π Legal
Privacy Policy
We built Stackr to help you take control of your subscriptions. Here is exactly what we collect, why, and how we protect it.
π
Effective: 22 April 2025π India & Singaporeπ’ Stackr (usestackr.com)
Stackr ("we", "us", "our") is a subscription tracking and management application operated by its founder, accessible at usestackr.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Stackr, and the choices you have.
By signing in to Stackr, you agree to the practices described in this policy. If you do not agree, please do not use the service.
Plain English summary: We collect only what is necessary to make Stackr work. We do not sell your personal data. We do not show you ads. Your subscription data is used primarily to deliver the service to you. In the future, we may also use aggregated, anonymized data (from which your identity cannot be identified) for business insights and may license such data to third parties β see the Sharing section for details.
We collect two categories of information: what you provide directly, and what is generated automatically when you use the app.
π€
Account Information
Your name, email address, and profile photo, provided by Google when you sign in via Google OAuth. We do not receive or store your Google password.
π
Subscription Data
Service names, prices, billing cycles, currencies, renewal dates, categories, and any notes you add. This is the core data Stackr is built to manage.
βοΈ
App Settings
Your preferred currency, theme (dark or warm), notification preferences, and reminder day configuration.
π
Push Notification Tokens
If you enable browser push notifications, we store your device's push subscription token to deliver renewal reminders.
π
Usage Data
Basic server logs including IP addresses, browser type, and pages accessed β standard for any web service hosted on Vercel.
πͺ
Session Cookies
An authentication session cookie set by NextAuth to keep you signed in. No third-party advertising or tracking cookies.
We do not collect payment card details, bank account numbers, or any financial credentials.
03
How We Use Your Information
Every piece of data we collect has a specific purpose tied to delivering Stackr's features:
π
Authentication
Your Google account details are used to create and maintain your Stackr account so only you can access your data.
π±
Core Features
Subscription tracking, spend stats, renewal alerts, family plan splits, and currency conversion all depend on the data you enter.
βοΈ
Email Reminders
If you enable email reminders (Pro feature), we use your email address and renewal dates to send automated reminders via Resend.
π
Push Notifications
Your push subscription token is used solely to deliver renewal alerts to your browser via our daily server cron job.
π οΈ
Service Improvement
Aggregate, anonymized usage patterns help us identify bugs and prioritize features. We do not build individual user profiles. In the future, anonymized data may also be used for business insights or licensed to third parties β see the Sharing section for details.
βοΈ
Legal Compliance
We may retain or disclose data if required by applicable law in India (DPDP Act 2023) or Singapore (PDPA).
04
Data Storage & Security
Your data is stored in a Neon PostgreSQL database hosted in the Singapore (ap-southeast-1) region. Stackr is hosted on Vercel, a SOC 2 Type II certified provider. Database connections use TLS encryption in transit. Data at rest is encrypted by Neon's managed infrastructure.
Security measures: Authenticated routes require a valid session enforced server-side. Database queries are parameterised via Prisma to prevent SQL injection. Environment variables are never exposed to the client.
While we implement industry-standard security practices, no system is perfectly secure. We encourage you to enable two-factor authentication on your Google account.
05
Sharing Your Information
We do not sell, rent, or trade your personal data. We share information only in the following limited circumstances:
π§©
Service Providers
We use Neon (database), Vercel (hosting), Resend (transactional email), and Google (OAuth). Each processes only the minimum data necessary.
βοΈ
Legal Requirements
We may disclose data when required by law, court order, or government authority in India or Singapore.
π
Affiliate Links
Stackr may display affiliate or referral links. If you subscribe to a third-party service through Stackr, Stackr may receive a commission or referral fee from that third party. We do not share your personal data with affiliates. Clicking affiliate links may set cookies on the third-party site.
π
Anonymized Data (Planned)
Stackr may in the future license aggregated, anonymized data to third parties such as market research firms or subscription industry partners. Any such data is stripped of all personally identifying information and cannot be linked back to you. We will update this policy and notify you before any such arrangement begins.
We retain your data for as long as your account remains active. If you delete your account through the Stackr Settings page, all your personal data β account information, subscription records, settings, and push tokens β is permanently deleted from our database within 30 days.
Server logs held by Vercel are subject to Vercel's own retention policy (typically 30 days). Anonymised, aggregated data that cannot be linked back to you may be retained indefinitely.
Depending on your location, you have rights regarding your personal data. We respect these rights regardless of where you are based.
ποΈAccess β request a copy of your data
βοΈCorrection β fix inaccurate data
ποΈDeletion β erase your account and data
π¦Portability β export your subscription data
π«Objection β object to specific processing
βΈοΈRestriction β limit how we use your data
To exercise any of these rights, email us at privacy@usestackr.com. We will respond within 30 days.
Indian users have rights under the Digital Personal Data Protection Act 2023 (DPDP Act). Singaporean users have rights under the Personal Data Protection Act 2012 (PDPA).
08
Cookies & Local Storage
Stackr uses a minimal cookie footprint:
π
Session Cookie (NextAuth)
An HTTP-only, secure, same-site session cookie that authenticates your requests. It expires when you sign out or after 30 days of inactivity.
πΎ
No Tracking Cookies
We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising cookies.
Stackr is not intended for use by anyone under the age of 13 (or 18 where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us at privacy@usestackr.com and we will delete the account promptly.
We may update this Privacy Policy from time to time as Stackr evolves. When we make material changes, we will notify you via email or a prominent notice within the app at least 14 days before the changes take effect.
Continued use of Stackr after changes take effect constitutes acceptance of the updated policy.
Β© 2026 Stackr. All rights reserved.