Skip to content
StackPilot

Privacy Policy

This policy explains what StackPilot collects, why, who we share it with, and the choices you have. Last updated 21 June 2026.

Who this applies to

This policy covers StackPilot (the “Service”, “we”, “us”) — the website, the AI matcher, accounts, saved lists, tool submissions, the newsletter, and paid plans. The party that operates the Service is the data controller. You can reach us any time at hello@stackpilot.ai.

Information we collect

We collect only what the Service needs to work:

  • Account data. When you sign up we store your email address and an authentication record (your password is salted and hashed by our auth provider — we never see or store it in plain text).
  • Content you create. Saved tool lists, tools you submit, and newsletter preferences are tied to your account so we can show them back to you.
  • Matcher queries. The task descriptions you type into the AI matcher are processed to return a ranked shortlist (see “AI processing” below).
  • Payment data. If you upgrade to a paid plan, checkout and card details are handled by our payment processor as merchant of record. We receive only your plan status and non-sensitive billing metadata (e.g. country, last four digits) — never full card numbers.
  • Usage data. Privacy-friendly, aggregate analytics (page views, referrers, country) with no cross-site tracking and no advertising profiles.

How we use your information

  • Operate the Service — authenticate you, save your lists, run the matcher, and email what you asked for.
  • Process and manage paid subscriptions, receipts, and renewals.
  • Review and moderate submitted tools before they appear in the directory.
  • Understand aggregate usage so we can improve performance and content.
  • Protect the Service against abuse, fraud, and security incidents.

We do not sell your personal data, and we do not use it for third-party advertising.

AI processing of matcher queries

When a language model is configured, the text you enter in the matcher is sent to our AI provider solely to rank and explain results, then returned to you. We do not use your queries to train models, and we ask you not to include sensitive personal information in a query. If no model is configured, matching runs locally with a deterministic engine and your query never leaves our infrastructure.

Service providers we share data with

We rely on a small set of vetted processors, each handling only what their function requires:

  • Database & authentication — hosts your account, saved lists, and submissions under row-level security.
  • AI provider — receives matcher queries to generate rankings (only when a model is configured).
  • Payment processor — handles checkout and billing as merchant of record.
  • Analytics — cookieless, aggregate traffic measurement.
  • Email delivery — sends transactional and newsletter messages you have requested.

We may also disclose information if required by law or to protect the rights, safety, and security of users and the Service.

Cookies and similar technologies

We use a small number of essential cookies and local storage to keep you signed in and remember your session. We do not use advertising or cross-site tracking cookies, and our analytics is cookieless. Because essential cookies are required for the Service to function, they are not subject to opt-in consent; you can still clear them in your browser, but you may be signed out.

Data retention

We keep account data for as long as your account is active. Delete your account and we remove your personal profile and saved content within 30 days, except where we must retain limited records (for example, billing and tax records) to meet legal obligations. Aggregate, de-identified analytics may be retained indefinitely.

Your rights and choices

Depending on where you live (for example, under the GDPR or CCPA), you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can edit saved lists and unsubscribe from the newsletter at any time from within the app. For any other request, email hello@stackpilot.ai and we will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data-protection authority.

Security

Data is encrypted in transit (TLS) and at rest by our infrastructure providers, access is restricted, and the database enforces row-level security so users can only reach their own records. No system is perfectly secure, but we work to protect your information and will notify affected users of a material breach as required by law.

International transfers

Our providers may process data in countries other than yours. Where required, such transfers rely on appropriate safeguards (for example, standard contractual clauses) to protect your information.

Children

The Service is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has provided us personal information, contact us and we will delete it.

Changes to this policy

We may update this policy as the Service evolves. Material changes will be reflected by the “Last updated” date above, and significant changes will be communicated where appropriate.

Contact us

Questions about this policy or your data? Email hello@stackpilot.ai. See also our Terms of Service.