Skip to main content

Privacy Policy

Last updated: February 4, 2026

1. Introduction

Inventeta ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our lot traceability software and related services (the "Service").

Please read this privacy policy carefully. By using the Service, you consent to the practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

We may collect information that you provide directly to us, including:

  • Account Information: Name, email address, company name, and password when you create an account
  • Business Data: Supplier information, product data, lot numbers, production records, and other traceability data you enter into the system
  • Communications: Information you provide when contacting us for support or inquiries
  • Documents: Certificates of Analysis, lab reports, photos, and other documents you upload

2.2 Information Collected Automatically

When you use our Service, we may automatically collect:

  • Log Data: IP address, browser type, device information, pages visited, and timestamps
  • Usage Data: Actions performed within the application for audit and security purposes
  • Session Data: Session identifiers and authentication tokens

2.3 Self-Hosted Deployments

If you use Inventeta as a self-hosted deployment, your data is stored on your own infrastructure. In this case, we do not have access to your business data unless you explicitly share it with us for support purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns and trends
  • Detect, investigate, and prevent security incidents and fraudulent activity
  • Comply with legal obligations and enforce our terms of service
  • Send you technical notices, updates, and administrative messages

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. For traceability data, we maintain records according to regulatory requirements:

  • Audit Logs: Retained per your configured retention policy and applicable law
  • Traceability Records: Retained per your configured retention policy and contractual obligations
  • Account Information: Retained until account deletion request

You can request deletion of your account and associated data by contacting us. Note that some data may be retained to comply with legal obligations.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS
  • Argon2id password hashing
  • CSRF protection for all forms
  • Rate limiting to prevent abuse
  • Security headers (CSP, X-Frame-Options, etc.)
  • Immutable audit logging

For self-hosted deployments, security is also dependent on your infrastructure configuration.

6. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., hosting, support)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit permission

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

To exercise these rights, please contact us using the information provided below. See our GDPR pageFor additional information about EU data subject rights.

8. International Transfers

If you are accessing the Service from outside the country where our servers are located, please be aware that your information may be transferred to, stored, and processed in a different jurisdiction.

For self-hosted deployments, you maintain control over data location and jurisdictional requirements.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us.

10. Third-Party Services

The Service may integrate with third-party services (e.g., e-commerce platforms, label printers). These integrations are governed by your configuration and the respective third parties' privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@inventeta.com
  • Address: Available upon request