Privacy Policy

STACK BRANDS is a privately held multi-brand e-commerce operations company. This privacy policy applies to our corporate website at stack-brands.com, our internal operational platform at app.stack-brands.com, and any third-party API integrations operated under the STACK BRANDS name, including integrations with advertising and marketing platforms such as Pinterest, TikTok, Meta, and Google.

This policy applies to team members, authorized users, and any third-party platform that connects to our services via API or OAuth. For privacy inquiries, contact us at info@stack-brands.com.

We may collect the following categories of personal information:

• Identity data: name, email address, and job title for team members and authorized users.
• Usage data: IP address, browser type, pages visited, time and date of access, and navigation paths.
• Authentication data: login credentials managed via Google OAuth, scoped to authorized company accounts.
• Technical data: device information, operating system, and network connection details collected automatically via server logs.
• API-derived data: where we connect to third-party platforms via OAuth or API, we may receive account data, content data, and analytics metrics as permitted by the respective platform and described in the relevant integration section below.

We do not collect payment card data, financial account details, or sensitive personal data through this domain.

We use collected data exclusively for the following purposes:

• To operate, maintain, and secure our internal platform and tools.
• To authenticate and authorize access for team members.
• To monitor platform performance and diagnose technical issues.
• To manage and operate third-party advertising and marketing integrations on behalf of STACK BRANDS.
• To comply with applicable legal obligations.

We do not sell, rent, or share personal data with third parties for marketing purposes.

Where the General Data Protection Regulation (GDPR) applies, we process personal data on the following legal bases:

• Legitimate interests (Art. 6(1)(f) GDPR): to operate and secure our internal tools and infrastructure.
• Contractual necessity (Art. 6(1)(b) GDPR): to provide access and services to authorized team members.
• Legal obligation (Art. 6(1)(c) GDPR): where required by applicable law.

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. Server log data is retained for a maximum of 90 days. Authentication session data is retained for the duration of the active session. API-derived data is retained only as long as necessary for the operational purposes described in the relevant integration section.

This platform integrates with the following third-party services, which may process data on our behalf:

• Google (OAuth): for authentication. Governed by Google's Privacy Policy.
• Supabase: for database and authentication infrastructure. Data is processed within the EU.
• Vercel: for platform deployment and delivery.

All third-party processors are bound by data processing agreements where required under GDPR.

Under applicable data protection law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to legal retention obligations.
• Object to or restrict processing in certain circumstances.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@stack-brands.com.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. Access to our internal platform is restricted to authorized personnel via authenticated sessions. All data in transit is encrypted using TLS.

STACK BRANDS integrates with the Pinterest API to enable authorized team members to manage Pinterest business accounts on behalf of our brands. In connection with this integration, we may receive and process the following data from Pinterest:

• Business account data: account ID, profile name, and account settings.
• Content data: Pins, boards, images, descriptions, and destination URLs.
• Analytics and performance metrics: impressions, clicks, saves, and engagement rates.

We use Pinterest data exclusively for the following internal purposes: to create, schedule, and publish Pins and boards on behalf of STACK BRANDS accounts; to analyze campaign and content performance; and to generate internal reports and dashboards.

We do not sell, rent, or share Pinterest-derived data with third parties. Pinterest data is not used for advertising targeting or shared with marketing partners.

Pinterest data is retained only as long as necessary for the operational purposes described above, and is protected with the same technical and organizational security measures described in Section 8 of this policy.

Authorized users may revoke Pinterest access at any time via Pinterest account settings (Settings > Security > Apps with access to your account) or by contacting us at info@stack-brands.com. Upon revocation, we will cease accessing Pinterest data and delete any stored Pinterest credentials.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our platform following any changes constitutes acceptance of the revised policy.