Privacy Policy

Last updated: February 23, 2026

1. Introduction

Blu Distribution LLC ("Company," "we," "us," or "our"), a Delaware limited liability company, operates Tru-Stock AI ("the Service"). This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the Service. By accessing or using the Service, you agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use the Service. We may update this Privacy Policy from time to time. We will notify active subscribers of material changes via email.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, phone number, and password provided during registration.
  • Billing Information: Payment method details processed through our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Business Data: Product catalogs, inventory levels, sales history, vendor information, purchase orders, lead times, pricing data, and other operational data you upload or input into the Service.
  • Communications: Emails, support requests, feedback, and any other communications you send to us.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent on pages, click patterns, and interaction data within the Service.
  • Technical Data: Browser type and version, operating system, device type, screen resolution, IP address, referring URL, and access timestamps.
  • Log Data: Server logs recording API requests, errors, and performance metrics.
  • Cookies: Essential cookies for authentication and session management as described in Section 9.

2.3 Information from Third Parties

We may receive information from third-party services that you connect to your account, such as payment processors confirming transaction status. We do not purchase data about you from third-party data brokers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Processing your data to generate AI-powered demand forecasts, reorder suggestions, vendor intelligence, risk assessments, and other analytics.
  • Account Management: Creating and managing your account, authenticating your identity, and providing customer support.
  • Billing: Processing subscription payments, issuing invoices, and managing your billing history.
  • Service Improvement: Analyzing usage patterns to improve features, performance, and user experience. We may use aggregated, anonymized data for this purpose.
  • Communications: Sending transactional emails (account confirmations, password resets, billing receipts), service updates, and security notifications. We do not send marketing emails without your consent.
  • Security: Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues.
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes.

4. AI Data Processing

Tru-Stock AI uses third-party AI services, including OpenAI, to process your business data and generate recommendations. When you use AI-powered features:

  • Relevant portions of your business data (such as sales history, inventory levels, and vendor information) are sent to OpenAI's API for processing.
  • OpenAI processes this data under their API data usage policy, which states that API data is not used to train their models.
  • AI-generated outputs are stored in your account for your reference.
  • We log AI API calls (including token usage and cost) for billing transparency and system monitoring. These logs are accessible to you in the AI Logs section of your dashboard.

By using the Service, you consent to this AI processing. If you have concerns about AI data processing, contact us before uploading sensitive data.

5. Data Isolation & Security

5.1 Multi-Tenant Isolation

Each organization's data is logically isolated using database-level row-level security (RLS) policies enforced by Supabase/PostgreSQL. Organization A cannot access Organization B's data under any circumstances. All database queries are scoped to the authenticated user's organization.

5.2 Security Measures

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Data stored in our databases is encrypted at rest using AES-256 encryption.
  • Access Controls: Internal access to production systems is restricted to authorized personnel with multi-factor authentication.
  • Infrastructure: The Service is hosted on U.S.-based infrastructure provided by Vercel and Supabase (AWS). All data resides in the United States.
  • Monitoring: We employ logging and monitoring to detect and respond to security incidents.

5.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law. We will also notify relevant regulatory authorities as required.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or business data. We may share your information only in the following circumstances:

  • Service Providers: We share data with third-party providers necessary to operate the Service, including Supabase (database hosting and authentication), Vercel (application hosting), OpenAI (AI processing), Stripe (payment processing), and Resend (transactional email delivery). These providers are contractually obligated to protect your data and may only use it to provide services to us.
  • Legal Requirements: We may disclose your information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.
  • With Your Consent: We may share information with third parties when you have given us explicit consent to do so.

We do not share your data with advertising networks, data brokers, or analytics companies. We do not serve ads in the Service.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as necessary to provide the Service.
  • After Cancellation: Upon account cancellation, we retain your data for 30 days to allow for data export. After this period, your business data is permanently deleted from our production systems.
  • Backups: Data may persist in encrypted backups for up to 90 days after deletion from production systems, after which it is permanently purged.
  • Billing Records: We retain billing and transaction records for 7 years as required for tax and accounting purposes.
  • Aggregated Data: We may retain aggregated, anonymized data that cannot be used to identify you or your organization indefinitely for analytics and service improvement purposes.
  • Immediate Deletion: You may request immediate deletion of your data at any time by contacting support@tru-stock.ai. We will process deletion requests within 30 days.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, machine-readable format (CSV export).
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Objection: Object to the processing of your personal information for certain purposes.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, contact us at support@tru-stock.ai. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact support@tru-stock.ai.

8.2 European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes: performance of our contract with you, our legitimate business interests, your consent, and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use only essential cookies that are strictly necessary for the operation of the Service:

  • Authentication Cookies: Used to maintain your login session and verify your identity across page requests.
  • Session Cookies: Used to store temporary session information required for the Service to function.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not engage in cross-site tracking. Because we use only essential cookies, no cookie consent banner is required under most jurisdictions, though we disclose their use here for transparency.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@tru-stock.ai.

11. International Data Transfers

The Service is hosted in the United States and your data is stored and processed in the United States. If you access the Service from outside the United States, you consent to the transfer of your information to the United States, which may have different data protection laws than your jurisdiction. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify active subscribers of material changes via email at least 15 days before the changes take effect. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Blu Distribution LLC

Wilmington, Delaware, United States

Email: support@tru-stock.ai

Privacy inquiries: support@tru-stock.ai