Stacktic is an insights engine for a company's software stack. It gives operators one source of truth for the tools an organization uses, the people who can reach them, and the cost and security signals that come with them. This Privacy Policy explains what information Stacktic collects, how we use and protect it, and the choices you have — including data we access through Google Workspace APIs.
This policy applies to the Stacktic web application and the Stacktic marketing site at stacktic.app. In this document, "Stacktic," "we," "us," and "our" refer to Stacktic, LLC. "You" refers to the person or organization using Stacktic.
01Information we collect
Information you provide
When you sign in to Stacktic, we use Google Sign-In and receive your basic profile information — your name, email address, and profile image — to create and secure your account. If you contact us or join our waitlist, we collect the email address and any information you choose to share.
Information from your connected Google Workspace
A Google Workspace administrator can connect their organization's Workspace to Stacktic. This is an explicit, one-time authorization that the administrator initiates from within Stacktic. When connected, Stacktic reads administrative directory and reporting data to build your tool registry, user directory, access map, and signals. We request the narrowest set of read-only scopes needed to do this, and we never request write access to your Workspace. See Section 03 for the specific data and how we use it.
Information we collect automatically
Like most web applications, we log basic technical information — IP address, browser type, pages requested, and timestamps — to operate the service, maintain security, and diagnose problems. We use strictly necessary cookies to keep you signed in. We do not use advertising cookies or sell your browsing activity.
02How we use information
We use the information we collect to:
- Provide, maintain, and secure the Stacktic service and your account.
- Build and keep current your tool registry, user directory, and access map.
- Generate cost, access, lifecycle, and security signals about your software stack.
- Notify the right people about signals and offboarding tasks — for example, in Slack or by email.
- Respond to your requests, provide support, and send service-related communications.
- Detect, prevent, and address fraud, abuse, security, and technical issues.
- Comply with legal obligations and enforce our terms.
We do not sell your personal information, and we do not use it to serve advertising.
03Google Workspace API data and Limited Use
When an administrator connects Google Workspace, Stacktic accesses the following categories of data through Google's read-only administrative APIs. Each is used only to power a specific Stacktic feature:
- Directory users (admin.directory.user.readonly) — employee names, email addresses, last sign-in time, and department, to build your user directory and detect dormant accounts.
- User security tokens (admin.directory.user.security) — the third-party OAuth applications each user has authorized, to discover the tools in your stack and map who can reach them.
- Domains (admin.directory.domain.readonly) — the domains attached to your Workspace, to label your primary domain.
- Groups and membership (admin.directory.group.readonly, group.member.readonly) — group names and membership, to support access mapping and team structure.
- License assignments (apps.licensing) — which Workspace license each user holds, to surface paid-but-unused seats as a cost signal.
- Audit and login reports (admin.reports.audit.readonly) — sign-in and application authorization events, to show last-login activity and detect inactive access.
Limited Use. Stacktic's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In particular: we use Google Workspace data only to provide and improve the Stacktic features described above; we do not transfer or sell this data to third parties for advertising, resale, or any other unrelated purpose; we do not use it for personalized advertising; and no humans read this data except (a) with your explicit consent, (b) as needed for security purposes such as investigating abuse, or (c) to comply with applicable law. We do not use Google Workspace user data to train generalized or non-personalized artificial intelligence or machine learning models.
04How we share information
We share information only in these limited circumstances:
- Within your organization. Data from your connected Workspace is visible to authorized members of your Stacktic account, and Stacktic surfaces signals to the relevant people in your organization (for example, a tool owner in Slack).
- Service providers. We use a small number of vendors to run Stacktic — cloud hosting and databases (Amazon Web Services), transactional email, and Slack messaging where you enable it. These providers process data only on our instructions and under contract.
- Legal and safety. We may disclose information if required by law, or to protect the rights, property, or safety of Stacktic, our users, or the public.
- Business transfers. If Stacktic is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
05Data retention
We retain information for as long as your account is active or as needed to provide the service. When you disconnect a Google Workspace connection or delete your account, we delete or de-identify the associated Google Workspace data within a reasonable period, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.
06Data security
We protect data in transit with TLS and encrypt sensitive data — including stored OAuth refresh tokens — at rest. Access to production systems is restricted to authorized personnel and logged. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard safeguards.
07Your choices and rights
You can control your data in several ways:
- Disconnect Workspace. A Workspace administrator can disconnect the Google connection at any time from Stacktic's integrations settings, which stops further data access.
- Revoke access in Google. You can review and revoke Stacktic's access directly from your Google Account permissions page.
- Access, correct, or delete. You may request a copy of your personal information, ask us to correct it, or ask us to delete it, subject to legal limits.
Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA. You can exercise the core of these rights directly through the disconnect and revoke controls described above.
08International data transfers
Stacktic is operated from the United States, and information we process may be stored and handled in the United States. If you access Stacktic from outside the United States, you understand that your information may be transferred to and processed in a country with different data-protection laws than your own.
09Children's privacy
Stacktic is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
10Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of Stacktic after an update means you accept the revised policy.