PRIVACY POLICY
INTRODUCTION
Stack8 Systems Inc. ("Stack8," "we," "us," or "our") operates an AI-powered IT operations platform designed for managed service providers (MSPs) and IT teams. This Privacy Policy describes how we collect, use, disclose, and protect information when you access our platform at stack8.ai, use our services, or interact with our AI agent system.
By using our platform, you acknowledge that you have read and understood this Privacy Policy. If you are an MSP using Stack8 to manage your clients' IT environments, you are responsible for ensuring your end users are informed about the data processing described herein.
INFORMATION WE COLLECT
Account Information
- Name, email address, and organization name provided during registration
- Authentication credentials and identity data from Microsoft Azure AD / Entra ID when you connect your Microsoft 365 tenant
- Billing information including payment method details processed through Stripe (we do not store full card numbers)
Endpoint and Device Data
- Device identifiers, hostnames, operating system versions, and hardware specifications collected via our RMM (Remote Monitoring and Management) agent
- System telemetry including CPU utilization, memory usage, disk capacity, and network statistics
- Installed software inventory, patch status, and security posture data
- Command execution logs and output from remote management sessions
Helpdesk and Communication Data
- Support ticket content, including messages submitted via Slack, Microsoft Teams, Telegram, or email
- Conversation history with our AI agent ("Ethan"), including automated triage, diagnosis, and resolution data
- Channel metadata such as timestamps, user identifiers, and message threading information
Microsoft 365 Integration Data
- User directory information from Azure Active Directory (names, emails, group memberships, license assignments)
- Identity management actions such as password resets and account status changes performed through the platform
Usage and Log Data
- IP addresses, browser type, device type, and access timestamps
- Pages visited, features used, and interaction patterns within the platform
- API call logs and error reports
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
- Service Delivery -- To operate, maintain, and improve the Stack8 platform, including AI-powered ticket resolution, endpoint monitoring, patch management, and security operations
- AI Processing -- To power our autonomous AI agent system, which triages, diagnoses, and resolves IT issues. Ticket content and device telemetry are processed by large language models to generate resolutions
- Identity Management -- To execute identity operations (password resets, account provisioning) on your Microsoft 365 tenant when authorized by your administrators
- Billing -- To process subscription payments, generate invoices, and manage your billing account through Stripe
- Security -- To detect, investigate, and respond to security incidents, unauthorized access, and policy violations across managed environments
- Communications -- To send service notifications, system alerts, and operational updates relevant to your managed IT environment
- Improvement -- To analyze usage patterns and improve platform features, AI model accuracy, and operational workflows
INFORMATION SHARING AND DISCLOSURE
We do not sell your personal information. We may share information in the following limited circumstances:
- AI Model Providers -- Ticket content and contextual data are sent to third-party large language model providers (currently Google Gemini) for AI processing. This data is transmitted via API and is subject to the provider's data processing terms
- Payment Processor -- Billing and payment data is processed by Stripe, Inc. in accordance with their privacy policy and PCI DSS compliance
- Cloud Infrastructure -- Our platform runs on Google Cloud Platform (GCP). Data is stored and processed in GCP data centers in the United States
- Microsoft -- When you connect your Azure AD tenant, identity operations are executed via the Microsoft Graph API under the permissions you grant
- Communication Platforms -- When you use Slack, Microsoft Teams, or Telegram integrations, message data passes through those platforms' infrastructure
- Legal Requirements -- We may disclose information if required by law, subpoena, court order, or governmental request, or to protect the rights, property, or safety of Stack8, our users, or the public
- Business Transfers -- In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction
DATA SECURITY
We implement technical and organizational measures designed to protect your data, including:
- Encryption in transit (TLS 1.2+) for all platform communications
- Encryption at rest for stored data in our database and cloud infrastructure
- HMAC signature verification on all webhook endpoints (Stripe, Slack, Telegram)
- Role-based access control within the platform, with separate MSP administrator, technician, and viewer roles
- Bearer token authentication for all API endpoints
- Secrets management via Google Cloud Secret Manager for all credentials and API keys
- Minimal data retention principles -- we collect only what is necessary to deliver the service
While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
COOKIES AND TRACKING
Our platform uses the following technologies:
- Authentication Tokens -- Stored in browser localStorage to maintain your login session. These are essential for platform operation
- Session Data -- We store minimal session information required to route you to the correct workspace and maintain application state
We do not use third-party advertising cookies or cross-site tracking technologies. We do not participate in ad networks or sell data to advertisers.
DATA RETENTION
We retain your data for as long as your account is active or as needed to provide services. Specific retention periods include:
- Account Data -- Retained for the duration of your subscription and up to 30 days after account closure
- Helpdesk Tickets -- Retained for the duration of your subscription for historical reference and audit purposes
- Device Telemetry -- Rolling retention based on your subscription tier; older telemetry data is automatically purged
- Billing Records -- Retained as required by applicable tax and financial reporting laws
- Audit Logs -- Retained for a minimum of 12 months for security and compliance purposes
Upon account termination, we will delete or anonymize your data within 30 days, except where retention is required by law.
YOUR RIGHTS
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access -- Request a copy of the personal data we hold about you
- Correction -- Request correction of inaccurate or incomplete data
- Deletion -- Request deletion of your personal data, subject to legal retention obligations
- Portability -- Request an export of your data in a machine-readable format
- Objection -- Object to certain types of processing, including AI-based automated decision-making
- Withdrawal of Consent -- Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at support@stack8.ai. We will respond to verified requests within 30 days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.
CHILDREN'S PRIVACY
Stack8 is a business-to-business platform designed for IT professionals and managed service providers. Our services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at support@stack8.ai.
INTERNATIONAL DATA TRANSFERS
Our platform is hosted in the United States on Google Cloud Platform. If you access our services from outside the United States, your data will be transferred to and processed in the United States. By using our platform, you consent to this transfer. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Effective Date" at the top of this page. For significant changes, we may also notify you via email or through an in-platform notification. Your continued use of the platform after any changes constitutes acceptance of the updated policy.
CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
Stack8 Systems Inc.
Jacksonville, FL, United States
Email: support@stack8.ai
Web: stack8.ai