Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

We collect the following information when you use StackAudit:

• Email address — provided when you sign up or request a magic link login.
• Connected platform data — CRM and marketing automation records, owners, activity fields, attribution fields, and metadata accessed via OAuth integrations for the purpose of running audits.
• Audit results — scores and check results generated from your connected data, stored to power your audit history and trend tracking.
• Payment information — billing is handled entirely by Stripe. We do not store credit card numbers or payment details on our servers.
• Usage data — basic logs of actions taken within the Service (e.g., when audits are triggered) for debugging and product improvement.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service
• Send you audit results and product updates via email
• Process payments and manage subscriptions
• Respond to support requests
• Detect and prevent abuse or unauthorized access

3. Data Sharing

We do not sell your data. We share data only with trusted third-party services required to operate the Service:

• Stripe — payment processing
• Supabase — database and authentication infrastructure
• HubSpot — CRM data access via OAuth (read-only)
• Vercel — hosting and deployment infrastructure

We may disclose your information if required by law or to protect the rights and safety of our users or the public.

4. Data Retention

We retain your account data and audit history for as long as your account is active. If you cancel your account, we will delete your data within 90 days upon request. Some data may be retained longer where required by law.

5. Connected Platform Data

StackAudit accesses supported platforms via OAuth with read-only scopes. We do not modify, delete, or export your connected platform data. Audit analysis is performed server-side and only aggregate results (scores, check outcomes) are stored — not raw CRM records. You can revoke our access at any time from your connected app settings in the source platform.

6. Cookies and Tracking

We use session cookies for authentication (magic link sessions). We do not use third-party advertising trackers. Basic analytics may be collected to understand product usage patterns.

7. Security

We use industry-standard security practices including encrypted connections (HTTPS), secure token storage, and access controls. However, no system is 100% secure and we cannot guarantee absolute security.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Revoke connected platform access at any time

To exercise any of these rights, email us at hello@stackaudit.io.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the Service.

11. Contact

Questions about this policy? Contact us at hello@stackaudit.io.