Privacy Policy

We collect the following types of information when you use Stackey:

• Account information: email address, hashed password, and name provided at sign-up.
• Billing information: payment card details processed and stored by Stripe — we never store full card numbers on our servers.
• Uploaded files and metadata: files you upload and the auto-generated metadata associated with them (file name, document type, date, amount, summary, etc.).
• Access logs: IP address, browser type, referring URL, and timestamps for security and reliability purposes.
• Support communications: the content of messages you send us via email or contact form.

If you connect third-party services (external storage services), we store authentication tokens on your behalf. We only access the files you explicitly import into Stackey.

We use the information we collect only for the following purposes:

• Providing and improving the Stackey service
• Creating and managing your account
• Automatically name, categorize, and thumbnail your files
• Processing subscription payments and managing billing
• Sending essential service communications (downtime notices, Terms updates, etc.)
• Responding to support requests
• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations

We do not share your personal information with third parties except in the following circumstances:

• With your consent — when you explicitly authorize a data sharing action.
• Sub-processors — vendors who help us operate the service (see Section 05).
• Legal requirements — when required by law, court order, or government authority.
• Protection of rights — when necessary to protect the safety of persons or property.

We have never sold user data and have no intention of doing so.

To deliver our service, we rely on trusted third-party service providers for file analysis, payment processing, storage, and CDN. Each provider is bound by appropriate data processing agreements and may only use data for the purpose of providing their services to us.

We do not permit sub-processors to use your data for their own purposes, including marketing or model training.

We retain your information only as long as necessary for the purposes described in this Policy.

• Account & file data: retained while your account is active; permanently deleted within 30 days of account closure.
• Billing records: retained for 7 years as required by Japanese accounting law.
• Access logs: retained for 90 days.
• Support messages: retained for 1 year after resolution.

We take the security of your data seriously and implement the following measures:

• All data in transit is encrypted with TLS/HTTPS
• Passwords are hashed using industry-standard algorithms — we never store plaintext passwords
• Files are stored encrypted at rest
• Credentials are managed server-side and never exposed to clients
• Access to user data is restricted to personnel on a need-to-know basis
• Regular security reviews are conducted

In the event of a data breach that affects your personal data, we will notify you and applicable authorities as required by law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate data.
• Deletion: request deletion of your data (you can also delete your account directly from your account settings).
• Portability: receive your data in a machine-readable format.
• Objection: object to certain types of processing.

To exercise any of these rights, please contact us using the details in Section 11. We will respond within a reasonable timeframe and may ask you to verify your identity before processing your request.

We may update this Privacy Policy from time to time. When we do:

• For material changes, we will notify you by email or via an in-app notice.
• For minor changes, we will update the "Last updated" date at the top of this page.
• Continued use of the service after changes are posted constitutes acceptance of the updated Policy.

If you have any questions about this Privacy Policy or wish to exercise your rights, please reach out: