Last updated: April 6, 2026
Account Data: Name, email, password (encrypted), business information, and role.
Usage Data: Pages visited, features used, interactions with AI tools, and performance metrics.
Social Media Data: When you connect social accounts, we access account info, content, and analytics as authorized by you.
Lead Data: Business information scraped from public sources (Google Maps, public websites).
We use your data to: provide and improve the Service, generate AI-powered content and recommendations, manage social media on your behalf, send outreach messages you authorize, generate reports and analytics, and communicate with you about your account.
Data is stored in Supabase (PostgreSQL) with encryption at rest. Social media tokens are stored securely and expire after 60 days. We use HTTPS for all data transmission. Passwords are hashed and never stored in plain text.
Content you input may be processed by third-party AI services (Anthropic Claude, OpenAI) to generate scripts, recommendations, and other outputs. We do not use your data to train AI models. AI-generated content is not stored by third-party providers beyond the request lifecycle.
When you connect social accounts via OAuth, we only request permissions needed to manage your accounts. You can revoke access at any time from the Socials page or directly from the platform. DM outreach requires explicit opt-in and is off by default.
We do not sell your data. We share data only with: payment processors (Stripe) for billing, AI providers for content generation, social media platforms you authorize, and as required by law.
You can: access your data, request deletion of your account and data, export your data, revoke social media connections, opt out of AI-powered outreach, and update your privacy settings at any time from your portal.
We use essential cookies for authentication and preferences (theme, sound settings). We do not use tracking cookies or third-party advertising cookies.
Account data is retained while your account is active. Upon deletion request, data is removed within 30 days. Anonymized analytics may be retained for service improvement.
For privacy questions or data requests, contact growth@shortstack.work.
ShortStack Agency | shortstack.work