LEGAL
PlantStacks — Privacy Policy
Last updated: 17 June 2026 · Version 2.0 (US / North Carolina)
This Privacy Policy explains how PlantStacks, LLC ("we", "us") collects and uses personal information in connection with our website plantstacks.com and the sale and support of PlantStacks. It is written for the United States and includes the disclosures required by the California Consumer Privacy Act (CCPA/CPRA) and similar US state privacy laws.
1. The most important point (self-hosted)
PlantStacks is self-hosted. The operational data you put into your PlantStacks installation — your inventory, your own users, your files — stays on your own hardware and never reaches us. For that data, you are responsible as the controller/business; see the Data Processing Addendum. This policy covers only the limited personal information we handle to run our business with you.
2. Information we collect
| Category | Examples | Source |
|---|---|---|
| Account & trial data | name, work email, company, state/country | you, at signup/trial |
| Billing data | billing name, address, tax ID, subscription/plan, invoices | you / Stripe |
| Payment data | card details are collected and processed by Stripe; we receive only limited tokens/metadata | Stripe |
| Support data | messages, tickets, and any info you share when contacting support | you |
| Website/usage data | IP, device/browser, pages viewed, cookie identifiers (see Cookie Policy) | automatically |
| License data | customer name, plan, seats, expiry contained in issued licenses | generated by us |
We do not intentionally collect sensitive personal information, and we do not sell or "share" personal information for cross-context behavioral advertising.
3. How we use it
To provide the Service, licenses, and support; to take payment and prevent fraud; to send service, trial-reminder, and renewal emails; to send marketing emails (only with consent, opt-out anytime); to secure and improve our site; and to comply with legal and accounting obligations.
4. How we share it
We share personal information only with service providers who help us operate: Stripe (payments/billing), our email/hosting providers (e.g. Resend for email), and analytics (if enabled). These act as our service providers and are contractually limited. We may disclose where required by law. We do not sell your personal information.
5. Your US privacy rights
Depending on your state (e.g. California, Virginia, Colorado, Connecticut, Texas, and others), you may have rights to know/access, delete, correct, and port your personal information, to opt out of sale/"sharing"/targeted advertising (we do none of these), and to non-discrimination for exercising your rights. To exercise any right, email support@plantstacks.com; we will verify and respond within the time your state law requires. You may appeal a denial by replying to our response.
6. Retention
We keep account, billing, and license records while you are a customer and then as required for legal/accounting purposes (generally up to 7 years for financial records). Trial and prospect data is kept for a reasonable period and then deleted or de-identified.
7. Security
We use appropriate technical and organizational measures to protect the personal information we hold. No method is perfectly secure; you are responsible for securing your own self-hosted installation.
8. Children
The Service is for business users; we do not knowingly collect information from anyone under 18 (or under 13 under COPPA).
9. International users (EEA, UK, and other regions)
PlantStacks is a US company and only processes a limited set of account, billing, trial, support, and marketing data — your operational data stays on your own self-hosted installation and never reaches us. If you are in the EEA, the UK, or another region with cross-border data rules, that limited data may be transferred to and processed in the United States. For individuals protected by the EU GDPR or UK GDPR:
- our lawful bases are performance of a contract (providing the Service), our legitimate interests
- you have rights of access, rectification, erasure, restriction, portability, and objection, and you
- where required, international transfers rely on appropriate safeguards (e.g. the Standard
(operating and securing the business), and your consent (e.g. marketing/analytics cookies);
may lodge a complaint with your supervisory authority;
Contractual Clauses). To exercise any right, email support@plantstacks.com. _(International privacy obligations vary — have an attorney confirm GDPR/UK-GDPR specifics, SCCs, and any EU/UK representative requirement before you market into those regions.)_
10. Changes & contact
We may update this policy; the dated version on plantstacks.com is current. Controller/business: PlantStacks, LLC, [BUSINESS ADDRESS], Hickory, NC, support@plantstacks.com.
_Template, not legal advice. Have a US privacy attorney review before relying on it, especially the state-specific rights._
Document version: privacy-1f8dcdf8