D
daemonstack
← Home

Privacy Policy

Last updated: May 20, 2026

1. What we collect

  • Account data: email, password (hashed), name (optional)
  • Onboarding answers: stack, role, pain points, goals (the 10 questions)
  • Generated content: Starter Packs you create, community posts and answers
  • Payment data: handled entirely by Stripe. We store only the Stripe ID and status.
  • Analytics: anonymous usage data via Vercel Analytics (no cookies, no personal data)

2. What we don't collect

  • Credit card details (Stripe handles)
  • Your code or repositories
  • Your Claude conversations or API keys
  • Browser fingerprints or cross-site tracking

3. Why we collect it

  • To authenticate you and serve your dashboard
  • To generate custom Starter Packs based on your profile
  • To track your progress in the course
  • To provide the Community feature
  • To process your one-time payment
  • To send transactional emails (account confirmation, receipt, pack delivery)

4. Where it lives

Account data, onboarding answers, generated packs and community content are stored in Supabase (region: South America). Payments are processed and stored by Stripe (PCI-DSS compliant).

5. Who has access

Only Daemonstack staff (currently 1 person - the founder) has access to user data, exclusively to operate the Service.

We don't sell, rent, or trade your data. We don't share with third parties except infrastructure providers (Supabase, Stripe, Vercel, Resend) needed to run the Service.

6. Cookies

We use minimal cookies, all functional, no tracking:

  • Session cookie: keeps you logged in (set by Supabase auth)
  • Locale cookie: remembers your language preference (en/pt)

We do not use third-party tracking cookies.

7. Your rights (LGPD / GDPR)

You have the right to:

  • Access the data we have about you
  • Correct inaccurate data
  • Request deletion of your account and all data
  • Export your data in a machine-readable format
  • Withdraw consent at any time

To exercise any of these rights, email us through the contact link in the footer. We'll respond within 15 days.

8. Retention

Account data is retained while your account is active. If you delete your account, we remove all personal data within 30 days. Aggregated anonymous statistics may be retained indefinitely.

9. Security

We use industry-standard practices: HTTPS everywhere, encrypted storage, role-based access (RLS), strong password hashing. We don't guarantee perfect security - no service can - but we take reasonable measures.

10. Children

The Service is not intended for users under 18. If we discover an underage user, we will delete the account.

11. Changes

We may update this Policy. Material changes will be notified by email or via the Service.

12. Contact

Privacy questions? Email us through the contact link in the footer. We are based in São Paulo, Brazil.