Your privacy is fundamental to how StackStats is designed. This Privacy Policy explains what data we collect, why we collect it, and how it is handled. We have deliberately built StackStats to collect as little data as possible.
StackStats is a local desktop application. All of your newsletter data — your Substack CSV exports, subscriber information, open rates, engagement metrics, and any analytics derived from that data — stays entirely on your machine. None of this data is ever transmitted to us or any server we control.
We collect only the minimum data required to validate your software license. Specifically, when you activate or launch StackStats, the application transmits the following to our license validation server (hosted on Cloudflare):
That is the complete list. We do not collect your name, email address (unless you contact us directly), newsletter data, subscriber data, or any analytics or content processed by the application.
To be explicitly clear, StackStats does not collect, transmit, or store:
The license validation server is hosted on Cloudflare’s infrastructure. Validation requests are processed to confirm license status and device count. We retain the minimum data necessary to operate the license system: the license key, associated device fingerprints, and validation timestamps. This data is used solely for license management and is not shared with any third party, sold, or used for marketing purposes.
If you choose to use StackStats’s AI features, you connect directly to a third-party AI provider of your choice (e.g., Anthropic, OpenAI, Google, Groq, OpenRouter, or a locally hosted model via Ollama) using your own API key. Any data you send to these providers — including the newsletter context used to generate insights — is subject to the privacy policy of that provider. We strongly recommend reviewing your chosen provider’s privacy policy before use. If you require complete data privacy, StackStats supports fully local AI models via Ollama, which process data entirely on your device with no external transmission.
If you contact us at [email protected], we will retain your email address and the content of your message for the purpose of responding to your inquiry and providing support. We do not add support contacts to any mailing lists without explicit consent.
License validation data transmitted to our server is sent over encrypted HTTPS connections. Your newsletter data and API keys are stored locally on your device and are subject to the security of your own operating system and device. We recommend keeping your operating system and StackStats up to date.
License validation data (license key, device fingerprints, email address, and timestamps) is retained for as long as your license is active. If you wish to request deletion of your personal data, please email [email protected] with the subject line “Data Deletion Request” and include the email address associated with your purchase. We will process your request and remove your records within thirty (30) calendar days, subject to any legal obligations to retain records (for example, transaction records required for tax or accounting purposes). Note that deletion of your data will invalidate your license key.
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to the processing of your personal data. This section sets out your rights and our obligations under GDPR.
What personal data we hold about you:
Lawful basis for processing: We process your personal data on the basis of performance of a contract (Article 6(1)(b) GDPR). You purchased a software license; we need your email address to deliver that license, provide support, and manage the ongoing license relationship. We do not rely on consent as our lawful basis, and we do not use your data for marketing without your explicit opt-in.
Your rights under GDPR:
To exercise any of these rights, email [email protected]. We will respond within thirty (30) calendar days. If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority — for example, the ICO (UK), the DPC (Ireland), or the relevant authority in your EU member state.
Data transfers: Our license validation server is hosted on Cloudflare’s infrastructure. Cloudflare is a US-based company that participates in standard contractual clauses and other GDPR-compliant transfer mechanisms for data processed in or transferred to the United States. By using StackStats, you acknowledge that your license data (email, device fingerprint, license key) may be processed on Cloudflare’s infrastructure in accordance with their data processing terms.
StackStats is not directed at individuals under the age of 18. We do not knowingly collect data from minors.
We may update this Privacy Policy from time to time. Where changes are material, we will notify you via email or in-application notice. The effective date at the top of this policy reflects when it was last updated.
This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes relating to this policy shall be subject to the exclusive jurisdiction of the courts of the UAE. Nothing in this section limits the rights of EU/EEA users under GDPR to lodge complaints with their local supervisory authority.
For privacy-related questions, data subject rights requests, or data deletion requests, contact: [email protected]