Privacy Policy.

Last updated: March 2026 — keep reading to understand how we handle your data.

1. Introduction

Welcome to STACK42.ai. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service, and describes your privacy rights and how the law protects you. By using STACK42.ai, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect and process the following types of information:

  • Account Information: Email address, name, and password when you create an account.
  • Usage Data: Information about how you use our Service, including website generation prompts, AI refinement requests, generated content, and project data.
  • Brand Profile Data: Logos, colors, fonts, and contact information you save to your brand profiles.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full card number; Stripe handles payment data directly.
  • Domain Information: Custom domain names and DNS verification status when you connect a domain to your deployed website.
  • Technical Data: IP address, browser type and version, device information, time zone, operating system, and cookies.
  • Communications: Messages you send us via contact forms or support channels.
  • Referral Data: If you participate in our referral program, we record referral relationships and associated credit activity between accounts.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain our Service
  • To process your AI website generation and refinement requests
  • To manage your account, brand profiles, and subscription
  • To process payments, manage credits, and prevent fraud
  • To send transactional emails (account confirmation, credit alerts, deployment notifications)
  • To respond to your support requests and communications
  • To improve our Service, develop new features, and analyze usage patterns
  • To send you important updates about our Service or changes to these policies
  • To administer our referral program
  • To comply with legal obligations

4. AI Processing & Your Prompts

STACK42.ai uses large language model technology provided by Anthropic, PBC ("Claude") to generate and refine your website content. When you submit a generation prompt or refinement request, the following applies:

  • What is sent to Anthropic: Your generation prompts, refinement instructions, and relevant context (such as brand profile data you have provided) are transmitted to Anthropic's API for processing. Anthropic processes this data solely to return a generated response to STACK42.ai.
  • Model training: As of the date of this policy, Anthropic does not use API inputs or outputs to train its models by default. Please refer to Anthropic's Privacy Policy at anthropic.com/legal/privacy for the most current information.
  • STACK42.ai use of prompts: We store your prompts and generated outputs in order to display your projects in your dashboard and enable editing. We may use aggregated, anonymized prompt data to improve the quality of our generation system. We do not sell your prompt data.
  • Sensitive information: Please do not include sensitive personal information (such as government IDs, financial account numbers, or medical data) in your generation prompts.

5. Contact Form Submissions on Generated Websites

Websites generated through STACK42.ai may include contact forms. When a visitor submits a contact form on a website you have published through our Service:

  • The visitor's submission data (name, email, message, and any other fields) is stored in our database and associated with your project.
  • You, as the website owner, are the data controller for your visitors' submissions. You are responsible for handling that data in accordance with applicable privacy laws.
  • STACK42.ai acts as a data processor for visitor submissions on your behalf.
  • Visitor submission data is accessible to you through your dashboard and may be forwarded to you via email notification if configured.
  • We do not use your visitors' contact form data for our own marketing purposes.
  • If you delete a project, associated contact form submissions are also deleted.

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data is encrypted in transit using SSL/TLS
  • Passwords are securely hashed and never stored in plain text
  • We use Supabase for secure database storage with row-level security controls
  • Access to personal data is restricted to authorized personnel only
  • We conduct regular reviews of our data collection, storage, and processing practices

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Active accounts: Your account data, projects, and brand profiles are retained for as long as your account is active.
  • After account deletion: We delete or anonymize your personal data within 30 days of account deletion, except where retention is required by law.
  • Payment records: Transaction records are retained for up to 7 years to comply with financial and tax regulations.
  • Deployed website data: If your subscription lapses and your deployed sites go offline, associated project data is retained for 30 days before deletion to allow you to download your code.
  • Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently purged.

8. Data Sharing and Third Parties

We do not sell your personal data. We share your information only with the following third-party service providers, each of whom processes data only as necessary to deliver their service:

  • Anthropic, PBC: AI language model processing. Your prompts and brand context are transmitted to Anthropic's API to generate website content.
  • Supabase: Database hosting and authentication. All user account data, projects, and form submissions are stored via Supabase.
  • Vercel: Frontend hosting and deployment infrastructure for STACK42.ai and your deployed websites.
  • Stripe: Payment processing. Stripe handles all billing data including card details. We do not store your full card number.
  • Resend: Transactional email delivery. Your email address is used to send account, notification, and system emails.

We may also disclose your information where required by law, regulation, or legal process, or to protect the rights, property, or safety of STACK42.ai, our users, or others.

9. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve our Service. The types of cookies we use include:

  • Essential cookies: Required for the Service to function. These include authentication session cookies that keep you logged in. You cannot opt out of these without disabling the Service.
  • Preference cookies: Store your settings and preferences (such as UI state) to improve your experience.
  • Analytics cookies: Help us understand how users interact with the Service so we can improve it. Data is aggregated and anonymized where possible.
  • Third-party cookies: Some of our service providers (including Stripe and Crisp) may set their own cookies when you interact with payment or support features.

You can instruct your browser to refuse all cookies or to notify you when a cookie is being sent. If you disable cookies, some parts of the Service may not function correctly.

10. Your Rights

You have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Export: Request a copy of your data in a portable format.
  • Objection: Object to processing of your data for certain purposes, including direct marketing.
  • Restriction: Request that we restrict the processing of your data in certain circumstances.

To exercise any of these rights, please contact us at privacy@stack42.ai. We will respond within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to delete personal information we have collected from you, subject to certain exceptions.
  • The right to opt out of the sale of your personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your CCPA rights.

To submit a CCPA request, contact us at privacy@stack42.ai.

12. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@stack42.ai and we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where required by law, notifying you by email. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

privacy@stack42.aiContact Form