Privacy policy
Introduction
This is the privacy policy for theStacc — the AI SEO platform that publishes content to your site, manages your Google Business Profile, and ships posts to your social channels. We are theStacc Software Pvt. Ltd., a company registered in Jaipur, India.
If you are reading this, you probably signed up, started a trial, booked a demo, or talked to us through the contact form. Or you read our blog. Either way, this page explains what data we collect, why we collect it, and what you can do about it.
We wrote this in plain English on purpose. If anything here is unclear, email us at hello@thestacc.com and we will rewrite it.
What we collect
We collect four kinds of information. Each is described below.
Account information
When you sign up, you give us your name, business name, work email, and a password. If you connect your Google account, your Google ID and refresh token are stored so we can publish to your Google Business Profile. If you connect WordPress, your site URL and an API application password are stored so we can publish articles. None of this is sold or shared with marketing partners.
Usage data
When you use the dashboard, we record which features you open, which articles you approve, which jobs you cancel, the time of each action, your IP address, your browser, your operating system, and the country your IP resolves to. We use this to fix bugs, measure feature adoption, and decide what to build next.
Cookies and similar technologies
theStacc uses a small set of cookies and local-storage entries:
- Essential cookies for sign-in, session management, and CSRF protection. You cannot turn these off and still use the product.
- Analytics cookies set by PostHog to measure usage in aggregate. You can opt out from the cookie banner.
- Preference cookies that remember your sidebar state, your time zone, and your last-visited tab.
We do not run advertising cookies, retargeting pixels, or third-party trackers on the dashboard. The marketing site at thestacc.com uses a single analytics tag (PostHog) and no advertising trackers.
Payment information
Stripe processes every payment. We never see your card number, CVC, or expiration date — Stripe gives us back a token and the last four digits, and that is all we store. If you want to delete your card on file, you can do it from the billing page in the dashboard, or email hello@thestacc.com.
How we use it
We use the information above for the following purposes only:
- To run the product — write articles, publish them, manage your GBP, post to social channels, and keep your account signed in.
- To bill you, send receipts, and recover failed payments.
- To send transactional emails about jobs, approvals, errors, and security events.
- To send product updates and the occasional newsletter — you can unsubscribe with one click.
- To respond when you email support, book a demo, or fill out the contact form.
- To investigate fraud, abuse, and security incidents.
- To improve the product — we look at usage patterns in aggregate to decide what to build.
We do not sell your data. We do not rent it. We do not share it with data brokers. We do not train third-party LLMs on your content — your articles are written by AI, but the content you give us (brand voice samples, existing blog posts, customer logs) is never used to train a public model.
Third parties
theStacc runs on a handful of vendors. Each has been vetted and has its own privacy policy that we link to below.
- Stripe — processes every payment. We share your name, email, and billing address with Stripe. Stripe privacy policy.
- Amazon Web Services (AWS) — hosts our database, our application servers, and your backups. AWS data centers are in Mumbai (ap-south-1) by default. AWS privacy notice.
- SendGrid — sends every transactional email and newsletter we ship. We share your email address with SendGrid. SendGrid privacy policy.
- PostHog — captures product analytics (events, sessions). PostHog is configured to mask all keystrokes and to not record any field marked sensitive. PostHog privacy policy.
We will add a vendor only when we need it. When that happens we will update this page and email everyone who has signed up for the newsletter.
Your rights
If you live in the European Economic Area, the UK, or California, you have specific rights over the data we hold about you. We honour these rights for every customer, no matter where they live.
GDPR (EEA + UK)
- Right of access — ask us for a copy of every piece of data we hold about you.
- Right of rectification — ask us to correct anything that is wrong.
- Right of erasure — ask us to delete your account and all the data attached to it.
- Right to restrict processing — ask us to stop using your data for a specific purpose.
- Right to data portability — ask us for a machine-readable export of your account.
- Right to object — opt out of marketing emails or product-improvement analytics.
- Right to lodge a complaint with your local data protection authority.
CCPA (California)
- Right to know what personal information we collect, where it comes from, and who we share it with.
- Right to delete the personal information we hold about you.
- Right to opt out of sale — we do not sell personal information, but you can confirm this in writing.
- Right to non-discrimination — exercising any of these rights does not change your pricing, your features, or your account.
To exercise any of these rights, email hello@thestacc.com from the address attached to your account. We respond within 7 business days and complete the request within 30 days.
Data retention
We hold onto data for as long as we need it to run your account and meet our legal obligations.
- Account data — kept while your account is active. Deleted within 30 days after you close the account, except where law requires us to keep it longer.
- Billing records — kept for 7 years to meet tax and accounting requirements in India and the EU.
- Published articles — stay live on your site forever, even after you cancel. The copies in our database are kept for 90 days after cancellation, then deleted.
- Server logs — kept for 30 days, then rotated out.
- Backups — kept for 35 days on a rolling basis.
Children
theStacc is a B2B SaaS product. We do not market to or knowingly collect data from anyone under 16. If you believe a child has signed up, email hello@thestacc.com and we will delete the account.
Changes to this policy
We update this policy when the law changes, when we add a vendor, or when we change what we collect. Every update lands here with a new "last updated" date at the top. If the change is significant we email everyone who has an active account at least 30 days before the new terms take effect.
You can read every previous version of this policy by emailing hello@thestacc.com.
Contact
For anything privacy-related, write to us:
- Email · hello@thestacc.com
- Postal · theStacc Software Pvt. Ltd., Jaipur, Rajasthan, India
- Data Protection Officer · hello@thestacc.com
We read every email. A human will write back, usually within 24 hours.