What we collect, what we do not, and your rights.
Plain English version below. Last updated 2026-07-10. For technical detail see /security. To exercise any right, email privacy@stackr.work.
Stackr (the “Service”) is operated by Stackr, headquartered in Almaty, Republic of Kazakhstan, online at stackr.work. General contact: hello@stackr.work. For privacy matters: privacy@stackr.work.
Account data: name, email, password hash, locale, timezone, preferences.
Connected-tool data: when you connect Stripe, GitHub, Slack, Linear, Sentry, Vercel, Jira, ClickUp, HubSpot, Crisp, Notion, Google Calendar, or Telegram, Stackr ingests events using the OAuth scope you grant. Field-level detail per integration is on the /security page.
Generated content: briefs and Ask Stackr answers generated from your data.
Operational data: request logs, IPs, user-agents, error traces, audit log entries.
We do not collect special-category data (health, religion, biometric, etc.) by design.
We do not store raw message bodies from Slack, Telegram, Crisp, or Email at the LLM boundary. They are scrubbed before AI processing.
We do not sell your data. We have no advertising business.
We do not allow third parties to train AI models on your data. Our LLM provider operates under a no-train default; see the subprocessors page for the current provider.
To provide the Service: generate briefs, surface insights, answer Ask Stackr.
To secure the Service: detect abuse, prevent fraud, investigate incidents.
To operate the business: billing, support, product analytics (aggregated).
Legal basis (GDPR): performance of contract (Art. 6(1)(b)) for the core service; legitimate interests (Art. 6(1)(f)) for security and operations; consent (Art. 6(1)(a)) where required.
Our subprocessors are listed at /subprocessors. They process data only to deliver Stackr's service, under contractual obligations.
We do not share customer data with anyone else, except as required by valid legal process, and only after legal review and, where lawful, advance notice to the customer.
Account data: for the term of your subscription, plus 30 days for export, then deleted.
Events: per the data_retention_days setting on your organization (default 90 days).
Briefs: 60 days for daily, 365 days for weekly.
Audit logs: 365 days for security investigations, then anonymized or deleted.
You have the right to:
Access the personal data we hold about you.
Rectify inaccurate data.
Delete your account and data within 30 days.
Export your data in machine-readable format.
Object to processing on legitimate-interest grounds.
Withdraw consent where processing is consent-based.
Complain to a supervisory authority.
To exercise any of these, email privacy@stackr.work. We respond within 30 days.
Stackr is operated from Almaty, Republic of Kazakhstan. Most of our subprocessors (Supabase, Netlify, our LLM provider, Inngest, Resend, Upstash) operate from the United States, so customer data flows: customer → Stackr (Kazakhstan) → US subprocessors. Each subprocessor and its region is disclosed at /subprocessors.
For EU / UK / EEA customers: Kazakhstan does not currently hold an EU adequacy decision. Transfers to Stackr and onward to our US subprocessors rely on the EU Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum. We sign SCCs with customers on request and have corresponding SCCs in place with our US subprocessors.
For Kazakhstan customers: processing is governed by the Republic of Kazakhstan Law on Personal Data and its Protection (No. 94-V, 21 May 2013). Cross-border transfers to US subprocessors are disclosed in advance and acceptance of this policy at signup constitutes consent under Article 12 of that law.
See /security for technical and organizational controls. Vulnerability disclosure at /.well-known/security.txt.
In the event of a personal data breach affecting your data, we notify the account owner within 72 hours of discovery.
We update this policy as the product evolves. Material changes are announced via email to the account owner at least 14 days in advance.
Privacy: privacy@stackr.work · Security: security@stackr.work · General: hello@stackr.work.