Privacy Policy
This privacy policy explains what personal data ERPkit collects, who it is shared with, how long it is kept, and what rights you have over it. It is written to cover two situations: visiting the ERPkit website (before you sign up), and using the ERPkit app (after you sign up).
1. Who we are
ERPkit is operated by Menzo Solutions 1287140/G, established in Tunisia. Menzo Solutions is the data controller for the personal data described in this policy.
You can reach us through the Support page.
2. Who this policy covers
ERPkit has two surfaces, and we collect different data on each:
- Section A — when you visit the public website (marketing pages, blog, pricing, this policy). No account is required.
- Section B — when you use the ERPkit app (you are signed in).
Both sections below apply to you as soon as you land on the corresponding surface.
3. Section A — When you visit the website
The ERPkit website (marketing pages, blog, pricing, legal and support pages) does not require an account and does not set cookies.
The only data processing that happens on the website is analytics:
- We use Umami, a self-hosted, cookieless analytics tool running on ERPkit's own infrastructure in Frankfurt, Germany.
- Umami sets no cookies, stores no identifiers, and does not track you across other sites.
- Visitor IP addresses are hashed with a rotating salt and are not linked to your identity.
- Because no personal data is collected by analytics, no consent banner is shown.
Umami gives us aggregate page-view counts, referrers, and country-level location so we can understand which pages are useful. It does not build a profile of you.
4. Section B — When you use the app
Once you sign in to the ERPkit app, we collect and store the following data to run the service for you:
Account data
- Email address — used for sign-in, service notifications, and support replies.
- Password — stored only as a one-way secure hash; never as plain text.
- Terms of Service acceptance timestamp — recorded when you created your account.
ERP credentials
- Dolibarr API URL and API key — encrypted at rest using authenticated encryption. Decrypted only during sync operations, never exposed in API responses.
Marketplace credentials
- Marketplace API keys and secrets (Shopify, WooCommerce, PrestaShop, etc.) are stored in your own Dolibarr instance — never on ERPkit servers. ERPkit reads them transiently at the start of each sync cycle and discards them immediately afterwards.
Sync configuration
- Marketplace type, phase toggles (product sync, order import, invoice creation, fulfillment, Factur-X), carrier mappings, shipping rules, batch size and concurrency settings.
Sync logs
- Operational metrics only: counts of items processed/created/updated/skipped/failed, error and warning messages with item identifiers and SKUs, and sync timestamps.
- Sync logs do not contain the content of your products, orders, or end-customer data.
Sync hash cache
- One-way SHA-256 hashes of product payloads, used to detect what changed since the last sync. These hashes cannot be reversed to recover the original product data. The cache is deleted when the associated sync configuration or account is deleted.
Order and product data
- Transient only. Product and order data passes through the sync engine during a cycle and is not persisted on ERPkit servers.
Analytics (Umami — same as Section A)
The Umami analytics described in Section A also runs on the app: cookieless, no identifiers, rotating-salt IP hashing, Frankfurt-hosted, no consent banner. See Section A for full details.
Why we process this data (legal basis)
Under GDPR Art. 6, each category of processing above rests on one of the following bases:
- Account data, ERP credentials, marketplace credentials, sync configuration, transient order/product data — Art. 6(1)(b) — contract. These are the data necessary to deliver the service you signed up for.
- Sync logs and sync hash cache — Art. 6(1)(f) — legitimate interest. We keep minimal operational telemetry (counts, error messages, one-way hashes) to run, debug and improve the sync service. No product content or customer PII is stored.
- Analytics (Umami, Section A + app) — Art. 6(1)(f) — legitimate interest. Aggregate, cookieless measurement of how pages are used. No identifiers, no cross-site tracking.
- Transactional email and support communications — Art. 6(1)(b) — contract, with Art. 6(1)(c) — legal obligation for account-security messages (email verification, password reset).
- Billing and tax records (Paddle side) — Art. 6(1)(c) — legal obligation (Paddle's statutory retention as Merchant of Record).
We do not engage in Art. 22 automated decision-making. Plan-level volume limits are a contractual cap, not a decision about you.
5. Vendors we share data with
ERPkit uses the following third-party providers to operate. Each provider processes only the data needed for the listed purpose, under a Data Processing Agreement or equivalent safeguards:
| Vendor | Purpose | Processing region | Privacy policy |
|---|---|---|---|
| OVH (OVH SAS) | Cloud hosting for the ERPkit application + database | Frankfurt, Germany (EU) | ovhcloud.com/en/personal-data-protection |
| Cloudflare | CDN, DNS, DDoS protection, edge TLS, inbound email routing | Global edge; HQ US | cloudflare.com/privacypolicy |
| Resend | Transactional email delivery (verification, password reset, subscription notices, support replies) | HQ US | resend.com/legal/privacy-policy |
| Paddle | Payment processing, billing, tax compliance (Merchant of Record) | HQ UK + global processors | paddle.com/legal/privacy |
| Google (Gmail) | Long-term mailbox store for support threads | US + global | policies.google.com/privacy |
| Sentry (Functional Software, Inc.) | Application error aggregation — captures stack traces and error context from production exceptions for debugging. Request bodies, cookies, and authentication headers are stripped before transmission. | Frankfurt, Germany (EU) | sentry.io/legal/dpa |
Umami (analytics) is not a third party — it runs on ERPkit's own Frankfurt VPS (see Section A). No analytics data is sent to an outside provider.
A note on support emails. Our support mailbox is a standard Google (Gmail) account, as listed above. Please share only the information needed to resolve your issue; we delete overshared content from threads on resolution.
ERPkit does not sell, rent, or transfer your data to any other third party.
6. Cookies and analytics
ERPkit uses one strictly-necessary cookie, refreshToken, which keeps you signed in to the app after your browser session ends. It expires after 7 days and is cleared when you log out. No consent banner is needed for this cookie because it is required for the service to work (ePrivacy Directive — "strictly necessary" exemption).
Analytics is provided by self-hosted Umami — cookieless, no identifiers, rotating-salt IP hashing, Frankfurt-hosted. See Section A for the full description.
No tracking cookies, no advertising cookies, no third-party analytics.
7. Your rights under GDPR
You have the following rights over your personal data. Most can be exercised directly from the Account page; the rest by emailing [email protected].
- Access (Art. 15) — view your account data on the Account page. For a full machine-readable export, use the Export your data option on the Account page when available (see Portability).
- Rectification (Art. 16) — change your email and password on the Account page.
- Erasure (Art. 17) — delete your account on the Account page. This is an immediate cascade delete of your account, subscriptions, sync configurations, sync logs, and hash caches. The action is irreversible.
- Portability (Art. 20) — when the Export your data option is available on the Account page, it downloads a machine-readable JSON bundle of your profile, subscriptions, sync configurations, and sync logs. If self-service export is not yet available, email [email protected] and we will provide the same bundle manually.
- Restriction (Art. 18) — cancel your subscription to pause processing, or deactivate individual sync configurations from their dashboard.
- Objection (Art. 21) — cancel your subscription to stop all processing per contract. Analytics (Umami) stores no identifiers, so there is no identified data to object to.
For requests that cannot be completed via the Account page, email [email protected]. We respond within 30 days. Complex requests may be extended once by up to two additional months, with written notice.
8. How long we keep your data
| Data | Retention |
|---|---|
| Account data | Kept while your account is active. Deleted immediately and permanently on account deletion. |
| Unverified accounts | Deleted automatically 7 days after registration. |
| Password reset tokens | Expire after 1 hour. |
| Email verification tokens | Expire after 24 hours. |
| Sync logs | Automatically deleted 90 days after the sync completes. Cascade-deleted immediately on account deletion. |
| Sync configurations + hash cache | Kept while the sync configuration exists. Deleted when the configuration is removed or the account is deleted. |
| Encrypted ERP credentials | Deleted when the associated sync configuration is deleted. |
| Support emails | Kept while the support thread is active and for a reasonable follow-up window after resolution. |
| Transactional email logs (Resend-side) | Approximately 30 days per Resend's retention policy. |
| Suppressed email addresses (bounce / complaint list) | Kept for the lifetime of your account. We add an address here automatically when our email provider reports it as a hard bounce or spam complaint, so we stop sending to it; this protects your domain reputation and the recipient's inbox. Cascade-deleted on account deletion. |
| Application error events (Sentry) | 90 days, then automatically deleted by Sentry. Stored in Sentry's Frankfurt (DE) EU data region. |
| Billing records (Paddle-side) | Retained by Paddle per their statutory tax and accounting obligations. |
| Analytics (Umami) | Aggregate only; IP salt rotates on a rolling basis; no identifiers retained. |
9. Where your data is stored
Your primary data — the app and its database — is stored on an OVH SAS VPS in Frankfurt, Germany (EU).
Other systems we rely on sit in different regions:
- Application + database: OVH SAS VPS, Frankfurt, Germany (EU).
- Analytics (Umami): same VPS, Frankfurt (EU).
- Email routing (inbound): Cloudflare Email Routing — global edge, HQ US.
- Email delivery (outbound transactional): Resend — HQ US.
- Payments: Paddle — HQ UK and Paddle's own processors per their DPA.
- Support mailbox: Google (Gmail) — US and global.
- Application error events: Sentry — Frankfurt, Germany (EU).
All transfers outside the EU are covered by appropriate safeguards — adequacy decisions, Standard Contractual Clauses, or EU-U.S. Data Privacy Framework certification — applicable to each vendor.
10. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the Last updated date at the top of this page and add an entry to the Changelog at the bottom. Continued use of ERPkit after an update constitutes acceptance of the updated policy.
11. Contact
For privacy inquiries, data requests, or questions about this policy, email us at [email protected] or contact us through the Support page.
Changelog
| Date | Version | Change |
|---|---|---|
| 2026-04-28 | 2.3 | Updated Sentry storage location to Frankfurt, Germany (EU). No change to what we collect, how it's protected, or how long we keep it. |
| 2026-04-27 | 2.2 | Added Sentry to vendor disclosure (application error aggregation, EU region). Sync log retention updated to 90-day automatic purge (Mongo TTL). New retention rows for suppressed-email list + Sentry error events. Storage-location list extended with Sentry. |
| 2026-04-22 | 2.1 | Named [email protected] as the explicit DSR contact in §7 (rights) and §11 (contact), alongside the existing Support-page link. |
| 2026-04-20 | 2.0 | Restructured into visitor + app-user sections. Added vendor disclosure table (OVH, Cloudflare, Resend, Paddle, Gmail). Added Umami analytics disclosure (self-hosted, cookieless). Added controller identity (Menzo Solutions). Added Art. 6 legal-basis section and Art. 22 (no automated decisions) note. Replaced support-request portability wording with self-service Account-page export pointer. Concrete retention values. Simplified cookies section. |
See also: Terms of Service
See What ERPkit Can Do for Your Business
Automate your ERP-to-marketplace sync. Products, orders, invoices, and fulfillment — all in one platform.