Privacy Policy
This Privacy Policy explains how OU TH POINT GROUP ("Lagrio", "we", "us") collects, uses, and protects your personal data when you use our inventory management platform at app.lagrio.eu and our website at lagrio.eu.
1. Who We Are
Company: OU TH POINT GROUP
Registration Number: 14514760
Registered Address: Tallinn, Mustamäe linnaosa, A. H. Tammsaare tee 101, 12913, Estonia
Email: [email protected]
Phone: +358454912444
2. What Data We Collect
2.1 Account Information
When you create an account:
- Name
- Email address
- Password (hashed)
- Company name (optional)
- Phone number (if you opt in to WhatsApp or SMS alerts)
2.2 Inventory Data
Data you upload or that syncs from your connected stores:
- Product names, SKUs, quantities
- Product categories, images, prices
- Stock movements, adjustment history
- Store connection details (Shopify, WooCommerce)
2.3 Usage Data
We collect technical data to run and improve the service:
- IP address
- Browser type and version
- Pages visited, time spent
- Referring URL
- Device type
2.4 Payment Data
Processed by Stripe. We do not store full credit card numbers. We keep:
- Last 4 digits of card
- Billing email
- Transaction history
3. How We Use Your Data
We use your data to:
- Provide the Lagrio service (inventory tracking, alerts)
- Authenticate your account and prevent fraud
- Send you low-stock alerts via your chosen channels (WhatsApp, email, SMS)
- Process payments and issue invoices
- Send important service updates (outages, policy changes)
- Improve product features based on usage patterns
- Comply with legal obligations
Marketing: We will only send you promotional emails if you opt in. You can unsubscribe at any time.
4. Legal Basis (GDPR)
We process your data under these legal bases:
- Contract: To provide the service you signed up for
- Legitimate Interest: To improve our product, prevent fraud, and maintain security
- Consent: For marketing emails and optional features like WhatsApp alerts
- Legal Obligation: To comply with tax, accounting, and data protection laws
5. Who We Share Data With
We share data only when necessary:
5.1 Service Providers
- Cloudflare: CDN and DDoS protection
- Brevo: Email delivery
- Twilio: SMS alerts
- Stripe: Payment processing
- Google Analytics: Anonymous usage statistics
- OpenAI / Anthropic: AI features (receipt import, data normalization) — data is not used for model training
5.2 Your Connected Stores
When you connect WooCommerce or Shopify, we access product and order data via their APIs. This data stays within Lagrio and is not shared with third parties.
5.3 Legal Requirements
We may disclose data if required by law (court order, regulatory request, tax audit).
6. Where We Store Data
Your data is stored on EU-based servers in Frankfurt, Germany. Backups are also kept within the EU.
Some service providers (Stripe, OpenAI) may process data outside the EU, but only under GDPR-compliant data processing agreements with standard contractual clauses.
7. How Long We Keep Data
- Active accounts: Data retained as long as your account is active
- Closed accounts: Data deleted within 30 days unless required by law (e.g., tax records kept 7 years)
- Usage logs: Anonymized after 90 days
- Payment records: Kept for 7 years (legal requirement)
8. Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request deletion ("right to be forgotten")
- Portability: Export your data in CSV or JSON
- Restriction: Limit how we process your data
- Object: Opt out of processing based on legitimate interest
- Withdraw Consent: Unsubscribe from marketing or optional features
To exercise these rights, email [email protected]. We will respond within 30 days.
9. Security
We protect your data with:
- HTTPS encryption for all connections
- Password hashing (bcrypt)
- Database encryption at rest
- Regular security audits
- Access controls (only authorized staff can access production data)
- Two-factor authentication for admin accounts
No system is 100% secure. If a breach occurs, we will notify affected users within 72 hours as required by GDPR.
10. Cookies
We use cookies to keep you logged in and remember your preferences. See our Cookie Policy for details.
11. Third-Party Links
Our site may link to external websites (e.g., Stripe, Shopify). We are not responsible for their privacy practices. Check their policies before submitting data.
12. Children's Privacy
Lagrio is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.
13. Changes to This Policy
We may update this policy to reflect legal changes or new features. If we make significant changes, we will notify you by email or via a dashboard banner. Continued use after changes means you accept the updated policy.
14. Contact & Complaints
Data Protection Team
Email: [email protected]
Phone: +358454912444
Address: OU TH POINT GROUP, Tallinn, Mustamäe linnaosa, A. H. Tammsaare tee 101, 12913, Estonia
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:
- Estonia: Estonian Data Protection Inspectorate (AKI)
- Norway: Datatilsynet
- Sweden: Integritetsskyddsmyndigheten (IMY)
This policy applies to all users of Lagrio. By using our service, you agree to these terms. If you have questions, email [email protected].