Supply BuddyBack to home

Privacy

Last updated: 2026-05-21

Supply Buddy connects to two third-party services on your behalf: ShipStation (with API credentials you provide) and Uline (via order-history data you paste, upload, or sync from the browser extension). We collect and process only what we need to forecast your packaging-supply needs.

What we collect

  • Your email address (for sign-in)
  • The name of your company (used to scope your data)
  • Your ShipStation API key + secret (encrypted at rest with AES-256-GCM)
  • Shipment records pulled from ShipStation (carrier, dimensions, weight, ship date)
  • Uline order-history rows (SKU, quantity, date, price) — only what you upload or sync
  • API tokens you generate for the Chrome extension (stored as SHA-256 hashes; raw tokens shown once and never persisted)

What we don't collect

  • Your Uline password — we never see it. The Chrome extension uses your authenticated browser session.
  • Customer-level shipment details (recipient names, addresses) — only dimensions, carrier, and date
  • Anything else from uline.com or shipstation.com beyond what's listed above

How we use it

Your data is used exclusively to generate forecasts and on-hand inventory estimates that we show back to you. We don't sell, share, or use your data for advertising. We may send service-related emails (sign-in links, deploy notifications) and nothing else.

Where it lives

All data is stored in a Postgres database hosted by Supabase, in their us-west-2 region. Encryption-at-rest is provided by Supabase. Your ShipStation credentials are additionally encrypted by us with a server-side master key before being written to the database.

Deletion

Email hello@supplybuddy.app to delete your account. We respond within 7 days and remove your data within 30 days of confirmation.

Chrome extension permissions

The Supply Buddy Chrome extension reads uline.com order history pages and sends data to your configured Supply Buddy domain. It doesn't read other sites or browser state.

Changes

When this policy changes, we update the “Last updated” date above. Material changes (e.g. new data categories) are emailed to active customers before they take effect.