Summary: We collect minimal data, never sell it, and you can delete your account anytime. We believe privacy is a fundamental right, not a premium feature.
1. Information We Collect
1.1 Account Information
When you create a Stakt account, we collect:
- Email address - For authentication and account recovery
- Phone number (optional) - For two-factor authentication
- Account identifiers - Anonymous account proxies (not auth tokens) to distinguish between your cards
1.2 Credit Card Offer Data
When you use the Stakt extension while logged into your bank's website, we collect:
- Offer details - Merchant name, discount amount, expiration date, terms
- Card information - Card type and last 4 digits (for display purposes)
- Offer status - Whether an offer is enrolled, available, or used
Important: We never collect your full card numbers, CVV codes, bank login credentials, or transaction history.
1.3 Usage Data
We collect anonymized usage data to improve our service:
- Extension open/close events
- Feature usage (e.g., filtering, sorting)
- Error logs (to fix bugs)
- Browser type and version
2. How We Use Your Information
- Provide the service - Display your collected offers in one place
- Sync across devices - Keep your offers updated on all your devices
- Send notifications - Alert you when offers are expiring (if you opt in)
- Improve the product - Analyze usage patterns to enhance features
- Support - Help you with any issues you encounter
3. How We Store & Protect Your Data
3.1 Security Measures
- Encryption at rest - All data is encrypted using AES-256
- Encryption in transit - TLS 1.3 for all data transmission
- Secure authentication - Magic links and optional 2FA
- Row-level security - Database policies ensure you only access your data
- Regular security audits - We review our security practices quarterly
3.2 Data Storage
Your data is stored in secure data centers operated by our infrastructure providers (Supabase, AWS). All data is stored in the United States.
4. What We Don't Do
- We never sell your data to third parties
- We never share your data with advertisers
- We never store your bank passwords or full card numbers
- We never access your transaction history or purchase details
- We never modify your bank accounts - Stakt is read-only
5. Third-Party Services
We use the following trusted services:
- Supabase - Database and authentication infrastructure
- Stripe - Payment processing (for future premium features)
- PostHog - Privacy-focused analytics (anonymized data only)
Each of these services has their own privacy policies and security certifications.
6. Your Rights
You have full control over your data:
- Access - Download all your data at any time
- Correction - Update your account information
- Deletion - Permanently delete your account and all data
- Portability - Export your offer data in standard formats
- Opt-out - Disable analytics or marketing communications
To exercise any of these rights, contact us at [email protected].
7. Data Retention
- Active accounts: Data retained until you delete your account
- Deleted accounts: All data permanently deleted within 30 days
- Backups: Encrypted backups retained for 90 days, then purged
- Analytics: Anonymized data may be retained longer for statistical purposes
8. Children's Privacy
Stakt is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or through the extension. The "Last updated" date at the top of this page indicates when this policy was last revised.
10. Contact Us
If you have any questions, concerns, or requests regarding your privacy:
General Inquiries
[email protected]Privacy Questions
[email protected]Legal Matters
[email protected]Stakt Inc.
San Francisco, CA