What we collect, why we collect it, and what we don't do with it.
Last updated 2026-07-01
1. Data Controller
Stackryze (registered MSME, India) is the data controller for all personal information collected through any product or service operated under the Stackryze name. All data processing is conducted in accordance with the Information Technology Act, 2000, and applicable Indian data protection laws.
2. Information We Collect
We collect only what is reasonably necessary to operate each service securely. Depending on the product, this may include: information you provide at signup (display name, email, phone number with country code, full address); GitHub account information if you sign in with GitHub OAuth (scopes: read:user, user:email; we receive username, email, and public profile only — we do not access private repositories or code); service configuration data (DNS records, zone settings, hosted resources); and, in cases of abuse or elevated risk, additional identity verification (government-issued ID or proof of address), collected strictly for verification and abuse prevention. Automatically, we collect IP address, browser type and user-agent, service-level logs (DNS queries, request timestamps, access logs) for security and abuse prevention. We do not use advertising cookies or engage in behavioural profiling for marketing purposes.
3. Cookies and Third-Party Services
We use essential cookies for session persistence and authentication. We also use Google Analytics (gtag.js) on marketing surfaces for traffic analysis. Google Analytics may collect information about your device, browsing behaviour, and interactions; this data is subject to Google's Privacy Policy.
4. How We Use Information
We process your information under three legal bases: contract performance (account management, service delivery), legitimate interest (fraud prevention, abuse detection, service security), and legal obligation (compliance with applicable laws and court orders). Specifically, we use it to operate the products you sign up for, maintain platform security and prevent abuse, communicate about your account and service updates, comply with legal obligations, and investigate violations of our policies. We do not use your data for advertising, marketing, profiling, or commercial purposes. We do not sell, rent, or share your data with third parties for their commercial use.
5. Data Storage and Security
User data is stored in encrypted databases hosted on secure cloud infrastructure (see Section 9 for server locations). We use industry-standard encryption and access controls. In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of discovery where legally required, with information about the incident and remediation steps.
6. Data Retention
Active accounts: data is retained for as long as you actively use the service. Inactive or deleted accounts: data is retained for 90 days after account deletion or last activity, then permanently erased without recovery options. Technical logs: automatically deleted within 30 days, except where longer retention is required by law or active investigations. Once the 90-day retention period expires, data cannot be restored. We do not maintain backups of deleted user data beyond this period.
7. Data Sharing and Disclosure
We do not sell or rent personal information. We disclose data only when required by Indian law, court orders, or government authorities; when necessary to investigate abuse, fraud, or policy violations; when required to protect Stackryze's legal rights and interests; or when shared with trusted service providers under confidentiality agreements. Our service providers include MongoDB Atlas (database hosting), Oracle Cloud, DigitalOcean, and Hetzner (infrastructure and server hosting), Google Analytics (website usage statistics), and GitHub (OAuth authentication). These providers have access to your data only as necessary to perform their functions.
8. Abuse Handling and Enforcement
We reserve the right to review user data and accounts in response to verified abuse reports or legal complaints, suspected illegal activity or policy violations, and law enforcement requests or court orders. Stackryze may suspend or terminate services and share relevant data with authorities without prior notice when required by law or to prevent harm.
9. International Data Transfers
Our infrastructure includes servers in India (Oracle Cloud Hyderabad, DigitalOcean Bangalore) and Germany (Hetzner). Data is processed in these jurisdictions. By using our services, you consent to data transfer, storage, and processing in these regions. We implement appropriate safeguards including encryption in transit and at rest, and access controls.
10. User Rights
All users, regardless of location, may request access to your personal data, correction of inaccurate information, or deletion of your account and data. These rights are subject to applicable Indian law and the legal requirements of your jurisdiction. Contact privacy@stackryze.com or support@stackryze.com to exercise these rights. Requests may require verification of account ownership before processing. Response time: 5–10 business days. EU residents have additional rights under GDPR, including data portability (receive your data in JSON format), the right to restrict processing, and the right to object to processing.
11. Children's Privacy
Our services are not directed at children under 13. We do not knowingly collect personal data from minors. If we discover such data, we will delete it immediately.
12. Limitation of Liability for Data Incidents
While we implement industry-standard security measures, we cannot guarantee absolute protection against all threats. To the extent permitted by applicable law, Stackryze's liability for data incidents is limited to direct damages and does not include indirect, consequential, or punitive damages. This limitation does not apply where prohibited by law, including in cases of gross negligence or wilful misconduct.
13. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of India. Any privacy-related disputes shall be resolved exclusively in the courts of Andhra Pradesh, India.
14. Policy Updates
We may update this Privacy Policy periodically. Significant changes will be announced via the relevant product surface or by email. Continued use after updates constitutes acceptance of the revised policy.
15. Contact
Privacy inquiries: privacy@stackryze.com. General support: support@stackryze.com. Security issues: security@stackryze.com. Abuse reports: reportabuse@stackryze.com.
16. Acknowledgment
By using any Stackryze service, you acknowledge that you have read and understood this Privacy Policy; you consent to the data collection and processing practices described above; no absolute security guarantee exists for online platforms; and Indian law governs all data processing and privacy matters.