Privacy Policy

How we collect, use, and protect your personal information

Last updated: January 1, 2025

At Stack Toast, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with our community.

This policy applies to all information collected through our website, Stack Toast Laravel boilerplate, AI Cocktail package, community platform, and any related services (collectively, the "Services").

Important: By using our Services, you consent to the data practices described in this policy.

Table of Contents

1. Information We Collect 2. How We Use Your Information 3. Information Sharing 4. Third-Party Services 5. AI Integration Privacy 6. Data Security 7. Data Retention 8. Your Privacy Rights 9. GDPR Compliance 10. Cookies and Tracking 11. Children's Privacy 12. Changes to This Policy 13. Contact Us

1. Information We Collect

Information You Provide Directly:

  • Account Information: Name, email address, company name, and payment information when purchasing Stack Toast
  • Profile Information: Optional profile details for community participation
  • Communication Data: Messages, support tickets, and feedback you send us
  • Community Participation: Posts, comments, and interactions in our Discord community
  • Survey and Feedback: Responses to surveys, testimonials, and user experience feedback

Information Collected Automatically:

  • Usage Data: How you interact with our website and services
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Files: Server logs including access times, pages viewed, and errors
  • Analytics Data: Website performance, user behavior, and conversion metrics
  • GitHub Activity: Repository access, downloads, and contribution activity (if applicable)

Payment Information:

We use third-party payment processors (Stripe, etc.) to handle transactions. We store minimal payment data and never store full credit card numbers. Payment processors maintain their own privacy policies and security standards.

2. How We Use Your Information

Service Delivery:

  • Process purchases and provide access to Stack Toast and AI Cocktail
  • Manage your account and GitHub repository access
  • Provide customer support and respond to inquiries
  • Deliver updates, security patches, and new features
  • Facilitate community participation and communication

Communication:

  • Send purchase confirmations and access instructions
  • Notify you of important updates or security issues
  • Respond to support requests and feedback
  • Send occasional product updates and community highlights (opt-in)

Improvement and Analytics:

  • Analyze usage patterns to improve our services
  • Monitor performance and fix technical issues
  • Conduct research and development for new features
  • Create aggregated, anonymized reports for business insights

Legal and Security:

  • Comply with legal obligations and enforce our terms
  • Prevent fraud, abuse, and security threats
  • Protect the rights and safety of our users and business
  • Respond to legal requests and government inquiries

3. Information Sharing

We Share Information Only In Limited Circumstances:

Service Providers:

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Stripe, and others for transaction processing
  • Cloud Services: GitHub for repository hosting and version control
  • Analytics: Google Analytics for website performance (anonymized data)
  • Communication: Email services for customer notifications
  • Community Platform: Discord for community management

Legal Requirements:

We may disclose information when required by law or to:

  • Comply with legal process or government requests
  • Enforce our Terms of Use or other agreements
  • Protect against fraud or security threats
  • Safeguard the rights and safety of users or the public

Business Transfers:

If Stack Toast is acquired or merged, user information may be transferred as part of the transaction. We will notify users and provide options for data handling.

We Never: Sell, rent, or trade your personal information to third parties for marketing purposes.

4. Third-Party Services

Services We Integrate With:

  • GitHub: Repository hosting and access management
  • Discord: Community platform for user interaction
  • Payment Processors: Stripe, Paddle, Lemon Squeezy
  • Analytics: Google Analytics for website metrics
  • CDN Services: For faster content delivery

Your Responsibility:

When you use third-party services through our platform, you're subject to their privacy policies and terms of service. We encourage you to review these policies.

Links to External Sites:

Our website may contain links to external sites. We're not responsible for the privacy practices of these sites. Please review their privacy policies before sharing personal information.

5. AI Integration Privacy

AI Cocktail Data Handling:

When you use AI Cocktail, your data may be processed by third-party AI providers:

  • Data Transmission: Content you submit for AI processing is sent to selected AI providers
  • Temporary Processing: AI providers may temporarily store your data for processing
  • No Training: Most providers don't use your data to train their models (but verify with each provider)
  • Provider Policies: Each AI service has its own privacy policy and data handling practices

Supported AI Providers:

Text Models: OpenAI, Anthropic, Google, Meta, Mistral

Image Models: DALL-E, Midjourney, Stable Diffusion, Replicate

Voice Models: ElevenLabs, OpenAI TTS, Azure Speech

Other Services: Various API providers for specialized tasks

Your Control:

  • Choose which AI providers to use in your applications
  • Configure data retention settings where supported
  • Review and comply with AI provider terms of service
  • Monitor your AI usage and associated costs

Important: When using AI services, you're responsible for ensuring compliance with applicable privacy laws and your own privacy policy.

6. Data Security

Security Measures:

  • Encryption: Data transmitted and stored using industry-standard encryption
  • Access Controls: Strict access controls and authentication requirements
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Secure Infrastructure: Hosting on reputable, secure cloud platforms
  • Incident Response: Procedures for handling security incidents and breaches

Payment Security:

  • PCI DSS compliant payment processing
  • No storage of full credit card numbers
  • Secure tokenization for recurring transactions
  • SSL/TLS encryption for all payment pages

Your Security Responsibilities:

  • Keep your account credentials secure and confidential
  • Use strong, unique passwords for your accounts
  • Report suspected security issues immediately
  • Keep your software and systems updated

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

7. Data Retention

Retention Periods:

  • Account Data: Retained while your account is active and for 3 years after closure
  • Purchase Records: Maintained for 7 years for tax and legal compliance
  • Support Communications: Kept for 2 years to improve customer service
  • Website Analytics: Anonymized data retained for 26 months
  • Community Posts: Retained while community account is active

Data Deletion:

We automatically delete data when retention periods expire, except where:

  • Legal obligations require longer retention
  • Ongoing legal proceedings necessitate preservation
  • Legitimate business interests justify extended retention
  • You've provided explicit consent for longer retention

Early Deletion Requests:

You may request early deletion of your data, subject to legal and operational requirements. Some data may need to be retained for business continuity or legal compliance.

8. Your Privacy Rights

You Have the Right To:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for data processing

How to Exercise Your Rights:

Contact us at privacy@stacktoast.com with your request

Include your account email and specific request details

We'll respond within 30 days (or as required by applicable law)

Verification Process:

To protect your privacy, we may need to verify your identity before processing requests. This may involve confirming your email address or answering account-specific questions.

Limitations:

Some requests may be limited by:

  • Legal obligations to retain certain information
  • Technical limitations in our systems
  • Rights of other individuals
  • Our legitimate business interests

9. GDPR Compliance

Legal Basis for Processing:

  • Contract Performance: Processing necessary to provide Stack Toast services
  • Legitimate Interests: Business operations, security, and service improvement
  • Legal Obligations: Compliance with tax, legal, and regulatory requirements
  • Consent: Optional marketing communications and analytics

Data Transfers:

We may transfer data outside the European Economic Area (EEA) using appropriate safeguards:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Certification schemes and codes of conduct
  • Your explicit consent where required

EU Representative:

If required under GDPR, we will appoint an EU representative for data protection matters affecting EU residents.

Supervisory Authority:

You have the right to lodge a complaint with your local data protection authority if you believe we've violated your privacy rights.

10. Cookies and Tracking

Types of Cookies We Use:

  • Essential Cookies: Required for website functionality and security
  • Analytics Cookies: Help us understand how users interact with our site
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Track effectiveness of marketing campaigns (with consent)

Third-Party Analytics:

We use Google Analytics to understand website usage. This service may use cookies and similar technologies. You can opt out using Google's opt-out tools.

Managing Cookies:

  • Configure your browser to block or delete cookies
  • Use our cookie consent banner to manage preferences
  • Opt out of Google Analytics using their browser add-on
  • Note: Blocking essential cookies may affect website functionality

Do Not Track:

We respect Do Not Track signals and will not track users who have enabled this setting in their browser.

11. Children's Privacy

Stack Toast is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If you're a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We'll take steps to remove such information from our systems.

If we become aware that we've collected personal information from someone under 18 without proper consent, we'll delete that information promptly.

12. Changes to This Policy

Policy Updates:

We may update this Privacy Policy periodically to reflect:

  • Changes in our services or business practices
  • New legal requirements or regulations
  • Improvements to our privacy practices
  • User feedback and industry best practices

Notification Process:

For significant changes, we'll notify you through:

  • Email notifications to registered users
  • Prominent notices on our website
  • Community announcements
  • Updates to the "Last Updated" date above

Your Continued Use:

Continued use of our services after policy changes constitutes acceptance of the updated policy. If you disagree with changes, you may discontinue using our services.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Contact Information

For privacy-related requests, please include "Privacy Request" in your email subject line and provide details about your specific concern or request.

Last Updated: January 1, 2025
Version: 1.0

This Privacy Policy is effective immediately and applies to all information previously collected and information collected going forward.