Privacy Policy
Effective date: 1 March 2026 · Last updated: 7 March 2026
This Privacy Policy describes how StackNest ("we", "us", or "our") collects, uses, and shares information when you use our website and AI plugin generation service (the "Service"). We are committed to handling your information with care and transparency.
1. Information We Collect Updated
Usage data collected automatically:
- IP address (used for rate limiting and fraud prevention; not stored longer than 24 hours in memory).
- HTTP request metadata (method, path, status code, timestamp) for server diagnostics.
- API key identifier (for Pro/Studio users) to enforce plan limits.
Account information (required to use the Service):
- Email address — used to identify your account and enforce monthly generation limits.
- Password — stored as a one-way bcrypt hash. We never store your plaintext password.
- Subscription tier (Free, Pro, or Studio) and billing status.
Content you provide:
- Plugin descriptions ("prompts") you type into the generator.
- Plugin name and configuration options you select (type, features, target API).
We do not collect:
- Payment card details — handled entirely by Stripe (see Section 6).
- Cookies or browser tracking identifiers.
- Your real name or postal address.
2. How We Use Your Information
- To provide the Service: Your prompt is transmitted to one of our third-party AI providers depending on your plan tier (see Section 6). Prompts are not stored by StackNest after your session ends, however they are subject to the data handling policies of the relevant AI provider.
- Account management: Your email address is used to authenticate your account, send essential transactional emails (e.g. password reset, subscription confirmation), and enforce plan limits.
- Rate limiting: Your IP address is temporarily held in memory to enforce free-tier limits. It is not written to disk or associated with personally identifiable information.
- Service improvement: We may analyse anonymised, aggregated prompt patterns (e.g., "most-requested plugin types") to improve generation quality. No individual prompt is stored or attributable to you.
- Security and fraud prevention: Server logs may retain request metadata for up to 7 days to investigate abuse.
3. How We Share Your Information
We do not sell, rent, or trade your information. We may share information only in these limited circumstances:
- Legal requirements: If required by law, court order, or governmental authority.
- Protection of rights: To enforce our Terms of Service or protect the safety of our users or the public.
- Business transfer: In the event of a merger or acquisition, your information may transfer to the successor entity, subject to the same privacy protections.
4. Data Retention
- Prompts: Not retained after your request is completed.
- IP addresses (rate limiting): Cleared from memory every 24 hours.
- Server access logs: Retained for up to 7 days, then deleted.
- Email address and account data: Retained for as long as your account is active, then deleted within 30 days of account deletion request.
- Pro/Studio API keys: Stored securely in a hashed format for as long as your subscription is active, then deleted within 30 days of cancellation.
5. Cookies and Tracking
StackNest does not use cookies, web beacons, pixel trackers, or any third-party analytics scripts (e.g., Google Analytics). The Service loads web fonts from Google Fonts; please refer to Google's Privacy Policy for how font requests are handled.
We may use a single session cookie strictly necessary for keeping you logged in to your account. This cookie contains no tracking identifiers and expires when you close your browser or log out.
6. Third-Party Service Providers Updated
StackNest uses the following third-party processors to deliver the Service. By using StackNest you acknowledge your prompts and generated code may be transmitted to these providers as described:
Anthropic (Claude API)
Used for plugin generation on Pro and Studio plans.
Your prompt is sent to Anthropic's API to generate plugin code. Anthropic does not use API inputs to train their models by default.
Google (Gemini API)
Used for plugin generation on the Free plan and for Pay As You Go credit purchases.
Your prompt is sent to Google's Gemini API. Please review Google's API data usage terms for details on how prompts are handled.
Moonshot AI (Kimi K2.5 API)
Used for deep code validation on Pro and Studio plans.
Generated code (not your original prompt) is sent to Kimi K2.5 for validation and error analysis.
Stripe
Used for payment processing on Pro, Studio, and Pay As You Go purchases.
StackNest never sees or stores your card details. All payment data is handled directly by Stripe, which is PCI-DSS Level 1 certified and used by millions of businesses worldwide.
Google Fonts
Web fonts are loaded from Google's CDN on page load. This involves a network request to Google servers which may log your IP address.
We do not use Google Analytics, Meta Pixel, or any other behavioural tracking or advertising tools.
7. Security
We take reasonable technical and organisational measures to protect the Service and any information processed by it, including bcrypt password hashing, HTTPS-only transmission, and restricted database access. However, no internet transmission is completely secure. Use the Service at your own risk and do not submit prompts containing sensitive personal information.
8. Children's Privacy Updated
The Service is not directed at children under 13. Users between the ages of 13 and 17 may use the Service with the awareness and consent of a parent or guardian. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted personal information to us, please contact us at hello@stacknest.dev and we will delete it promptly.
9. Your Rights (UK / EEA Users)
If you are located in the United Kingdom or European Economic Area, you have rights under applicable data protection law (UK GDPR / GDPR), including:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your account and associated data.
- Right to restrict processing — ask us to limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
To exercise any of these rights, contact us at hello@stacknest.dev. We will respond within 30 days.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will note the updated effective date at the top of this page. For material changes, we will notify registered users by email. Continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact
Questions about this Privacy Policy or your data may be directed to hello@stacknest.dev.
See also: Terms of Service