Privacy policy

Stackr is an AI business analyst that connects to tools you already use and turns the signal into a morning brief. This page is the honest version of how we handle your data.

What we collect

• Your tool data. When you connect Stripe, GitHub, Slack, etc., we read the data those tools authorize us to access (charges, PRs, messages in connected channels). We store the relevant events — not raw tool dumps.
• Your account info. Email, name, and password (hashed via Supabase Auth — we never see the plaintext).
• Audit log. Privileged actions (login, integration connect, brief generation) are logged for security forensics.

How we protect it

• Integration access tokens are encrypted at rest via Supabase Vault — we store only secret IDs, not the tokens themselves.
• Every database table enforces row-level security.
• Communication is HTTPS-only.
• Telegram and Slack message events are retained for 7 days. Other events for 30 days. After that, automatic deletion.

Who we share it with

• Anthropic Claude — we send your events to Claude to generate briefs and answer Ask Stackr questions. Anthropic does not train on your data.
• OpenAI — we send small bits of text for embeddings. OpenAI does not train on your data.
• Supabase — your data is hosted on Supabase in the Frankfurt region.
• Nobody else. We don't sell, share, or rent your data.

Deleting your data

You can delete all your data by emailing hello@stackr.work from your account email. We delete within 24 hours.

Contact

Questions? Email hello@stackr.work.