1. Overview
StackDrift (“we,” “us,” or “our”) operates the website www.stackdrift.app and provides a vendor monitoring service that tracks changes to Terms of Service, privacy policies, and pricing pages for SaaS platforms. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.
StackDrift is operated from Alberta, Canada, and is subject to Canadian federal privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
2. Information We Collect
2.1 Information You Provide
- Account Information: When you create an account, we collect your email address, display name, and avatar image via OAuth providers (GitHub, Google) or magic link authentication.
- Vendor Selections: The vendors and SaaS platforms you choose to monitor through your watchlist.
- Newsletter Subscription: Your email address when you subscribe to the Drift Intel newsletter.
- Billing Information: Payment details processed securely through Stripe. We do not store your full credit card number on our servers.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, timestamps of activity, and interaction patterns with alerts and reports.
- Device & Browser Information: Browser type, operating system, screen resolution, and language preferences.
- IP Address: Collected for security purposes and approximate geolocation.
3. How We Use Your Information
We use your personal information to:
- Provide and maintain the StackDrift monitoring service
- Send alerts when your monitored vendors update their policies or pricing
- Deliver the Drift Intel newsletter and personalized weekly digests
- Process subscription payments and manage your billing
- Improve our service through aggregated, anonymized usage analytics
- Communicate service updates, security notices, and support responses
- Detect and prevent fraud, abuse, or security incidents
We will not sell, rent, or trade your personal information to third parties for marketing purposes.
4. Third-Party Services
StackDrift relies on the following third-party service providers to operate. Each provider has their own privacy policy governing their use of your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication | Account info, vendor selections, usage data |
| Vercel | Hosting, serverless functions | IP address, request logs |
| Stripe | Payment processing | Billing & payment information |
| Resend | Transactional email delivery | Email address, alert content |
| Beehiiv | Newsletter platform | Email address, subscription preferences |
| Anthropic | AI-powered policy analysis | Vendor policy text (no personal data) |
| GitHub / Google | OAuth authentication | Profile info (name, email, avatar) |
5. Data Storage & Security
Your data is stored securely via Supabase (hosted on AWS infrastructure). We implement Row-Level Security (RLS) policies to ensure users can only access their own data. All data is encrypted in transit via TLS and at rest via AES-256 encryption.
While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our services. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it.
Anonymized, aggregated data (such as usage statistics) may be retained indefinitely as it cannot be used to identify you.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your personal data
- Withdraw consent for data processing
- Export your data in a portable format
- Object to or restrict certain processing activities
To exercise any of these rights, contact us at privacy@stackdrift.app. We will respond within 30 days.
8. PIPEDA Compliance (Canada)
As a Canadian-operated service, StackDrift complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). In accordance with PIPEDA’s ten fair information principles:
- Accountability: We are responsible for personal information under our control and have designated a privacy contact to oversee compliance.
- Identifying Purposes: We identify the purposes for collecting personal information at or before the time of collection, as described in this policy.
- Consent: We obtain your meaningful consent for the collection, use, and disclosure of your personal information. You may withdraw consent at any time by contacting us or deleting your account.
- Limiting Collection: We collect only the personal information necessary to fulfill the purposes identified.
- Limiting Use, Disclosure, and Retention: Personal information is used only for the purposes for which it was collected, and retained only as long as necessary.
- Accuracy: We keep personal information as accurate and up-to-date as necessary for its intended purposes.
- Safeguards: We protect personal information with security measures appropriate to the sensitivity of the data.
- Openness: This privacy policy makes our data practices readily available to you.
- Individual Access: Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it.
- Challenging Compliance: You may challenge our compliance with these principles by contacting our privacy contact.
If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
9. GDPR Compliance (EU/EEA)
If you are located in the European Economic Area (EEA), the legal bases for processing your personal data include:
- Contract Performance: Processing necessary to provide you with the StackDrift service.
- Legitimate Interest: Processing for service improvement, fraud prevention, and security.
- Consent: Where you have given explicit consent, such as subscribing to our newsletter.
You have additional rights under GDPR, including the right to data portability, the right to be forgotten, and the right to lodge a complaint with your local supervisory authority.
11. Children’s Privacy
StackDrift is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to registered users. Your continued use of StackDrift after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, your personal information, or wish to exercise your privacy rights, please contact us:
Email: privacy@stackdrift.app
Website: www.stackdrift.app