Privacy Policy
Last updated: 10 May 2026
This page describes how Stakkr handles your personal data. It is written in plain English and reflects what the app actually does — no boilerplate disclaimers about practices we do not engage in.
Who runs Stakkr
Stakkr is run by an individual operator. Contact for any data protection question: help@stakkr.app.
What we collect
- Email address. Provided when you sign in via magic link, or imported from Google when you sign in with Google.
- Display name. Either typed by you in Settings or imported from Google on first sign-in.
- Your content. The stacks, lists, and items you create. This is the point of the app — it is stored so you can use it.
We do not collect, infer, or buy any other personal data. There are no analytics trackers, advertising IDs, marketing pixels, or third-party trackers in the app.
Sub-processors
- Supabase — hosts the database and handles authentication.
- Vercel — hosts the application.
- Google — only when you choose to sign in with Google. Otherwise Google is not involved.
Cookies
Stakkr uses strictly-necessary cookies only — specifically the Supabase authentication session cookie that keeps you signed in. There are no analytics, marketing, or third-party tracker cookies, so no cookie consent banner is required under UK PECR or EU ePrivacy rules.
Lawful basis (UK and EU GDPR)
We process your data on the lawful basis of performance of contract (Art. 6(1)(b)). Storing your email and your stacks/lists is necessary for us to provide the account and the service — there is no separate consent step because the processing is inherent to the service you are signing up for.
Your rights
Under UK GDPR and EU GDPR you have the following rights. The first four are self-serve inside the app; the rest can be invoked by emailing the contact above.
- Access. See your data inside the app, or use the export below.
- Rectify. Edit your display name and your content directly in the app.
- Erase. Self-serve from Settings → Danger Zone → Delete account. This is a hard delete with no grace period.
- Portability. Self-serve from Settings → Download my data. You receive a JSON file with everything you own.
- Object or restrict processing — email the contact above.
- Complain to a supervisory authority — in the UK, the Information Commissioner’s Office; in the EU, your local Data Protection Authority.
Retention
We keep your data for as long as your account exists. When you delete your account, all data you own is permanently destroyed in a single transaction — there is no soft-delete tier or grace period.
Changes to this policy
If we make material changes we will update the “Last updated” date at the top of the page. Substantive changes that affect how your data is handled will be flagged in-app or by email where appropriate.