Productstack
Log inStart free
Draft, pending legal review.

This document is a working scaffold and not yet binding. Counsel must review every section before this page goes live or is linked from any sign-up flow.

Privacy Policy

Effective 2026-06-01

This Privacy Policy explains how Productstack, Inc. (“Productstack”, “we”, “our”) collects, uses, discloses, and protects personal data when you visit our website, sign up for an account, or use the Productstack platform (collectively, the “Service”).

1. Data we collect

1.1 Account data

When you create a Productstack account, we collect your name, email address, organization name, and any profile details you provide.

1.2 Workspace content

Productstack stores the content you and your team create inside a workspace, objectives, roadmap cards, ideas, releases, knowledge base articles, comments, and feedback, and the metadata required to render and search it.

1.3 End-user data

If you embed our widget or publish a public page, we collect data from the visitors who interact with it: pseudonymous visitor IDs, page views, votes, comments, and any feedback they submit. Where you configure the widget to identify users, we store the identifier you provide.

1.4 Usage and device data

We collect logs, IP addresses, browser type, device identifiers, and usage events necessary to operate, secure, and improve the Service.

1.5 Payment data

Billing details are processed by our payment processor. We receive only the metadata required to manage your subscription, we never store full card numbers.

2. How we use data

  • To provide, secure, and improve the Service.
  • To authenticate users and enforce access controls.
  • To send transactional messages (account verification, billing receipts, security alerts) and, where you opt in, product updates.
  • To generate AI suggestions inside your workspace, using the workspace content you submit. Workspace content is not used to train shared models.
  • To comply with legal obligations and enforce our Terms.

3. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on: contract performance (to deliver the Service), legitimate interests (to secure and improve the Service), consent (for optional marketing), and legal obligations (where applicable).

4. Sharing

We share personal data only with: (a) subprocessors who operate the Service under contract (hosting, email delivery, payment processing, AI model providers); (b) authorities where required by law; and (c) acquirers in the event of a merger or sale, subject to equivalent privacy commitments. A current subprocessor list is available on request and in our DPA.

5. International transfers

Personal data may be processed outside the country in which it was collected. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

6. Retention

Account and workspace data is retained for the life of the subscription and deleted within 30 days of account closure, except where we are required to retain it longer to comply with law. Aggregated, non-identifying data may be retained indefinitely.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, email privacy@productstack.io. We will respond within the timeframe required by law.

California residents may also have rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and the right to opt out of any sale or sharing. We do not sell personal information.

8. Cookies

We use a small number of strictly-necessary cookies to authenticate sessions, plus optional analytics cookies if you consent. You can manage cookie preferences in your browser and, where applicable, through the consent banner shown on first visit.

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal data. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

11. Changes

We may update this Policy from time to time. Material changes will be announced in-product or by email at least 30 days before they take effect.

12. Contact

Questions about this Policy or our data practices can be sent to privacy@productstack.io.