StackProof
STACKPROOF

Legal

Privacy Policy

Last updated: 2026-05-11

This Privacy Policy explains how StackProof ("we", "us") collects, uses, and protects information when you use stackproof.app. It is written to be readable by the engineers who use the product. If anything is unclear, email hello@stackproof.app.

What we collect

We collect only the data needed to deliver the service. That falls into four categories:

  • Account information. Email address, account identifiers from your authentication provider (such as GitHub), and authentication tokens necessary to call APIs on your behalf with the scopes you grant.
  • GitHub data you authorize. Repository metadata, commit history, file contents, and pull request data for the repositories you select for analysis. Scope is limited to what each scan requires.
  • Analysis output. Reports, skill graphs, seniority assessments, and interview questions we generate for you. These belong to your account.
  • Operational telemetry. Device, browser, IP address, page interaction events, and error reports. We use PostHog for product analytics, Sentry for error monitoring, and Vercel for hosting telemetry. Each is scoped to operations and abuse prevention.

What we do not collect

  • We do not store your source code on our servers after analysis completes.
  • We do not train any models on your code or commit history.
  • We do not sell data to third parties.
  • We do not collect or process payment card numbers directly. Payment information is handled by our payment processor (Stripe).

How analysis works

When you authorize a scan, the selected repository is cloned into an isolated, single-tenant container. Two frontier large language models (currently Claude Opus 4.6 and Codex 5.3) analyze the contents inside that container. A reconciler service cross-validates findings. The resulting report is written to your account, the container is destroyed, and the cloned source files are deleted. This sequence is what we mean by "ephemeral processing".

Reports we generate for you are stored encrypted at rest using AES-256. You control the retention window and can delete any report at any time from your dashboard. Account deletion removes all reports and account data within thirty days.

How we use the data

  • To deliver the scans, reports, and interview preparation you request.
  • To send service notifications (such as scan completion or billing receipts).
  • To improve product quality through aggregated, anonymized analytics.
  • To detect, prevent, and investigate abuse or security incidents.

Third-party processors

We use a small number of sub-processors. Each has its own privacy commitments which we audit before integration.

  • Vercel (hosting and edge network).
  • Anthropic (model inference for Claude Opus).
  • OpenAI (model inference for Codex).
  • Google (model inference for Gemini).
  • Stripe (payments).
  • PostHog (product analytics).
  • Sentry (error monitoring).

When you select the Lifetime BYOK plan, you provide your own API keys to Anthropic, OpenAI, and Google. In that mode your scan requests are routed directly to those providers under your account, and the providers' data policies apply.

Your rights

Depending on where you live, you have one or more of the following rights regarding your data: access, correction, deletion, export, and objection to processing. Send a request to hello@stackproof.app and we will respond within thirty days. We do not require account creation to receive a deletion request, only enough identifying information to locate your data.

International transfers

StackProof is operated from the United States. Our sub-processors operate globally. By using the service you consent to your data being processed in countries that may not provide the same level of legal protection as your country of residence.

Children

StackProof is intended for professional developers. We do not knowingly collect data from people under sixteen years of age.

Changes to this policy

We will post any material changes to this page and update the "Last updated" date. For changes that materially reduce your rights, we will provide at least thirty days advance notice via email to the address on your account.

Contact

Privacy questions, deletion requests, and security disclosures: hello@stackproof.app.

This document is provided as a working draft. It reflects our current operating practices. It is not a substitute for legal review. We are completing a formal counsel-reviewed revision and will replace this page on publication.