Privacy Policy

Last updated: June 6, 2024

At Stacker, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Personal Data

Information We Collect

When you use Stacker, we collect the following types of information:

  • Authentication Information: 
    • When you log in to Stacker using GitHub OAuth:
      • We securely store the username and email associated with your GitHub account.
    • When you permit us to access your GitHub notifications:
      • We securely store a GitHub API token associated with your account with the notifications:read scope.
  • Notification Metadata: 
    • When new notifications are detected in your GitHub account:
      • We get their metadata, such as type, reason, and repository owner, and store it in our database.
  • Digest Settings: 
    • You can change the email a Stacker digest is sent anytime.

How We Use Your Information

We use the information collected for the following purposes:

  • Providing Services: 
    • We use your authentication information to enable you to access and use Stacker.
    • The GitHub API token is used to get new notifications from your GitHub account.
    • The notification metadata is used to create the digests you configured Stacker to send.
    • Your digests settings define how and when we send you email digests.
  • Improving Our Services:
    • We may analyze usage patterns and feedback to improve our services and user experience.
  • Communication:
    • We may contact you with important information about your account or our services.

Data Storage

Your data is stored in our databases and run on servers provided by Hetzner, located in Ashburn, Virginia, USA. Backups are stored in AWS S3 buckets in Stockholm, Sweden. We adhere to relevant data protection laws, including the General Data Protection Regulation (GDPR) for our EU users. All data is encrypted at rest.

Retention of Data

We retain your personal data for as long as necessary to provide you with our services and as required by applicable law. GitHub notifications metadata is stored only for the period necessary to compile and send the email digests.

You can request the deletion of your personal data at any time by contacting us at [email protected].

Service Providers

We use third-party services to facilitate our operations. These service providers are bound by law to protect your personal data and are only permitted to use it as necessary to provide their services to us.

  • GitHub: OAuth provider
    • We use GitHub OAuth to authenticate users.
  • Paddle: Payment processor.
    • We do not store your payment information.
  • Hookdeck: Webhook management.
    • We use Hookdeck to manage the webhooks that GitHub sends us.
  • AWS SES: Transactional email provider.
    • Used to send necessary emails related to your account.
  • AWS S3: Object storage.
    • We store backups of our database here.
  • Hetzner: Server provider.
  • Grafana Labs: Observability.
    • We use Grafana Cloud to store the metrics, logs, and traces of our application.

We will update this policy if we add or change any service providers.

Security

We take reasonable measures to protect your personal information. However, no method of electronic storage or transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request that we correct any inaccuracies in your personal data.
  • Deletion: You can request the deletion of your personal data.
  • Restriction: You can request that we restrict the processing of your personal data.
  • Objection: You can object to the processing of your personal data.
  • Portability: You can request a copy of your personal data in a machine-readable format.

To exercise these rights, please contact us at [email protected]

Disclosure Of Data

Business Transaction

If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Changes will be posted on this page, and the "Last updated" date will be revised accordingly. If we make significant changes, we'll notify you via email or through a notice on our website.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].

Stacker