Skip to main content
Restackd

Legal

Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how Restackd LLC (“Restackd,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our platform and websites (the “Service”). It applies to all customers, visitors, and users of the Service. We take privacy seriously and try to be straightforward about what we do with your data.

1. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, password, profile image, business name, and other details you provide when you create or update your account.
  • Payment information. Payments are processed by our payment processors (including Stripe and FanBasis). They collect your card or banking details directly. We receive only metadata such as the last four digits, brand of card, billing country, transaction ID, and status. We do not store full payment card numbers on our servers.
  • Customer Content. Anything you upload, create, or import into the Service, including courses, community posts, contact lists, messages, automations, funnels, and media assets.
  • Usage data. Pages visited, features used, clicks, IP address, device and browser type, operating system, referrer URLs, and timestamps. This helps us debug, improve performance, and detect abuse.
  • Communications. Emails, support tickets, chat messages, and call recordings between you and our team.
  • Cookies and similar technologies. See Section 4.

2. How We Use Information

We use information to:

  • Provide, maintain, and improve the Service.
  • Process payments, send receipts, and prevent fraudulent transactions.
  • Authenticate users, secure accounts, and protect against unauthorized access.
  • Respond to your support requests and communicate with you about your account.
  • Send administrative messages (billing notices, security alerts, terms updates) and, where permitted, marketing communications. You can opt out of marketing emails at any time.
  • Analyze how the Service is used so we can improve features, fix bugs, and plan capacity.
  • Comply with legal obligations and enforce our Terms.

3. How We Share Information

We do not sell personal information. We share information only as described below:

  • Service providers. Vendors that operate our infrastructure (hosting, databases, email delivery, SMS sending, analytics, error monitoring, payments) under contractual confidentiality and security obligations.
  • Payment processors. Stripe and FanBasis process customer-facing transactions; PayPal Payouts may be used internally for affiliate settlement.
  • Legal obligations. When required by law, subpoena, court order, or to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, with continued protections.
  • With your consent. Any other sharing you explicitly authorize, for example connecting a third-party app.

4. Cookies and Tracking

We use cookies and similar technologies for three purposes:

  • Essential cookies. Required for the Service to function, including authentication and security.
  • Analytics. We use PostHog to understand aggregate usage patterns and improve the product. Analytics data is pseudonymized where feasible.
  • Affiliate tracking. A 90-day cookie attributes referrals from our affiliate partners. Without this cookie, affiliate commissions cannot be paid.

You can disable non-essential cookies through your browser settings. Disabling essential cookies will break the Service. If your jurisdiction requires a consent banner, you will see one on first visit.

5. Data Security

We protect your data using industry-standard practices, including TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls, audit logging, and infrastructure hosted on providers that maintain SOC 2 Type II or equivalent certifications. We continuously monitor for vulnerabilities and respond to incidents promptly. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach that affects your data, we will notify you within the timeframes required by applicable law.

6. Data Retention

We retain account and Customer Content for as long as your account is active. After cancellation, we retain data for 90 days to allow export and recovery, then permanently delete or anonymize it, except where longer retention is required by law (for example, tax records and financial transaction logs may be kept for up to seven years). Aggregated, anonymized analytics may be retained indefinitely.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Request correction of inaccurate or incomplete data.
  • Erasure. Request deletion of your personal data, subject to legal retention requirements.
  • Portability. Receive your data in a machine-readable format.
  • Objection or restriction. Object to or restrict certain processing.
  • Opt out of sale. Under the CCPA, California residents may opt out of the sale of personal information. We do not sell personal information, so this right is satisfied by default.

To exercise these rights, email hello@restackd.com. We will respond within 30 days. You will not be discriminated against for exercising your rights.

8. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us at hello@restackd.com and we will delete it.

9. International Users

The Service is operated in the United States, and data is processed and stored on infrastructure located primarily in the United States. If you access the Service from outside the United States, you acknowledge and agree that your data is transferred to and processed in the United States. Where required (for example, transfers from the European Economic Area, the United Kingdom, or Switzerland), we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Service. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Questions, requests, or complaints about privacy? Email our Data Protection Officer at hello@restackd.com. If you are in the European Economic Area or United Kingdom and we cannot resolve a complaint to your satisfaction, you may also lodge a complaint with your local data protection authority.