Stacks logoStacks Incentives
Get started

Privacy & Security

Your trust matters. This page explains how Stacks Incentives collects, uses, and protects your information, and summarizes the security practices we follow to safeguard your data.

Effective date: September 3, 2025

On this page

Privacy Policy

This Privacy Policy describes how Stacks Incentives ("Stacks", "we", "us") collects, uses, and shares information when you use our websites, products, and services (collectively, the "Services"). If you do not agree with this policy, please do not use the Services.

Information we collect

  • Account and profile information: name, email, company, role, and similar details provided when creating an account or contacting us.
  • Usage data: app interactions, pages viewed, and feature usage to help us improve performance and product experience.
  • Device and technical data: IP address, browser type, operating system, and device identifiers for security, analytics, and troubleshooting.
  • Integrations data: if you connect third‑party systems (e.g., CRM, analytics), we may process necessary data from those systems as configured by you.

Cookies & similar technologies

We use cookies and similar technologies (such as local storage and pixels) to remember preferences, secure your session, analyze usage, and improve the Services. You can control cookies through your browser settings; disabling some cookies may impact functionality.

Analytics

We use analytics to understand product usage and improve performance. This includes Firebase Analytics/Google Analytics to measure page views, events (e.g., registration funnel), device information, and approximate location (derived from IP) for aggregated reporting.

  • Identifiers: cookies or device identifiers used to distinguish sessions and users.
  • Events: page views and app events (e.g., registration_started, registration_success) as reflected in our app.
  • Controls: you can opt out via your browser’s settings, the Google Analytics opt‑out add‑on, or by adjusting your ad settings with Google. See “Manage preferences / Opt out” below.

Firebase services

Our application uses Firebase services provided by Google:

  • Authentication (Auth): to sign you in and manage sessions.
  • Cloud Firestore: to store application data with offline caching on supported browsers.
  • Cloud Functions: to run server‑side logic (primary region: Europe‑West1).
  • Cloud Storage: to store uploaded files and assets.
  • Analytics: to measure usage as described above.

These services may process IP addresses and device information for fraud prevention and service operation. Data at rest and in transit is encrypted by default by Firebase.

Google Cloud Platform (GCP)

We host and operate infrastructure on GCP. This includes application hosting, databases, storage, logging, and monitoring. GCP employs robust physical and network security controls, encryption at rest and in transit, and compliance certifications (e.g., ISO 27001, SOC 2, and others maintained by Google).

How we use information

  • Provide, operate, and maintain the Services.
  • Personalize and improve features, and develop new capabilities.
  • Provide support, respond to inquiries, and communicate important updates.
  • Monitor security, prevent fraud/abuse, and enforce our Terms.
  • Comply with legal obligations.

Legal bases (EEA/UK)

Where applicable, we process personal data under these legal bases: performance of a contract, legitimate interests, consent (where required), and compliance with legal obligations.

Data retention

We retain personal data for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. You can request deletion as described below. Analytics data may be retained according to settings available in Firebase/Google Analytics.

Security Overview

We take a defense‑in‑depth approach to security across people, process, and technology. Highlights of our program are summarized below.

Encryption

  • In transit: All network traffic to our application is encrypted using TLS (HTTPS).
  • At rest: Data at rest is encrypted using industry‑standard encryption provided by our cloud providers.

Access control

  • Role‑based access with least‑privilege principles for staff and systems.
  • Multi‑factor authentication and SSO enforced for internal administrative access.

Network and infrastructure

  • Segregated environments, firewalling, and automated patching where supported.
  • Backups with periodic recovery tests for critical data stores.

Application security

  • Secure SDLC with code reviews, dependency scanning, and CI/CD controls.
  • Vulnerability management with timely remediation based on severity.

Monitoring and incident response

  • Centralized logging and alerting for anomalous activities.
  • Documented incident response procedures and post‑incident reviews.

Business continuity

  • Redundancy across critical components and regularly tested recovery playbooks.

Data locations & international transfers

We aim to store and process data in regions aligned with our service configuration (for example, certain Firebase resources are configured for Europe‑West). However, some processing may occur globally due to the nature of cloud services and content delivery. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

Sharing and disclosures

  • Service providers (sub‑processors) that help us deliver the Services under contractual safeguards (e.g., Google Firebase and Google Cloud Platform).
  • Legal and compliance when required by law, regulation, or to protect rights, safety, and property.
  • Business transfers in connection with a merger, acquisition, or sale of assets.

Your rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data. To exercise these rights, contact us at privacy@stacksincentives.com.

Children's privacy

Our Services are not directed to children under 16, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy with an updated effective date. Material changes will be communicated appropriately.

Manage preferences / Opt out

  • You can disable non‑essential cookies via your browser settings.
  • To opt out of Google Analytics across websites, you can use the Google Analytics Opt‑out Browser Add‑on: tools.google.com/dlpage/gaoptout.
  • You can adjust Google Ad Settings here: adssettings.google.com.
  • If you have an account with us and want to limit analytics associated with your account, please contact us.

Contact

Questions about privacy or security? Email privacy@stacksincentives.com or security@stacksincentives.com, or reach out via our contact form.