Privacy Policy

DigitalStack ("we," "us," or "our") operates the platform available at digitalstack360.com and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

This policy applies to all users of the Service, including visitors to our marketing site, registered account holders, and administrators of team workspaces.

Information You Provide Directly

• Account information: When you create an account, we collect your name, email address, company name, and password (stored as a cryptographic hash).
• Billing information: Payment details are processed by Stripe. We store only billing metadata such as plan tier, invoice history, and the last four digits of payment cards. We never store full card numbers.
• Project content: Architecture diagrams, discovery documents, briefs, notes, uploaded files, and other content you create or upload while using the Service.
• Communications: Messages you send us via contact forms, support requests, or email.
• Survey and feedback responses you voluntarily submit.

Information Collected Automatically

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps, and error reports.
• Usage data: Feature interactions, click events, session duration, and navigation patterns within the application.
• Device information: Device type, screen resolution, and timezone.
• Cookies and similar technologies: See the Cookies section below.

Information from Third Parties

• Single Sign-On (SSO): If you authenticate via Google or another OAuth provider, we receive your name, email address, and profile picture from that provider.
• Payment processors: Stripe may share transaction status and fraud signals with us.

We use the information we collect for the following purposes:

• Providing, operating, and maintaining the Service
• Creating and managing your account and workspace
• Processing payments and managing subscriptions
• Personalizing your experience and delivering features relevant to your plan tier
• Powering AI-assisted features (see AI Processing section below)
• Sending transactional emails such as account confirmations, password resets, and billing receipts
• Sending product updates, feature announcements, and marketing communications (you may opt out at any time)
• Responding to support requests and inquiries
• Monitoring and improving Service performance, reliability, and security
• Detecting, investigating, and preventing fraudulent or unauthorized activity
• Complying with legal obligations
• Enforcing our Terms of Service

We rely on the following legal bases to process your personal data (where applicable under GDPR or similar legislation): performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), consent (marketing communications), and compliance with legal obligations.

We do not sell, trade, or rent your personal information to third parties. We may share information with the following categories of recipients:

• Service providers and sub-processors: We share data with trusted vendors who help us operate the Service, including cloud infrastructure (Supabase, Vercel), payment processing (Stripe), AI processing (Anthropic), email delivery, and analytics. These vendors are contractually required to protect your data and may not use it for their own purposes.
• Your workspace members: Content you create within a shared project workspace is accessible to other members of that workspace as determined by the workspace administrator.
• Business transfers: If DigitalStack is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.
• Legal requirements: We may disclose information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of DigitalStack, our users, or the public.
• With your consent: We may share information for any other purpose with your explicit consent.

We use cookies and similar tracking technologies to operate the Service, remember your preferences, and understand how users interact with our platform.

Types of cookies we use:

• Essential cookies: Required for the Service to function. These include authentication session cookies and security tokens. You cannot opt out of these without losing access to the Service.
• Functional cookies: Remember your preferences such as theme, sidebar state, and recently visited projects.
• Analytics cookies: Help us understand usage patterns and improve the Service. We use privacy-respecting analytics tools and do not use fingerprinting techniques.

You can control cookies through your browser settings. Disabling cookies may affect functionality of the Service. Our marketing site respects Do Not Track (DNT) browser signals.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data is retained until you delete your account.
• Project content is retained until you delete it or your account is deleted.
• Billing records are retained for seven years as required by applicable tax and accounting laws.
• Server logs are retained for up to 90 days for security and debugging purposes.
• Backup copies may be retained for an additional 30 days following deletion.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest using AES-256
• Access controls and role-based permissions for internal systems
• Regular security reviews and vulnerability assessments
• Bcrypt hashing for passwords
• Row-level security (RLS) in our database layer

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@digitalstack360.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information. If you believe we may have collected information from a child, please contact us at privacy@digitalstack360.com.

DigitalStack is operated from the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer personal data originating from the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.

DigitalStack uses AI models, including those provided by Anthropic (Claude), to power document generation, architecture analysis, and other intelligent features. When you use these features:

• Content you provide (project context, briefs, uploaded documents) is sent to Anthropic's API for processing.
• Anthropic processes this data in accordance with their own privacy policy and data processing agreements.
• We do not use your project content to train AI models without your explicit consent.
• AI-generated output is stored in your workspace and subject to the same retention and deletion policies as other content.
• You retain ownership of content you create and AI-generated content produced from your inputs.

We encourage you to avoid entering highly sensitive personal data (such as social security numbers, health records, or financial account credentials) into AI-powered fields.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service prior to the change becoming effective. We will update the effective date at the top of this page.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.