Introduction

StackOptic (“we”, “us”, “our”) operates the website stackoptic.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

By using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

Data controller

For the purposes of data protection legislation, the data controller is:

StackOptic — a commercial product of Digiwings Agency, a trading name of Onur Sendere

34-35 Butcher Row, Shrewsbury, SY1 1UW, United Kingdom

Email: info@stackoptic.com

Information we collect

1. Automatically Collected Information

When you access our Service, we automatically collect certain information, including:

IP Address: Used for rate limiting, abuse prevention, and geographic analytics.
Browser Type & Version: To ensure compatibility and optimize user experience.
Device Information: Operating system, screen resolution, and device type.
Referring URLs: How you arrived at our website.
Pages Visited: Which pages you view and how long you spend on them.
Timestamps: Date and time of your visits and actions.

2. Information You Provide

We collect information you voluntarily provide, including:

Account Information: Via our authentication provider (Clerk): your name, email, and profile picture.
Contact Form Submissions: Name, email, and message content.
URLs Submitted for Analysis: Website addresses you enter.
reCAPTCHA Responses: Verification data to prevent automated abuse.

3. Payment Information

Payments are processed by Lemon Squeezy (a Stripe company), our Merchant of Record. We do not directly collect, store, or process your credit card or bank details. We only receive your subscription status, plan type, and customer identifier.

4. Query Logs

We maintain logs of analysis requests (analyzed domain, IP, timestamp, status) for service improvement, abuse detection, and aggregated analytics.

Legal basis for processing (GDPR / UK GDPR)

We process your personal data on the following legal bases:

Consent (Article 6(1)(a)): Cookies and third-party analytics. You can withdraw consent at any time.
Contract Performance (Article 6(1)(b)): To provide our website analysis service when you submit a URL.
Legitimate Interests (Article 6(1)(f)): Service security, rate limiting, fraud prevention, service improvement, aggregate analytics.
Legal Obligation (Article 6(1)(c)): To comply with applicable laws.

How we use your information

We use the information we collect for the following purposes:

Service provision: Analyze websites and display technology stack information.
Rate limiting: Prevent abuse and ensure fair access for all users.
Security: Detect and prevent fraud, spam, and malicious activity.
Communication: Respond to your inquiries submitted through our contact form.
Service improvement: Understand usage patterns and improve our Service.
Analytics: Generate anonymized, aggregated statistics about technology adoption trends.
Legal compliance: Comply with applicable laws, regulations, and legal processes.

Cookies and tracking technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

Essential Cookies

Required for basic website functionality, including theme preferences (light/dark mode). These cannot be disabled.

Analytics Cookies

We may use the following third-party analytics services:

Google Analytics 4: Website traffic analysis and user behavior insights.
Google Tag Manager: Managing tracking scripts.
Microsoft Clarity / Hotjar: Heatmaps and session recordings (if enabled).

Security Cookies

Google reCAPTCHA v2: Used to verify human users and prevent automated abuse.

Managing cookies: You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. Some features may not function properly without cookies.

Third-party services and data sharing

We share information with the following categories of third parties:

Service Providers

Clerk: Authentication and user management. Privacy Policy.
Lemon Squeezy (Stripe): Payment processing, subscription, tax, and invoicing. Privacy Policy.
Hosting providers: For website and database infrastructure.
Google (reCAPTCHA, Analytics, Gemini AI): Security verification, analytics, AI-powered analysis features.
CDN providers: Content delivery and performance optimization.

Affiliate Partners

Our Service contains affiliate links to third-party technology providers. We track aggregate click counts but do not share personal information with affiliate partners.

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Note: We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

Data retention

We retain your personal data only for as long as necessary:

Analysis results: Cached for 24 hours, then refreshed upon new requests. Historical domain data retained indefinitely for SEO pages.
Query logs: Up to 12 months for security and analytics.
Contact form submissions: Until resolved, then up to 24 months for record-keeping.
IP for rate limiting: In memory for 1 hour (sliding window), then auto-purged.

International data transfers

Your information may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA).

Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Transfers to countries with adequacy decisions
Binding Corporate Rules where applicable

Your rights (GDPR / UK GDPR)

Under data protection laws, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure: Request deletion of your personal data (“right to be forgotten”).
Right to restrict processing: Request limitation of how we use your data.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: At any time where processing is based on consent.
Right to lodge a complaint: With a supervisory authority (UK: ICO).

To exercise any of these rights, please contact us. We respond within 30 days.

California privacy rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

Right to know: Request disclosure of categories and specific pieces of personal information collected.
Right to delete: Request deletion of your personal information.
Right to opt-out: Opt out of the “sale” of personal information (we do NOT sell personal information).
Right to non-discrimination: We will not discriminate for exercising your rights.

To exercise your CCPA rights, contact us.

Data security

We implement appropriate technical and organizational measures to protect your personal data:

HTTPS encryption for all data in transit
Secure database storage with access controls
Password hashing using bcrypt with salt rounds
JWT-based authentication with token expiration
Rate limiting to prevent brute force attacks
Input validation to prevent injection attacks
Regular security reviews and updates

No method of transmission over the Internet is 100% secure. We strive to protect your personal data but cannot guarantee absolute security.

Children's privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information.

Do Not Track signals

There is currently no industry standard for handling Do Not Track (DNT) signals. Our Service does not currently respond to DNT signals, but we honor browser-level cookie preferences and consent choices.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we may provide additional notice.

Changes are effective immediately upon posting. You are advised to review this Privacy Policy periodically.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

StackOptic — Digiwings Agency

34-35 Butcher Row, Shrewsbury, SY1 1UW, United Kingdom

Email: info@stackoptic.com

Contact form

For UK data protection inquiries, you may also contact the Information Commissioner's Office (ICO).

Questions about your data? Contact us