Privacy Policy
Effective date: May 1, 2026 · GDPR compliant · Contact: [email protected]
1. Information We Collect
We collect: (a) Account data — name, email address, and password (hashed) when you sign up; (b) Usage data — pages visited, features used, and actions taken within the dashboard; (c) Project data — names, prompts, generated code, and deployment URLs you create; (d) Payment data — processed by Stripe; we never store raw card numbers; (e) Analytics data — aggregated visitor statistics for deployed websites (device type, referrer, country) collected via our tracking pixel.
2. How We Use Your Information
We use your data to: provide and improve the Service; send transactional emails (welcome, deployment confirmation, account alerts); process payments; detect and prevent abuse; comply with legal obligations; and (with your consent) send product updates and marketing communications. We do not sell your personal data to third parties.
3. Data Storage & Security
Your data is stored in Supabase (PostgreSQL), hosted on secure cloud infrastructure. We use row-level security (RLS) to ensure each user can only access their own data. Generated files and project data are stored in encrypted databases. We implement industry-standard security measures including HTTPS encryption and regular backups.
4. Cookies
We use essential cookies to maintain your login session (via Supabase Auth). We use analytics cookies to understand how users interact with our platform. You can disable cookies in your browser settings, but this may affect functionality. Deployed websites may include our cookie consent banner, which respects user preferences.
5. Third-Party Services
ShiftStackApp integrates with: Supabase (database, auth — supabase.com/privacy); Stripe (payments — stripe.com/privacy); Anthropic/Claude (AI generation — anthropic.com/privacy); GitHub (version control — docs.github.com/en/site-policy/privacy-policies); Coolify (deployment — coolify.io); Cloudflare (CDN and security). Each provider has their own privacy policy governing their data practices.
6. Analytics for Deployed Websites
When you deploy a website using ShiftStackApp, a lightweight analytics script is injected that tracks page views, referrer source, device type, and country. This data is stored in your ShiftStackApp account and is visible only to you. Visitors to your deployed websites are tracked anonymously; no personal identifiers are collected.
7. Data Retention
We retain your account data for as long as your account is active. You may delete your account at any time; we will delete your personal data within 30 days of account deletion. Anonymised aggregate analytics data may be retained indefinitely for service improvement purposes.
8. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to: access your personal data; correct inaccurate data; request deletion ("right to be forgotten"); restrict processing; data portability; and object to processing. To exercise these rights, contact [email protected]. You also have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
ShiftStackApp is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. Continued use of the Service after changes constitutes acceptance.
11. California Residents — CCPA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights: (a) Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected about you; (b) Right to Delete — you may request deletion of personal information we have collected, subject to certain exceptions; (c) Right to Opt-Out — ShiftStackApp does NOT sell your personal information to third parties. There is nothing to opt out of; (d) Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights. To submit a CCPA request, email [email protected] with "CCPA Request" in the subject line. We will respond within 45 days.
12. CAN-SPAM & Email Communications
All marketing emails from ShiftStackApp include our business address, a clear unsubscribe mechanism, and an honest subject line. We honor opt-out/unsubscribe requests within 10 business days. Transactional emails (account notifications, billing receipts, password resets) are not subject to marketing opt-out as they are necessary for service delivery.
13. COPPA — Children Under 13
ShiftStackApp is not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If a parent or guardian believes their child has provided us with personal information, contact [email protected] and we will promptly delete that data.
14. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. By using ShiftStackApp, you consent to the transfer of your data to these countries. For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) as the legal basis for international transfers.
15. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR). Notifications will be sent to the email address associated with your account and posted on our status page at shiftstackapp.com/status.
16. Contact Us
Privacy inquiries: [email protected] · CCPA requests: [email protected] · GDPR requests: [email protected] · General support: [email protected] · Data Protection Officer: [email protected]
Last updated: May 1, 2026. Terms of Service · Back to Home