stackd/cc
Share →
— Legal / Privacy

Privacy.

Updated June 13, 2026

stackd.cc lets you publish the AI tools you run, ranked, on a card. We collect as little as we can get away with. Here is exactly what we keep and why.

What we collect

When you create an account

Authentication is handled by Clerk. They store your email, profile name, and OAuth identities. We mirror only your Clerk user ID, your chosen handle, and an avatar URL into our own database. We do not store your email — we read it from Clerk when needed (for example, an admin-allowlist check).

When you publish a card

The card itself (display name, role, handle, ordered tool list, optional notes) is public by design. If you publish anonymously without signing in, a random 24-hour edit token is saved in your browser's localStorage so you can edit or delete the card during that window. After 24 hours the card locks.

When you love a stack anonymously

We derive a fingerprint by hashing your IP address and browser user-agent together with a server-side secret salt (SHA-256). That salted hash — never the raw IP — is stored as the anonymous voter key so your love can be counted once and un-toggled later. The raw IP and user-agent are not stored, and the hash can't be reversed without the salt.

Views, rate limits, abuse prevention

View counts and rate limits key off the same salted fingerprint (or your user ID when signed in). View dedup is a 30-minute in-memory window; rate-limit counters are in-memory on our API server and expire with their window. Nothing IP-derived is persisted beyond the anonymous love keys described above.

Email

There is currently no email digest and no newsletter signup on the site. If we ever launch one, this policy gets updated first. Any email address captured by an earlier signup form sits unused in our database until then — email stackdcc@proton.me to have it removed.

Analytics

If analytics is enabled, we use PostHog (US cloud) to count page views and a small set of product events. Session replay is disabled, autocapture is limited to link and button clicks (never form inputs), Do-Not-Track is respected, and anonymous visitors stay anonymous — person profiles exist only for signed-in users.

What we don't do

  • We don't sell your data.
  • We don't run ad networks or behavioral ad cookies.
  • We don't track you across other websites.
  • We don't send your email or handle to PostHog or any other third party.
  • We don't store your raw IP address — only the salted hash described above.

Cookies and local storage

  • Clerk session cookies — keep you signed in. Set only when you authenticate.
  • localStorage— your builder draft (so a refresh doesn't lose work) and the anonymous-card edit token. Both stay on your device.
  • PostHog cookie — an anonymous distinct ID for counting unique visitors, only if analytics is enabled. No PII.

Your rights

  • Sign in and use your dashboard to edit or delete any card you own, any time.
  • Anonymous cards: edit or delete within 24 hours from the same browser. After that, email stackdcc@proton.me with the card URL and we delete it for you.
  • Delete your account via Clerk's account controls — your cards cascade-delete with it.
  • Request a copy of everything we hold on you at stackdcc@proton.me. Usually a JSON dump within seven days.

Where data lives

  • AWS Lightsail — runs the stackd API and its Postgres database: cards, mirrored user rows, loves, tool suggestions.
  • Vercel — hosts the website; request logs are kept briefly for debugging. Their privacy policy.
  • Clerk — authentication and profile data. Their privacy policy.
  • PostHog (US cloud) — product analytics, if enabled. Their privacy policy.

Changes

We update the date at the top whenever anything material changes. If a change affects how your data is handled, we'll say so plainly on the site before it takes effect.

Contact

Privacy questions, data requests, deletions: stackdcc@proton.me. We aim to reply within 48 hours.

← HomeTermsAbout