Allodial PredictAllodial Predict

Legal

Privacy Policy

Allodial Predict — Allodial Supply Co

Last updated: June 2026

Overview

Allodial Predict is operated by Allodial Supply Co LLC, a subsidiary of Allodial Holdings LLC ("Allodial," "we," "us," "our"). This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices you have. It applies to allodialsupply.com, app.allodialsupply.com, and all Allodial Predict services (together, the "Service").

Allodial Predict is a business-to-business (B2B) platform. Our users are distributor admins and account managers at jan-san and facility supply distribution businesses. We are not a consumer service, and we do not knowingly collect personal information from consumers or anyone under 18.

1. The Short Version

  • We collect your business's order history, product data, and reorder patterns to generate reorder predictions. That's the point of the product.
  • We never sell your data to anyone, ever.
  • We only read data from your connected accounting/ERP systems (QuickBooks, Sage, NetSuite). We never write anything back.
  • Your data is isolated from every other customer's data.
  • When you close your account, we delete your data within 30 days of your request.

2. Data We Collect

Account information. Name, business email address, company name, and role — provided when your account is created.

Business operational data. Purchase order history, product and catalog data, and customer reorder patterns that you import directly or that we read from your connected systems. This is business data about commercial transactions between businesses.

ERP connection data. When you connect QuickBooks Online, Sage, NetSuite, Prophet 21, or Eclipse, we receive an OAuth access token that lets us read your data. Tokens are encrypted at rest and are used only to retrieve the data needed for the Service. We never see or store your ERP passwords.

IP address and device information. When you accept our Terms of Service or Alpha Terms, we log your IP address and browser user-agent at the time of acceptance as part of the legal acceptance record. We also log IP addresses, user-agents, and request metadata from automated scanners and crawlers that access decoy security endpoints — this data is used for security monitoring only and contains no personal account data.

ROI calculator inputs (optional). If you use our public Reactive Ordering Cost Calculator and optionally provide an email address, we store your business metric inputs (customer counts, freight costs, labor estimates) and email for follow-up. Your email is never shared and you can opt out at any time.

Usage data. Feature usage, session activity, and the prediction and alert records the Service generates for your account.

Billing data. Subscription status and payment method details. Payments are processed by Stripe; we never store your card numbers.

3. Data We Do NOT Collect

  • No consumer personal information (our users and the data they process are business operators and business records)
  • No protected health information (PHI)
  • No payment card data (handled entirely by Stripe)
  • No data from your connected ERP beyond what is needed for reorder prediction — we do not read payroll, banking, employee, or tax records

4. How We Use Your Data

We use your data for exactly three things:

  1. Reorder prediction — analyzing your purchase history to predict when your customers will need to reorder.
  2. Trend analysis — surfacing patterns in your own order data (seasonality, velocity changes, churn risk).
  3. Suggested purchase order generation — drafting suggested POs for your review. Suggestions are advisory only; nothing is ever placed or written back to your systems automatically.

We also use account and usage data to operate the Service: authentication, transactional email (alerts, billing notices), support, and improving prediction accuracy. Predictions are generated within our own infrastructure using statistical models applied to your own historical data, with no external AI. Some in-app features, specifically the Allobot assistant and import column mapping, process operational data such as customer names, account summaries, and uploaded file samples through OpenAI in order to function. That data is processed under OpenAI's API terms, is not used to train AI models, and is never used to train models for other customers. Your raw inventory counts and order history are not sent to any external AI provider.

Our public Operational Signal Network (OSN) — a public supply-chain stress indicator shown on our marketing site — uses an AI classification model (via Vercel AI Gateway) to analyze publicly available data sources such as freight indexes, weather alerts, and economic indicators. No customer or distributor data is ever included in OSN processing.

5. Third-Party Integrations (QuickBooks, Sage, NetSuite, Prophet 21, Eclipse)

When you connect an accounting or ERP system:

  • Authorization is yours. You connect via OAuth from within the Service. We only access data after you explicitly authorize the connection through the provider's own consent screen.
  • Read-only. Our access is read-only. We retrieve purchase orders, invoices/sales history, items/products, and customer records relevant to reorder prediction. We never create, modify, or delete anything in your connected system.
  • Token security. OAuth tokens are encrypted at rest and in transit. Tokens are never shared with any third party and are never exposed in logs or to other users.
  • Disconnect any time. You can disconnect an integration from your Allodial Predict settings, or revoke access from within the provider (for QuickBooks, via the Intuit "My Apps" page). When you disconnect, we stop syncing immediately and delete the stored tokens. Previously synced data remains in your account until you delete it or close your account.
  • Provider policies. Your use of QuickBooks is also governed by Intuit's terms and privacy policy; the same applies to Sage, NetSuite, Prophet 21, and Eclipse for their respective services.

6. Data Sharing

We never sell your data. We never share your data with advertisers, data brokers, or other customers. We share data only with the service providers (subprocessors) needed to run the platform:

ProviderPurposeData involved
VercelApplication hosting (USA)Application traffic
SupabaseDatabase and authentication (USA)Tenant data, encrypted tokens
StripePayment processingBilling contact and subscription data
ResendTransactional emailEmail addresses only

We may also disclose data if required by law (e.g., a valid subpoena), and we will notify you of such requests unless legally prohibited.

7. Tenant Isolation

Each distributor account ("tenant") is fully separated. Database row-level security ensures no tenant can ever access another tenant's data. We never aggregate one customer's data into another customer's predictions, and no individual distributor's data is surfaced publicly without permission.

8. Data Retention and Deletion

  • Active accounts: your data is retained for as long as your account is active.
  • Account closure: upon your request after closing your account, all tenant data — including synced ERP data and encrypted tokens — is deleted within 30 days.
  • Disconnected integrations: OAuth tokens are deleted immediately on disconnect.
  • Billing records: retained as required by law and tax regulations.

To request deletion, email legal@allodialsupply.com or use your account settings.

9. Security

  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • OAuth tokens and credentials are encrypted with access restricted to the systems that need them.
  • Row-level security enforces tenant isolation at the database layer.
  • Access to production systems is restricted and logged.
  • If we discover a security incident affecting your data, we will notify you without undue delay and notify affected integration partners (such as Intuit, Sage, or Oracle NetSuite) as required by their developer programs.

We log IP addresses, user-agents, and HTTP request metadata from automated scanners that probe decoy security endpoints (honeypot routes). These logs are used solely for security monitoring and threat detection and contain no personal account data. They are retained for up to 90 days.

See our Security page for more detail. To report a vulnerability: security@allodialsupply.com.

10. Where Data Is Stored

All data is hosted in the United States (Vercel and Supabase US regions). If you use the Service from outside the USA, you consent to your data being processed in the USA.

11. Your Rights and Choices

You may, at any time:

  • Access and export your business data from the Service
  • Correct your account information
  • Disconnect any ERP integration
  • Request deletion of your account and data (completed within 30 days)
  • Ask us what data we hold about your account

Email legal@allodialsupply.com for any of the above. We respond to verified requests within 30 days.

12. Cookies

We use strictly necessary cookies only — no advertising or tracking cookies. See our Cookie Policy.

13. Changes to This Policy

If we make material changes, we will notify account admins by email and update the date at the top of this page before changes take effect.

14. Contact

Allodial Supply Co LLC
legal@allodialsupply.com