BackFiveStack

Privacy Policy

Last updated: February 17, 2026

1. Introduction

This Privacy Policy describes how FIVE STACK ("we", "us", "our"), operating FIVE STACK at fivestacks.dev, collects, uses, and protects your personal information. We are committed to safeguarding your privacy in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

Account Information:

  • Email address (via Discord OAuth)
  • Display name and profile picture
  • Authentication provider ID

Usage Data:

  • Projects and generated code (stored securely in our database)
  • Chat messages and prompts sent to AI models
  • Credit usage history (model used, credits consumed, timestamp)
  • Subscription and billing status

Technical Data:

  • Browser type and version
  • IP address
  • Device information
  • Cookies and session data

3. How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To process payments and manage subscriptions (via Paddle)
  • To track credit usage and enforce plan limits
  • To send AI generation requests to third-party model providers
  • To improve the Service and fix bugs
  • To communicate important updates about the Service
  • To prevent fraud and abuse

4. Third-Party Services

We share data with the following third-party services:

  • Clerk - Authentication (email, profile data)
  • Supabase - Database hosting (all user data, projects, messages)
  • Paddle - Payment processing (email, billing information). Paddle acts as our Merchant of Record and has its own Privacy Policy
  • AI Model Providers (via OpenRouter) - Your prompts and design inputs are sent to AI models for code generation. We do not send personal account data to AI providers.
  • Vercel - Application hosting

5. Data Retention

We retain your account data and projects for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Anonymized usage statistics may be retained for analytical purposes. Payment records are retained as required by applicable tax and accounting laws.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate personal data
  • Erasure - Request deletion of your personal data
  • Portability - Receive your data in a machine-readable format
  • Restriction - Restrict processing of your data
  • Objection - Object to processing of your data

To exercise any of these rights, contact us at contact@fivestacks.dev. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function. We do not use advertising or tracking cookies. Third-party services (Clerk, Paddle) may set their own cookies as described in their respective privacy policies.

8. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), secure authentication via OAuth providers, and database-level access controls with Row Level Security (RLS). However, no method of transmission over the internet is 100% secure.

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we become aware of such data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, contact us at contact@fivestacks.dev.

Terms of Service|Refund Policy|Pricing|Imprint