← Back to home

Privacy Policy

Last updated: April 11, 2026

1. Who We Are

Stacknodo ("we", "us", "our") is the data controller for the personal data processed through the Stacknodo platform, including the Studio, API, documentation site, community forum, and landing page (collectively, the "Service").

Contact: [email protected]

2. What Data We Collect

Account Data

When you register, we collect your first name, last name, and email address. We store a salted, hashed copy of your password — we never store passwords in plain text.

Project Data

Data you store through the Service (tables, rows, files, configurations) is your content. We process it solely to provide the Service.

Usage Data

We collect technical data to operate and improve the Service, including: IP addresses, browser type, request timestamps, API request counts, and error logs. This data is used for rate limiting, abuse prevention, and aggregate analytics.

Payment Data

Payment processing is handled by Stripe. We do not store your credit card number, CVC, or full card details on our servers. Stripe's privacy policy applies to payment data: stripe.com/privacy.

Cookies

We use a single authentication cookie (sn_token) to keep you signed in across Stacknodo subdomains. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

3. How We Use Your Data

  • Provide the Service — authenticate you, run your projects, serve your API, store your data
  • Communicate with you — send transactional emails (verification, password reset, billing receipts), respond to support requests
  • Prevent abuse — rate limiting, spam detection, reCAPTCHA for registration
  • Improve the Service — aggregate, anonymized usage analytics to understand feature adoption and performance
  • Billing — process payments, manage subscriptions, enforce plan limits

We will never sell your personal data to third parties. We do not use your data for advertising or profiling.

4. Legal Basis (GDPR)

  • Contract — processing necessary to provide the Service you signed up for (Art. 6(1)(b))
  • Legitimate interest — abuse prevention, security monitoring, service improvement (Art. 6(1)(f))
  • Legal obligation — tax records, regulatory compliance (Art. 6(1)(c))
  • Consent — where required, e.g., optional marketing emails (Art. 6(1)(a))

5. Where Your Data Is Stored

All primary compute and data storage is located in EU datacenters. Block storage is encrypted at rest and replicated across physically separate servers within the EU.

Your data does not leave the EU by default. If a sub-processor operates outside the EU, we ensure adequate safeguards are in place (Standard Contractual Clauses or equivalent).

6. Sub-Processors

We use the following third-party services to operate Stacknodo:

ServicePurposeData location
StripePayment processingEU / US (SCCs)
Google reCAPTCHABot prevention at registrationUS (SCCs)
Transactional email providerVerification & billing emailsEU

7. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion.
  • Project data — retained while your account is active. Permanently deleted within 30 days of account deletion.
  • Usage logs — retained for up to 90 days, then automatically purged.
  • Billing records — retained for 7 years as required by tax regulations.

8. Your Rights

Under the GDPR and applicable laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — export your data in a standard, machine-readable format
  • Restriction — request restricted processing of your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Hungary: NAIH (naih.hu).

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption at rest and in transit (TLS 1.2+)
  • Salted bcrypt password hashing
  • Per-project database schema isolation
  • WAF and DDoS protection at the network edge
  • Role-based access control and audit logging
  • Regular security reviews

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at [email protected].