Privacy Policy
Last updated: June 9, 2026
This Privacy Notice for Stacklite ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at stacklite.live or any website of ours that links to this Privacy Notice
- Use Stacklite — a workspace for solo freelancers to manage clients, contracts, invoices, time, and income without switching apps
- Engage with us in other related ways, including support requests
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have questions, contact us at [email protected].
Summary of key points
This summary provides key points from our Privacy Notice. You can find more detail in the table of contents below.
- What personal information do we process? It depends on how you interact with Stacklite, the choices you make, and the features you use. See personal information you disclose to us.
- Do we process sensitive personal information? We do not process sensitive personal information.
- Do we collect information from third parties? If you sign in with Google or GitHub, we receive limited profile information from that provider.
- How do we process your information? To provide, improve, and administer our Services, communicate with you, maintain security, and comply with law. See how we process your information.
- When do we share personal information? Only in specific situations and with service providers needed to operate Stacklite. See when and with whom we share your personal information.
- How do we keep your information safe? We use organizational and technical safeguards, but no system is 100% secure. See how we keep your information safe.
- What are your rights? Depending on where you live, you may have privacy rights over your personal information. See your privacy rights.
- How do you exercise your rights? Contact us at [email protected] or visit our support page.
1. What information do we collect?
Personal information you disclose to us
In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register on the Services, express interest in obtaining information about us or our Services, participate in activities on the Services, or otherwise contact us.
Personal information provided by you. The personal information we collect may include:
- Names
- Email addresses
- Passwords (managed and hashed by Supabase Auth — we do not store plaintext passwords)
- Contact or authentication data
- Profile and business details you add for contracts and invoices
- Client, contract, invoice, and time-entry data you create in the workspace
Sensitive information. We do not process sensitive personal information.
Guest mode data. If you use Stacklite without signing in, workspace data is stored locally in your browser for up to 24 hours. It is not sent to our servers unless you create an account and choose to migrate it.
All personal information that you provide must be true, complete, and accurate, and you must notify us of any changes.
Information automatically collected
In short: Some information — such as your IP address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and technical information about how and when you use our Services.
Like many businesses, we also collect information through cookies and similar technologies. See our Cookie Policy and section 5 below.
The information we collect includes:
- Log and usage data. Service-related diagnostic, usage, and performance information our servers automatically collect, which may include IP address, device information, browser type, pages viewed, and actions taken in the Services.
- Device data. Information about the computer, phone, tablet, or other device you use to access the Services.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2. How do we process your information?
In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for reasons including:
- To facilitate account creation and authentication and otherwise manage user accounts
- To provide and operate the Services, including contracts, invoices, clients, time tracking, and income views
- To respond to user inquiries and offer support
- To send administrative information such as account confirmation or password reset messages
- To maintain security and prevent fraud
- To comply with legal obligations
- To save or protect an individual's vital interest when necessary to prevent harm
3. What legal bases do we rely on to process your information?
In short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We may rely on:
- Consent. Where you have given permission for a specific purpose. You can withdraw consent at any time — see withdrawing your consent.
- Performance of a contract. Where processing is necessary to provide the Services you requested.
- Legitimate interests. Where processing is necessary for our legitimate business interests and your rights do not override those interests.
- Legal obligations. Where processing is necessary for compliance with law.
- Vital interests. Where processing is necessary to protect vital interests.
If you are located in Canada, this section applies to you.
We may process your information with your express or implied consent. You can withdraw consent at any time. In some exceptional cases, we may be legally permitted to process your information without consent where permitted by applicable law.
7. How long do we keep your information?
In short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We keep personal information only as long as needed for the purposes in this notice. When we have no ongoing legitimate business need to process your personal information, we will delete or anonymize it, or securely store and isolate it until deletion is possible.
Account data is retained for as long as your account exists. After account deletion, we delete associated data within 30 days, with backups purged within 90 days unless a longer retention period is required by law.
Guest mode data in your browser is automatically cleared after 24 hours unless you migrate it to an account.
8. How do we keep your information safe?
In short: We aim to protect your personal information through organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect personal information we process, including HTTPS/TLS, Row Level Security on user data, and secure session handling. However, no electronic transmission or storage technology is 100% secure. Transmission of personal information to and from our Services is at your own risk. Access the Services only in a secure environment.
9. Do we collect information from minors?
In short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor and consent to such minor dependent's use of the Services.
If we learn that personal information from users under 18 has been collected, we will deactivate the account and take reasonable measures to delete such data. Contact us at [email protected].
10. What are your privacy rights?
In short: Depending on where you are located, you may have rights that allow you greater access to and control over your personal information.
In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you may have the right to request access, rectification, erasure, restriction, portability, and to object to certain processing. Contact us using the details in section 14.
If you are in the EEA or UK and believe we are unlawfully processing your personal information, you may complain to your Member State data protection authority or the UK Information Commissioner's Office.
Withdrawing your consent
If we rely on your consent to process personal information, you have the right to withdraw consent at any time by contacting us. Withdrawal will not affect the lawfulness of processing before withdrawal.
Account information
If you would like to review or change information in your account or terminate your account, log in to your account settings and update your profile, or contact us to request deletion.
Upon account termination, we deactivate or delete your account and information from active databases, though we may retain some information to prevent fraud, troubleshoot problems, assist investigations, enforce our terms, or comply with legal requirements.
Cookies and similar technologies
Most web browsers accept cookies by default. You can usually set your browser to remove or reject cookies, which may affect certain features of the Services. See our Cookie Policy and section 5.
Questions about your privacy rights? Email [email protected].
11. Controls for do-not-track features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") setting. No uniform technology standard for recognizing DNT signals has been finalized. We do not currently respond to DNT browser signals automatically.
Global Privacy Control: Where applicable under state privacy laws, we treat a valid Global Privacy Control (GPC) signal as a request to opt out of the sale or sharing of personal information for targeted advertising. Learn more at globalprivacycontrol.org.
12. Do United States residents have specific privacy rights?
In short: If you are a resident of certain US states, you may have the right to request access, correction, deletion, and opt-out of certain processing. These rights may be limited by applicable law.
Categories of personal information we collect
The table below shows categories of personal information we have collected in the past twelve (12) months. For a comprehensive inventory, see section 1.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email address, IP address, account name, and similar identifiers | Yes |
| B. California Customer Records personal information | Name, contact information, and professional or employment-related information you provide | Yes |
| C. Protected classification characteristics | Gender, age, and demographic data | No |
| D. Commercial information | Transaction information and invoice-related business records you create | No |
| F. Internet or similar network activity | Browsing history, interactions with our Services, and usage data | No |
| L. Sensitive personal information | Sensitive categories under state law | No |
Your rights
Depending on your state, you may have rights including:
- Right to know whether we process your personal data
- Right to access your personal data
- Right to correct inaccuracies
- Right to request deletion
- Right to obtain a copy of personal data you previously shared
- Right to non-discrimination for exercising your rights
- Right to opt out of certain processing for targeted advertising, where applicable
How to exercise your rights
Email us at [email protected] or visit our support page. We will verify your identity before processing requests.
If we decline your request, you may appeal by emailing [email protected].
13. Do we make updates to this notice?
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we may notify you by posting a notice on the Services or by email if you have an account. Review this notice frequently to stay informed.
14. How can you contact us about this notice?
If you have questions or comments about this notice, email [email protected] or contact us by post at:
15. How can you review, update, or delete the data we collect from you?
Based on applicable laws, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw consent to our processing of your personal information.
To review, update, or delete your personal information, log in to your account settings, email [email protected], or visit our support page.
6. How do we handle your social logins?
In short: If you choose to register or log in using a social media account, we may have access to certain information about you.
Our Services offer you the ability to register and log in using your Google or GitHub account. If you choose to do this, we receive certain profile information from your social media provider, which often includes your name, email address, and profile picture.
We use the information we receive only for the purposes described in this Privacy Notice. We do not control how your social media provider uses your personal information. Review their privacy notice to understand their practices.