/

Pricing Playground Blogs Docs
GitHub 657
GitHub
GitHub
Login
Discord GitHub
Pricing
Playground
Blogs
Docs
Get Started Connect with Us
© 2025 Stac Studios
Discord X LinkedIn GitHub

Privacy Policy

Last updated: October 1, 2025

1. Introduction

Stac Studios ("Stac", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and share it, how long we retain it, the choices you have, and how we protect it when you visit or use our website, products, and services (collectively, the "Service").

By using the Service you accept the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Scope and Roles

When acting as the provider of the Service to you (for example, when you create a Stac account), Stac is the data controller and determines how and why your personal information is processed.

When we process Customer Data (data that a Stac customer uploads, configures, or stores in their account) on behalf of a customer, Stac typically acts as a data processor and processes that Customer Data in accordance with the customer's instructions and any applicable data processing addendum.

3. Information We Collect

We collect information you provide directly, information we collect automatically, and information we obtain from third parties.

a) Information you provide

  • Account & profile: name, email, password (stored securely/hashed), profile photo, company/organization, and other profile fields.
  • Customer content: projects, code, configuration, project metadata, UI/presentation logic, files, documents, images, and any inputs you provide to features
  • Communications: support requests, feedback, messages, and correspondence you send to us.
  • Payment & billing (if applicable): billing name and address, invoice history; payment processing is handled by third-party processors (we do not store raw card numbers).
  • Optional fields: any optional profile fields or preferences you choose to provide.

b) Information collected automatically

  • Usage and device data: IP address, browser/user agent, device type, operating system, pages visited, features used, timestamps, performance and error logs, and telemetry.
  • Cookies and similar identifiers: cookie identifiers, local storage identifiers, and other tracking identifiers described in Section 6.
  • Analytics & performance metrics: aggregated or pseudonymized metrics used to improve the Service.

c) Information from third parties

  • SSO/social: when you sign in with third-party providers (e.g. Google), we may receive profile information (name, email, profile picture) in accordance with their authorization.
  • Vendors & partners: information from service providers, partners, or public sources where permitted.

4. How We Use Information

We use personal information to:

  • Provide, operate, maintain and improve the Service.
  • Authenticate and administer accounts and access control.
  • Process payments, bill, and prevent fraud.
  • Provide customer support and communicate about your account and the Service.
  • Personalize user experience (UI preferences, settings).
  • Analyze usage, perform product research, and develop features.
  • Maintain security, detect and prevent abuse, and enforce our Terms of Service and policies.
  • Comply with legal obligations and respond to lawful requests.

We may use aggregated, de-identified data for business purposes; such data is not personal information.

5. Cookies & Tracking

  • We use cookies and similar technologies to provide core functionality (e.g., session cookies), to remember preferences, and to measure and improve the Service.
  • Where required by law or for marketing/analytics uses, we obtain consent and provide opt-outs.
  • You can control cookie settings through your browser or device; blocking certain cookies may affect Service functionality.

6. Data Sharing & Disclosure

We may share personal information in the following ways:

  • Service providers & subprocessors: vendors that provide hosting, storage, analytics, payment processing, email delivery, security, and support. These parties are bound by confidentiality and use limitations (see Vendor List below).
  • Affiliates & subsidiaries: where applicable and subject to this Privacy Policy.
  • Legal requirements: to comply with court orders, subpoenas, law enforcement requests, or other legal obligations.
  • Protect rights and safety: to prevent fraud, security incidents, or physical harm.
  • Business transactions: in connection with mergers, acquisitions, or asset sales (with notice where required).
  • Aggregated or de-identified data: may be shared without restriction.

We do not sell personal information for money. Where "sale" or "sharing" definitions apply under local laws (e.g., CCPA), we will provide mechanisms to exercise your rights.

7. International Transfers & Safeguards

Your information may be transferred to, stored in, and processed in countries other than your residence (including the United States). Where required by law, we implement appropriate safeguards such as standard contractual clauses, adequacy mechanisms, or other lawful transfer tools. If you are an enterprise customer and wish to select a storage region, contact us and we will support region options where available.

8. Data Retention

We retain personal data for as long as necessary to provide the Service, fulfill legal or contractual obligations, resolve disputes, and enforce our agreements. Where possible we delete or anonymize data when no longer needed. Backups or archived copies may persist for an additional limited period for operational or legal reasons.

9. Security

We implement reasonable administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, logging) to protect personal information. However, no system is 100% secure. In the event of a security breach affecting personal data, we will respond in accordance with applicable laws and notify affected individuals and regulators where required.

10. Children's Privacy

The Service is not intended for individuals below the age allowed by applicable law (typically 13 or 16 depending on jurisdiction). We do not knowingly collect personal information from children. If you believe Stac has collected data from a child without consent, contact us and we will promptly delete it.

11. Stac Vendor List

  • GitHub, USA, Code, bug reports, contributions
  • Discord, USA, Customer support
  • Cloudflare, USA, Cloud infrastructure for our Services
  • Google, USA, Cloud infrastructure for our Website & Services
  • Mailchimp, USA, Email Delivery
  • Stripe, USA, Payment processing

12. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access or obtain a copy of personal data we hold about you.
  • Correct or update inaccurate or incomplete data.
  • Delete or request erasure of your personal data (subject to legal limits).
  • Restrict or object to our processing of your personal data.
  • Port your personal information to another provider (data portability).
  • Withdraw consent where we rely on it.
  • Opt out of marketing communications.

To exercise any rights or make a request, contact: support@stac.dev

13. Changes to this Policy

We may update this Privacy Policy. When we make material changes we will notify you (for example, by email or a prominent notice on the Site) and update the "Last updated" date. Your continued use of the Service after notice constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or our data practices, you can: