Stackgenie Privacy Policy
Last updated: June 15, 2026 Effective: June 15, 2026
1. Who we are
Stackgenie ("Stackgenie," "we," "us," "our") is a software-stack management tool operated by Big Brands Inc. of 9845 70 Street SE, Unit #110, Calgary, Alberta T2C 5X4, Canada. This Privacy Policy explains what personal information we collect, why, how we handle it, and the choices you have.
If you have any privacy question or request, contact us at support@stackgenie.co.
This policy covers our website (the "Site") and the Stackgenie web application (the "Service"). It is written for individuals in Canada and the United States, the markets Stackgenie currently serves.
2. Who this policy is for
Stackgenie is a business tool sold to operators and businesses. It is not intended for consumers buying for personal use, and not intended for anyone under 18 (or the age of majority where you live, if higher). We do not knowingly collect personal information from children. If you believe a minor has provided us information, contact us and we will delete it.
3. The two kinds of data in Stackgenie
It matters which "hat" we are wearing, because it changes our legal role.
(a) Data about you, our customer ("Account Data"). When you sign up and use Stackgenie, we collect information about you and your use of the Service. For this data, we are the controller — we decide why and how it is used, as described in this policy.
(b) Data you put into the Service about your business ("Customer Data"). This is the content you enter: your software tools, costs, renewal dates, notes, the people records you create about your colleagues or employees (their name, email, and role/title), forwarded receipt emails, and your savings/audit logs. For this data, you are the controller and we are the processor — we hold and process it on your behalf and under your instructions. We do not decide what you put in, and we do not use it for our own purposes. Your responsibilities as controller (including for the personal data of third parties you upload) are set out in our Terms of Service.
The rest of this policy focuses on Account Data — the information for which we are responsible to you directly. How we handle Customer Data is governed by your Terms of Service and Section 7 below.
4. Information we collect
4.1 Information you give us
- Account information: your email address, a password (see 4.4), and your display name.
- Payment information: if you subscribe to Pro, you provide payment details directly to Stripe, our payment processor. We never receive or store your full card number. We receive limited billing confirmation from Stripe (e.g., that a payment succeeded, your subscription status, and the card brand and last four digits Stripe shares for receipts/support).
- Communications: if you email us (e.g., for support or a refund), we keep that correspondence.
4.2 Information collected automatically
- First-party analytics events. To understand how the Site and Service are used and how people find us, we record events such as page views, sign-ups, and feature use, along with the UTM campaign parameters and referrer in the link you arrived through. These events are first-party only — they are written to our own database. We do not use Google Analytics, the Meta pixel, Google Tag Manager, or any third-party advertising or session-recording trackers. If that ever changes, we will update this policy and the Cookie Notice before turning any such tool on.
- Cookies. We use a small number of first-party cookies to keep you signed in and to remember where you first came from. We do not use third-party advertising cookies. See our Cookie Notice for the full list.
4.3 Information we do not collect
Stackgenie has no agents, no browser extensions, and no integrations that log into your other tools. We do not connect to your bank, we do not log into your software accounts, and we do not monitor what your employees do. We only have what you give us or type in.
4.4 Passwords
Authentication is handled through Supabase Auth. Your password is stored in hashed form by Supabase; we do not store it in plain text and cannot see it.
5. Why we use your information
We use Account Data to:
- create and operate your account and provide the Service;
- process your Pro subscription and refunds (via Stripe);
- send you transactional and service messages (e.g., renewal digests you've enabled, receipts, security and account notices) through our email service provider;
- respond to your support requests;
- understand and improve how the Service and Site are used, using the first-party analytics described above;
- keep the Service secure and prevent abuse; and
- meet legal and tax obligations.
Under Canadian privacy law (PIPEDA and Alberta's Personal Information Protection Act), we collect, use, and disclose personal information for purposes a reasonable person would consider appropriate in the circumstances, and we rely on your consent (express or implied through your use of the Service) for those purposes. You can withdraw consent as described in Section 10, subject to legal and contractual limits.
We do not sell your personal information, and we do not use it for third-party advertising. See Section 8.
6. Who we share it with (our service providers / sub-processors)
We do not sell your data and we do not share it for anyone else's marketing. We share data only with vendors who help us run the Service, under contracts that require them to protect it and to process it only on our instructions:
| Provider | What they do | What they handle |
|---|---|---|
| Supabase | Database hosting + authentication | Account Data and Customer Data (stored), password hashes |
| Vercel | Application & site hosting | Requests/traffic to the Service |
| Stripe | Payment processing | Your card and billing details (collected by Stripe directly) |
| Resend | Sending outbound transactional/service email | Your email address and message content |
| ImprovMX | Inbound email forwarding for support@stackgenie.co | The email you send us and your address |
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of Stackgenie, our users, or others. If Stackgenie is involved in a merger, acquisition, or sale of assets, data may transfer as part of that transaction; we will note it here if it happens.
We keep this sub-processor list current. If we add or change a sub-processor that handles personal information, we will update this table before the change takes effect.
7. Customer Data (the data you control)
For the business data you enter — including the people records about your colleagues/employees — you are the controller and we are your processor. We:
- store and process it to provide the Service to you;
- isolate each organization's data from every other organization's using row-level security (tenant isolation) in our database;
- act on your instructions, including your requests to export or delete; and
- do not use it to build profiles, train models, or for our own marketing.
Because these records may include other people's personal information, you are responsible for having the right to provide it and for any notices/consents those individuals are owed. See the Terms of Service, which contains our data-processing terms governing Customer Data.
8. We never sell your data
We do not sell your personal information, and we do not share it with third parties for their own advertising. This commitment is binding, not marketing copy. ("Sell" and "share" are read here in the broad sense used by laws such as the California Consumer Privacy Act, as amended by the CPRA — i.e., disclosure for money or for cross-context behavioral advertising — neither of which we do.)
9. How long we keep it (retention)
We keep Account Data for as long as your account is active and as needed to provide the Service. After that:
- Customer Data (your stack, ledger, people records): while your account lives, nothing you enter is deleted by us automatically — downgrading to Free makes records beyond your plan limit read-only, but does not delete them. When you delete your account or ask us to delete your data, we delete or irreversibly anonymize it within 30 days, except where we must retain it by law.
- Account/billing records: retained for as long as required by Canadian tax and accounting law (generally up to 6–7 years) after account closure, then deleted.
- Analytics events: first-party funnel/analytics events are retained for up to 24 months, then deleted or aggregated into non-identifying form.
- Backups: residual copies in encrypted backups are purged on our normal backup-rotation cycle (up to 90 days), after which they age out automatically.
10. Your rights and choices
Under PIPEDA and Alberta's Personal Information Protection Act — and, if you are a California resident, under the CCPA/CPRA to the extent it applies to you — you may have the right to access, correct, and obtain a copy of your personal information, to ask us to delete it, to withdraw consent, and (for California residents) to know what we collect and to direct us not to sell or share it (we do neither). You can:
- Access/export much of your data yourself anytime — Stackgenie provides one-click CSV/PDF export of your stack and ledger;
- Cancel your subscription yourself anytime from the Stripe customer portal (no contracts, no lock-in);
- Delete your account and data, or make any other privacy request, by emailing support@stackgenie.co.
To exercise any right, contact support@stackgenie.co. We will respond within the time required by applicable law. We will not discriminate or retaliate against you for exercising your rights.
If you have a concern we have not resolved, you may complain to the Office of the Privacy Commissioner of Canada (PIPEDA) or the Office of the Information and Privacy Commissioner of Alberta (Alberta PIPA).
11. Where your data is processed
Our production infrastructure is cloud-hosted (Supabase, Vercel, Stripe, Resend, and ImprovMX). Depending on their regions, your information may be processed in the United States and/or Canada. By using the Service, which is offered to customers in Canada and the United States, you understand your information may be processed in either country. We require our sub-processors to protect your information consistent with this policy.
12. Security (stated honestly)
We protect your data with:
- Tenant isolation using row-level security, so one organization cannot see another's data;
- Encryption in transit — every connection to the Service is over HTTPS;
- Encryption at rest — data is encrypted at rest (AES-256) by our database host, Supabase;
- managed, access-controlled cloud infrastructure provided by the vendors above (Supabase and Vercel).
Being straight with you: Stackgenie is a new product. We do not hold SOC 2 or any other formal security certification, and we will not claim one we don't have. No method of storage or transmission is perfectly secure, but we take reasonable steps to protect your information and will notify you and any regulator of a security breach as and when required by law.
13. Changes to this policy
If we make material changes, we will update the "Last updated" date and, where appropriate, notify you by email or in the app before the change takes effect.
14. Contact
Big Brands Inc. 9845 70 Street SE, Unit #110, Calgary, Alberta T2C 5X4, Canada Privacy contact: support@stackgenie.co