy covers the processing of data relating to both free and paid features of the Service. This includes subscription management, plan management, invoicing, payment accounting within the information available to STOQ, and compliance with legal requirements relating to the retention of financial and accounting records. Where payment is made through third-party payment providers, the processing of payment details may be carried out by such providers in accordance with their own policies, and STOQ receives and processes only the information necessary to confirm payment and maintain records.
This Policy covers the processing of data when contacting customer support or otherwise interacting with STOQ, including correspondence, enquiries, submitted files, error reports, participation in surveys, and the provision of feedback. Such data is used for the purposes of providing support, improving the quality of service, resolving technical issues, and preventing abuse, to the extent permitted by law.
2. Relationship of the Policy to Other Documents
This Policy applies to all instances of personal data processing related to the use of the STOQ Service. In all other cases, the processing of personal data is carried out in accordance with this Policy. We determine the purposes and means of personal data processing in cases where this is necessary for the provision and protection of the Service.
In most cases, STOQ independently determines what data is necessary for the operation of the Service, for security, user support, and legal compliance. In such cases, STOQ acts as the data controller. STOQ remains responsible for the processing of data related to the management of the Service itself, account security, payment accounting, technical logs, and compliance with legal requirements.
If you have questions about how your personal data is processed, or if you wish to exercise your rights, you may contact us at: privacy@stoq.global. We recommend indicating the subject line: “Privacy / Personal Data Request”. For the purpose of protecting your data, we may request verification of your identity before providing information or executing a request. Where a data protection officer has been appointed within the company, an additional contact address may be provided separately.
3. What Data We Collect
In the course of providing the Service, STOQ may collect and process personal data of Users and other individuals to the extent necessary for the functioning of the Service, the fulfilment of obligations to Users, compliance with legal requirements, and the protection of STOQ’s legitimate interests. The scope and nature of the data processed depend on the type of account, the features selected, and the manner in which the Service is used.
Registration and Profile Data
When creating and using an account, we may process the username (if provided), email address, phone number (if provided), country and interface language, as well as settings and preferences associated with the use of the Service. These data are necessary for the creation and administration of the account, user identification, provision of access to the platform’s functionality, and communication.
Authentication and Security Data
In order to ensure secure access to the Service and to protect accounts, STOQ processes data related to login and access management. Such data may include the unique user identifier, login credentials (including email address), password hash (passwords are not stored in plain text), information on the activation of multi-factor authentication, account login records (time, IP address, device), session tokens, programmatic access keys, as well as records of failed login attempts or other suspicious activity. These data are used exclusively for user authentication, the prevention of unauthorised access, and the security of STOQ’s infrastructure.
Operational, Inventory, and Collection Data
In the course of using the functionality of STOQ, users may enter, upload, or generate data related to the recording of goods, materials, assets, collectible items, and other objects. Such data may include item cards, quantity indicators, batches and serial numbers, statuses and deadlines, records of movements and transactions, storage location data, user activity logs, comments, service notes, and attached files. When maintaining personal collections, data may additionally include descriptions of collection items, their characteristics, condition, acquisition history, estimated value, images, and other associated information entered by the user. Depending on the manner in which the Service is used, such data may contain personal data of third parties. The user independently determines what data is entered into the system and bears responsibility for its lawfulness.
Payment and Financial Data
When using paid features, STOQ may process data related to the subscription and payment, including the selected pricing plan, subscription status, start and end dates of the paid period, invoices issued, transaction identifiers, and payment history. Where payments are processed through third-party payment providers, such providers may independently process payment details in accordance with their own policies. In such cases, STOQ generally does not store full bank card details and receives only limited information necessary to confirm payment and maintain records.
STOQ may use the following certified payment providers to process payments for Subscriptions and other paid features of the Service: Stripe, Inc., Apple Pay, Google Pay, PayPal. When making a payment, your payment data (card details, tokenised payment instrument data, billing address) are transmitted directly to the relevant provider and processed in accordance with its privacy policy. STOQ does not store full bank card details and does not have access to your account credentials within Apple Pay, Google Pay, or PayPal systems. Stripe is certified as a PCI DSS Level 1 service provider. When using Apple Pay and Google Pay, your card details are replaced by a token — actual card data is not transmitted to STOQ. When paying via PayPal, you may be redirected to the PayPal website, where PayPal’s privacy policy and terms of use apply. By using STOQ’s paid features, you also accept the data processing terms of the relevant payment provider.
Communications and Support
When contacting customer support or otherwise interacting with STOQ, the content of enquiries, correspondence, attached files, error reports, feedback, and suggestions for improving functionality may be processed. Depending on the tools used, records of chats or calls may be retained to the extent permitted by law. These data are used for providing support, resolving technical issues, improving the quality of service, and protecting the rights of STOQ.
Technical and Usage Data
In the course of using the Service, technical and diagnostic data are collected automatically. These may include the IP address, device identifiers, device type and operating system, application or browser version, system language, device configuration, network connection data, Service activity logs, crash reports, and performance data. Such data are necessary for ensuring the stability of the platform, analysing performance, identifying errors, and enhancing the level of security.
Cookies and Similar Technologies
STOQ uses cookies and similar technologies for session management, security, saving user settings, analytics and functionality improvement, and abuse prevention. The categories of cookies used and the manner of their use are disclosed in a separate cookie policy.
Data from Integrations
When connecting third-party services, STOQ may receive data through the programmatic interfaces of such services to the extent determined by the integration settings and user permissions. The processing of such data is carried out exclusively for the purpose of enabling the relevant integration and the functioning of the Service. Third-party services may independently govern data processing in accordance with their own policies.
The Service is not intended for the storage of special (sensitive) categories of personal data, such as medical data, biometric data, information on political views, etc. Please do not upload such data to STOQ unless this is required by applicable law and you have a lawful basis for their processing.
4. Sources of Data
We obtain personal data from various sources depending on how the Service is used, which features are activated, and in what capacity you interact with STOQ.
The primary source of data is you. Personal data may be provided directly when creating an account, completing a profile, providing contact information, configuring account settings, entering data within the functionality of the Service, uploading files and documents, and when contacting customer support or otherwise interacting with us. In these cases, the scope of information provided is determined by your actions and the features selected.
Some information is generated automatically in the course of using the Service. Such data include technical logs, records of system logins, interface actions, use of individual features, device, browser, operating system, network connection data, and other information necessary to ensure the stable and secure operation of the platform. These data are collected automatically by STOQ’s software and infrastructure.
Where paid features of STOQ are used, we may receive from payment providers information confirming the fact of payment, including transaction status, payment date, and transaction identifier. Full payment details are generally processed directly by the payment provider in accordance with its own policies. Accordingly, the sources of data may include: you as a user, automated technical processes, connected third-party services, and payment providers — to the extent necessary for the functioning of the Service and the fulfilment of our obligations.
5. How We Use Data
We use personal data exclusively for lawful, specified, and transparent purposes, to the extent objectively necessary for the functioning of the Service, the fulfilment of obligations to users, the ensuring of security, and compliance with legal requirements.
Provision of the Service
Personal data are used for the creation and administration of accounts, user authentication, provision of access to STOQ’s functionality, and ensuring the correct operation of the platform. This includes the storage, structuring, and display of data entered by the user, synchronisation of information across devices, enabling connected integrations, and managing the subscription, pricing plan, and access to paid features.
Security
We use data to protect accounts and STOQ’s infrastructure against unauthorised access, abuse, and other security threats. This includes access control, activity monitoring, detection of suspicious actions, fraud prevention, incident investigation, and ensuring the integrity, confidentiality, and availability of data. Such processing is necessary to maintain the stable and secure operation of the Service and to protect the interests of users.
Product Improvement
Personal data and technical information may be used to analyse the use of features, assess system performance, identify technical errors, and improve the user interface. We apply such data to optimise the operation of the platform, test new features, and improve the stability and usability of the Service. Processing is carried out in accordance with the principle of data minimisation. STOQ does not use personal or identifiable user data for training, fine-tuning, or deploying AI models without explicit prior consent (opt-in). Anonymised aggregate data may be used to improve the Service’s algorithms to the extent specified in Section 9 of the Terms of Use.
Support and Communications
Data are used to process support enquiries, respond to user requests, resolve technical issues, and provide consultations. We may also send service notifications related to the operation of the Service, functionality updates, changes to terms and conditions, security measures, or platform outages. Such communications are necessary for the proper use of the Service.
Legal Compliance and Protection of Rights
Personal data may be used to comply with applicable legal requirements, maintain mandatory records, retain documentation for prescribed periods, and respond to lawful requests from public authorities. In addition, data may be used to protect the rights and legitimate interests of STOQ, users, and third parties, including the prevention of violations, resolution of disputes, and the assertion or defence of legal claims.
Marketing Communications
Where a lawful basis exists, we may use contact details to send informational or marketing communications about STOQ’s features and updates. Users may opt out of receiving such communications at any time by using the provided opt-out mechanism.
6. Legal Bases for Processing
We process personal data only where a lawful basis for such processing exists under applicable law. The specific basis depends on the nature of the data, the purposes of processing, and the user’s jurisdiction.
In most cases, processing is carried out for the purposes of performing the contract between you and STOQ. This applies to situations where data are necessary for creating an account, providing access to the Service’s functionality, processing a subscription, enabling integrations, or providing support. Without such processing, the provision of the Service would not be possible.
Processing may also be carried out to comply with legal obligations imposed on STOQ, including accounting requirements, document retention, responding to lawful requests from public authorities, and fulfilling other mandatory requirements. In certain cases, we may process data on the basis of our legitimate interests, for example to ensure the security of the Service, prevent abuse, protect infrastructure, analyse performance, and improve the platform’s functionality. In doing so, we assess that such interests do not override the rights and freedoms of users.
Where processing requires user consent, such consent is obtained separately and may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
If you are located in the EU/EEA (or where GDPR applies), we process data on one of the following legal bases: performance of a contract, compliance with a legal obligation, legitimate interest (e.g., security and improvement of the Service), or consent — where required. In the United States, processing is carried out for the purposes of providing services, ensuring security, improving the product, and complying with legal requirements. In certain states, additional data subject rights may apply in accordance with local laws. We determine the legal basis for processing having regard to applicable law and the specific circumstances of use of the Service.
7. Disclosure of Data
We may disclose personal data to third parties only in the circumstances and to the extent necessary for the purposes set out in this Policy, or where such disclosure is required by law. Data transfers are not carried out arbitrarily and are always limited by the principle of minimum necessary scope.
Personal data may be transferred to service providers that supply technical and organisational support for the operation of the Service. Such providers may include companies providing cloud infrastructure and hosting, data storage and backup, monitoring and diagnostics tools, payment processing systems, analytics services, and user support and communication platforms. Such providers are granted access to data only to the extent necessary for the performance of their functions and are required to comply with confidentiality and security requirements. An up-to-date list of sub-processors is available upon request at privacy@stoq.global.
Where STOQ forms part of a corporate group, personal data may be processed within such group provided that uniform data protection and confidentiality standards are maintained that are comparable to this Policy.
We may disclose personal data to public authorities or other authorised persons where this is required by applicable law, a court order, or other binding requirement. In addition, disclosure may be made where necessary to protect the rights, legitimate interests, and security of STOQ, users, or third parties, including the prevention of fraud and other violations.
In the event of a reorganisation, merger, asset sale, investment transaction, or other corporate transaction, personal data may be transferred to a successor entity or prospective acquirer, subject to compliance with confidentiality requirements and the adoption of appropriate data protection measures.
STOQ does not sell personal data or provide it to third parties for their independent marketing purposes without an appropriate legal basis. STOQ does not claim intellectual property rights in respect of data or content uploaded by the user to the Service. The provision of data to the Service does not entail the transfer of intellectual property rights to STOQ.
8. International Data Transfers
STOQ is incorporated in the United Arab Emirates. As a company registered in the UAE, STOQ complies with the requirements of Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE Personal Data Protection Law, UAE PDPL), including data subject rights and security breach notification obligations. Depending on the infrastructure architecture, the service providers used, and the location of users, personal data may be processed and stored both in the UAE and in other countries.
Such transfers may be associated with the use of cloud technologies, backup systems, monitoring and analytics tools, or other services that support the functioning of the platform. We organise data processing in a manner that complies with the requirements of applicable law, including provisions governing the cross-border transfer of personal data.
Where data is transferred to other countries, we apply legally prescribed protective measures. This may include the use of contractual guarantees with service providers, assessment of the level of data protection in the recipient jurisdiction, restriction of access to information, encryption, and other technical and organisational security measures. We endeavour to ensure a comparable level of personal data protection regardless of the country in which the data is processed.
For the transfer of personal data from the EU/EEA to third countries, we apply the EU Standard Contractual Clauses (2021, Module 2: controller → processor). For other jurisdictions, appropriate safeguards are applied in accordance with the requirements of local data protection law.
9. Data Retention Periods
We retain personal data only for the period necessary to achieve the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. In determining retention periods, we take into account the nature of the data, the purposes of processing, legal requirements, and the need to protect the rights of STOQ and users.
Account data is retained throughout the period of account activity. Following account closure or cancellation of the Subscription, operational data is retained: for up to 30 (thirty) calendar days — for standard plans; up to 60 (sixty) days — for extended plans; up to 90 (ninety) days — for premium plans. During this period, the user may export their data. Upon expiry of this period, data is permanently deleted. Payment and accounting data are retained for the periods prescribed by applicable tax law (generally from 5 to 7 years depending on the jurisdiction). Data required for the resolution of disputes or the prevention of fraud may be retained until the completion of the relevant proceedings.
Security logs and technical logs are retained for a maximum of 12 (twelve) months, unless otherwise required by applicable law or necessitated by a security incident investigation. In the event of an incident investigation, such data may be retained for a longer period — until the investigation is completed.
Payment and accounting data are retained for the periods prescribed by applicable law, including tax and financial accounting requirements. Upon expiry of the mandatory retention period, such data are subject to deletion or archiving in accordance with the established procedure.
Backup data is retained within a cyclical storage system and is automatically overwritten in accordance with an established schedule. During the retention period, backups are used exclusively for the recovery of information in the event of technical failures or incidents.
Upon expiry of the applicable retention period, personal data are deleted or rendered in a form that does not permit the identification of a specific individual. In certain cases, data may be anonymised for use in statistical or analytical purposes, provided that the possibility of re-identification is excluded.
10. Data Security
We implement reasonable and proportionate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. The level of measures applied is determined with regard to the nature of the data processed, the scale of processing, the potential risks to the rights and freedoms of users, and the current state of technology.
Technical measures include, in particular, the use of secure data transmission protocols, encryption of data in transit and, where necessary, at rest, role-based access control based on the principle of minimum necessary access, user authentication, system activity logging, security monitoring, regular software updates, and data backup and recovery procedures. We also employ anomaly and threat detection tools, conduct vulnerability assessments, and take measures to promptly remediate identified risks.
Organisational measures include internal data protection policies and procedures, restriction of employee access to information based on their job responsibilities, confidentiality obligations, regular staff training on information security matters, incident management procedures, and assessment of the reliability of service providers that may be granted access to data. Notwithstanding the measures implemented, no information system can guarantee absolute protection against all possible threats. We continually improve our protection mechanisms in response to evolving risks and the technological environment.
11. Security Incidents
A security incident is any event involving a breach of the confidentiality, integrity, or availability of personal data, including their accidental or unlawful loss, destruction, alteration, unauthorised disclosure, or unauthorised access.
In the event of the discovery or reasonable suspicion of a security incident, we immediately take measures to contain it and prevent the further spread of its consequences. An assessment is conducted of the nature of the incident, the scope of affected data, the potential risks to the rights and freedoms of users, and the causes of the event. Each incident is documented in accordance with the established internal procedure. Based on the results of the analysis, corrective measures may be taken aimed at remedying identified vulnerabilities and preventing similar events in the future.
Where an incident poses a risk to the rights of users and is subject to mandatory notification, we notify the competent supervisory authority within 72 (seventy-two) hours of the discovery of the incident (in accordance with GDPR Art. 33, UAE PDPL, and analogous provisions of applicable jurisdictions). Users whose data have been placed at risk are notified without undue delay. The format and content of the notification are determined by the requirements of the relevant jurisdiction and the nature of the incident.
12. Your Rights
Depending on the legislation of your country of residence, you may hold certain rights in respect of your personal data. The scope and conditions for the exercise of such rights are determined by applicable law.
In general, you are entitled to request confirmation of the processing of your personal data and to obtain access thereto, as well as to require the correction of inaccurate or incomplete information. In cases provided for by law, you may request the deletion of data, the restriction of its processing, or lodge an objection to processing where there are legal grounds to do so.
Where processing is carried out on the basis of your consent, you are entitled to withdraw such consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal. In cases provided for by law, you may also request the provision of your personal data in a structured and machine-readable format, where this is technically feasible and does not adversely affect the rights and freedoms of third parties.
To exercise your rights, you may submit a request to privacy@stoq.global. For the purpose of protecting data against unlawful disclosure, we may request verification of your identity or additional information necessary to process the request. A response to a request will be provided within the timeframes prescribed by applicable law. In the event of a complex request or the need for additional verification, the response period may be extended within the limits permitted by law.
STOQ uses AI components and automated data processing algorithms for analytics, automatic categorisation of items, and personalisation of the interface. All AI features are of an auxiliary nature and fall within the category of low-risk systems in accordance with the EU AI Act (Regulation 2024/1689). STOQ does not make legally significant decisions affecting users’ rights in a fully automated manner without human involvement (GDPR Art. 22). Users are entitled to request an explanation of any automated result by submitting a request to privacy@stoq.global. For further information on AI features, see Section 24 of the STOQ Terms of Use.
If you are located in a jurisdiction where a data protection supervisory authority operates, you are entitled to lodge a complaint with the relevant authority. Users in the EU/EEA may contact the supervisory authority of their country of residence. An up-to-date list of data protection authorities in the EU is available on the website of the European Data Protection Board: edpb.europa.eu. Users in the UAE are entitled to contact the UAE Data Office.
13. Marketing and Notifications
We may send users communications related to the functioning of the Service, account security, changes to platform operations, functionality updates, terms and conditions, and other material aspects of service provision. Such communications are service notifications and are sent for the purpose of duly fulfilling our obligations in respect of the provision of the Service and ensuring its safe use. Separate user consent is generally not required for the sending of such notifications, as they are necessary for use of the platform.
Marketing and informational communications regarding STOQ’s features, updates, or offers are sent only where there is a corresponding legal basis under applicable law. Where consent is required, such communications are sent only after its receipt. Each marketing communication contains a mechanism for opting out of further mailings. Users are entitled to opt out of receiving marketing communications at any time by using the provided opt-out function or by submitting a request to the contact details provided.
Opting out of marketing communications does not affect the receipt of service notifications necessary for the functioning and safe use of the Service. Notifications regarding automatic Subscription renewal, upcoming charges, failed payments, changes to pricing plans, and other billing notifications are service notifications and are sent on the basis of contractual obligations — separate consent for their receipt is not required.
14. Additional Provisions for Specific Jurisdictions
Depending on your country of residence, specific provisions of local law may apply to the processing of personal data, providing for additional rights or requirements regarding the manner of processing. Where applicable law grants users expanded rights — for example, the right to obtain information on the categories of data processed, the sources from which they were obtained, the purposes of disclosure to third parties, or the right to restrict certain methods of data use — such rights are exercised in accordance with the requirements of the relevant jurisdiction.
In certain countries or states, rights may also apply to receive additional information regarding the transfer of data to third parties, the right to lodge a complaint with an authorised supervisory authority, and the right to protection against discrimination in connection with the exercise of one’s rights.
STOQ applies the provisions of this Policy having regard to the requirements of the law applicable to the specific user and, where necessary, ensures additional guarantees provided for by the relevant jurisdiction. Residents of California (USA) are entitled, in accordance with the California Consumer Privacy Act (CCPA/CPRA), to: request information on the categories and sources of their personal data; require the deletion of personal data; correct inaccurate data; and opt out of the sale or transfer of personal data to third parties for advertising purposes. STOQ does not sell or transfer users’ personal data to third parties for advertising purposes. CCPA requests should be submitted to privacy@stoq.global with the subject line “CCPA Request”. We do not discriminate against users who exercise their rights under the CCPA.
Users in India. The processing of personal data of users located in India is carried out in accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023 (DPDP Act) in respect of provisions that have entered into force. Users in India are entitled to access their personal data, request its correction or deletion, and withdraw previously given consent to processing. For questions regarding the protection of personal data, complaints, and the exercise of rights, users in India may contact the STOQ Grievance Officer at: privacy@stoq.global with the subject line “India Privacy Request”. STOQ processes enquiries within 15 (fifteen) days of receipt. As secondary legislation under the DPDP Act enters into force, STOQ will update this Policy in accordance with the new requirements.
Some browsers transmit a Do Not Track signal. At this time, STOQ does not respond to such signals in a uniform manner, as no standards for the processing of such signals exist.
15. Age Restrictions
The Service may be used by persons of any age where permitted by the laws of the user’s country.
STOQ ensures the protection of the data of minor users in accordance with applicable law. For users under 13 years of age (USA, COPPA) and under 16 years of age (EU/EEA, GDPR), STOQ applies mechanisms for verifying the consent of a parent or legal guardian. A parent or legal guardian who has provided such consent bears responsibility for the use of the Service by the minor and is entitled at any time to request the deletion of the minor’s data by contacting privacy@stoq.global.
STOQ does not intentionally collect personal data in violation of the requirements of legislation on the protection of minors’ data. In the event of receiving substantiated information that data has been provided in violation of applicable law, we will take reasonable measures to delete or restrict the processing of such data in accordance with the law.
16. Changes to the Policy
We may periodically update this Policy in response to changes in legislation, the development of the Service’s functionality, or adjustments to internal data processing procedures. The current version of the Policy is published in the Service interface or on the relevant page of the website, with the date of the last update indicated. We recommend that users regularly review the current version of the Policy.
In the event of material changes that may affect users’ rights or the manner in which personal data is processed, we will notify users no less than 14 (fourteen) calendar days before the changes take effect — through the Service interface and/or by email to the address provided in the account. Technical and editorial amendments that do not affect users’ rights take effect from the moment the updated version is published. Continued use of the Service following the entry into force of amendments constitutes acceptance of the updated version of the Policy, except where applicable law requires that separate consent be obtained.
17. Contact Information
For all questions related to the processing of personal data, the exercise of your rights, or this Policy, you may contact us at: privacy@stoq.global.