Privacy Policy
Effective date: May 1, 2026 · GDPR compliant · Contact: [email protected]
1. Information We Collect
We collect: (a) Account data — name, email address, and password (hashed) when you sign up; (b) Usage data — pages visited, features used, and actions taken within the dashboard; (c) Project data — names, prompts, generated code, and deployment URLs you create; (d) Payment data — processed by Stripe; we never store raw card numbers; (e) Analytics data — aggregated visitor statistics for deployed websites (device type, referrer, country) collected via our tracking pixel.
2. How We Use Your Information
We use your data to: provide and improve the Service; send transactional emails (welcome, deployment confirmation, account alerts); process payments; detect and prevent abuse; comply with legal obligations; and (with your consent) send product updates and marketing communications. We do not sell your personal data to third parties.
3. Data Storage & Security
Your data is stored in Supabase (PostgreSQL), hosted on secure cloud infrastructure. We use row-level security (RLS) to ensure each user can only access their own data. Generated files and project data are stored in encrypted databases. We implement industry-standard security measures including HTTPS encryption and regular backups.
4. Cookies
We use essential cookies to maintain your login session (via Supabase Auth). We use analytics cookies to understand how users interact with our platform. You can disable cookies in your browser settings, but this may affect functionality. Deployed websites may include our cookie consent banner, which respects user preferences.
5. Third-Party Services
ShiftStackApp integrates with: Supabase (database, auth — supabase.com/privacy); Stripe (payments — stripe.com/privacy); Anthropic/Claude (AI generation — anthropic.com/privacy); GitHub (version control — docs.github.com/en/site-policy/privacy-policies); Coolify (deployment — coolify.io); Cloudflare (CDN and security). Each provider has their own privacy policy governing their data practices.
6. Analytics for Deployed Websites
When you deploy a website using ShiftStackApp, a lightweight analytics script is injected that tracks page views, referrer source, device type, and country. This data is stored in your ShiftStackApp account and is visible only to you. Visitors to your deployed websites are tracked anonymously; no personal identifiers are collected.
7. Data Retention
We retain your account data for as long as your account is active. You may delete your account at any time; we will delete your personal data within 30 days of account deletion. Anonymised aggregate analytics data may be retained indefinitely for service improvement purposes.
8. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to: access your personal data; correct inaccurate data; request deletion ("right to be forgotten"); restrict processing; data portability; and object to processing. To exercise these rights, contact [email protected]. You also have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
ShiftStackApp is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. Continued use of the Service after changes constitutes acceptance.
11. Contact Us
For privacy inquiries, contact: [email protected]. For general support: [email protected].
Last updated: May 1, 2026. Terms of Service · Back to Home