Privacy Policy

STACK BRANDS is a privately held multi-brand e-commerce company. This privacy policy applies to our corporate website at stack-brands.com and our internal operational platform at app.stack-brands.com, as well as any integrations and tools operated under the STACK BRANDS name.

For privacy inquiries, contact us at info@stack-brands.com.

We may collect the following categories of personal information:

• Identity data: name, email address, and job title for team members and authorized users.
• Usage data: IP address, browser type, pages visited, time and date of access, and navigation paths.
• Authentication data: login credentials managed via Google OAuth, scoped to authorized company accounts.
• Technical data: device information, operating system, and network connection details collected automatically via server logs.

We do not collect payment card data, financial account details, or sensitive personal data through this domain.

We use collected data exclusively for the following purposes:

• To operate, maintain, and secure our internal platform and tools.
• To authenticate and authorize access for team members.
• To monitor platform performance and diagnose technical issues.
• To comply with applicable legal obligations.

We do not sell, rent, or share personal data with third parties for marketing purposes.

Where the General Data Protection Regulation (GDPR) applies, we process personal data on the following legal bases:

• Legitimate interests (Art. 6(1)(f) GDPR): to operate and secure our internal tools and infrastructure.
• Contractual necessity (Art. 6(1)(b) GDPR): to provide access and services to authorized team members.
• Legal obligation (Art. 6(1)(c) GDPR): where required by applicable law.

We process personal data in accordance with applicable privacy laws in our jurisdiction.

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. Server log data is retained for a maximum of 90 days. Authentication session data is retained for the duration of the active session.

This platform integrates with the following third-party services, which may process data on our behalf:

• Google (OAuth): for authentication. Governed by Google's Privacy Policy.
• Supabase: for database and authentication infrastructure. Data is processed within the EU.
• Vercel: for platform deployment and delivery.

All third-party processors are bound by data processing agreements where required under GDPR.

Under applicable data protection law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to legal retention obligations.
• Object to or restrict processing in certain circumstances.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@stack-brands.com.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. Access to our internal platform is restricted to authorized personnel via authenticated sessions. All data in transit is encrypted using TLS.

STACK BRANDS integrates with the Pinterest API to enable authorized team members to manage Pinterest business accounts on behalf of our brands. In connection with this integration, we may receive and process the following data from Pinterest:

• Business account data: account ID, profile name, and account settings.
• Content data: Pins, boards, images, descriptions, and destination URLs.
• Analytics and performance metrics: impressions, clicks, saves, and engagement rates.

We use Pinterest data exclusively for the following internal purposes: to create, schedule, and publish Pins and boards on behalf of STACK BRANDS brand accounts; to analyze campaign and content performance; and to generate internal reports and dashboards.

We do not sell, rent, or share Pinterest-derived data with third parties. Pinterest data is not used for advertising targeting or shared with marketing partners.

Pinterest data is retained only as long as necessary for the operational purposes described above, and is protected with the same technical and organizational security measures described in Section 8 of this policy.

Authorized users may revoke Pinterest access at any time via Pinterest account settings (Settings > Security > Apps with access to your account) or by contacting us at info@stack-brands.com. Upon revocation, we will cease accessing Pinterest data and delete any stored Pinterest credentials.

For questions specifically about how we handle Pinterest data, contact us at info@stack-brands.com.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our platform following any changes constitutes acceptance of the revised policy.