Privacy Policy

We collect information you directly provide, including:

• Account Information: Name, email address, password, and organization details when you create an account.
• Business Data: Tool catalogs, vendor information, service configurations, client details, pricing data, and proposals you create within the Service.
• Communication Data: Messages sent through the Intelligence Chat, support requests, and feedback you provide.
• Payment Information: Billing details processed through Stripe. We do not store full credit card numbers on our servers.

When you use the Service, we automatically collect certain information:

• Usage Data: Pages visited, features used, actions taken, and time spent on the Service.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies: Session cookies for authentication and preferences. See our cookie practices below.

We may receive information from third-party services you connect, including Google (for OAuth authentication) and Stripe (for payment status). We only collect information necessary to operate the Service.

We use your information to provide, maintain, and improve the Service, including processing your business data, generating AI-powered outputs, and managing your account.

Your business data (tool catalogs, service configurations, client information) is sent to AI providers (currently Anthropic) to generate proposals, CTO briefs, compliance analysis, and other AI-powered features. This data is processed in real-time and is not used by AI providers to train their models.

We may use your email address to send transactional emails (account verification, password resets, billing receipts), service announcements, and product updates. You may opt out of non-essential communications at any time.

We use aggregated, anonymized usage data to understand how Users interact with the Service, identify areas for improvement, and develop new features.

We use log data and usage patterns to detect and prevent fraud, abuse, and unauthorized access to the Service.

We may process your information to comply with applicable laws, regulations, legal processes, or governmental requests.

We share information with third-party service providers who assist in operating the Service:

• Supabase: Database hosting and user authentication.
• Stripe: Payment processing and subscription management.
• Anthropic: AI model processing for content generation.
• Vercel: Application hosting and delivery.
• Sentry: Error monitoring and application performance tracking. May receive anonymized error logs to help us identify and fix issues.

If you are part of an organization account, your activity and data within the Service may be visible to other members of your organization based on their permission level.

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Stackteryx Inc., our Users, or the public.

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change.

We do not sell, rent, or trade your personal information or business data to third parties for marketing or advertising purposes.

Your data is stored on servers provided by Supabase and Vercel, primarily located in the United States. By using the Service, you consent to the transfer and storage of your data in the United States.

We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, row-level security policies, secure authentication (including MFA support), and regular security audits.

While we strive to protect your information, no electronic storage or transmission method is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors beyond our reasonable control.

You have the right to access your data and export it using the Service's built-in export features (PDF, DOCX exports for proposals and briefs).

You may update or correct your account information at any time through the Settings page.

You may request deletion of your account and associated data by contacting support. Account deletion is permanent and cannot be reversed after the 30-day retention period.

You may opt out of non-essential emails by using the unsubscribe link in any marketing email or by updating your preferences in Settings.

You may control cookies through your browser settings. Disabling essential cookies may affect Service functionality (e.g., authentication).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what data we collect, the right to request deletion, and the right to opt out of data sales (we do not sell data).

If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including the right to access, rectification, erasure, data portability, and the right to object to processing. Contact us to exercise these rights.