Privacy Policy

Last updated: February 7, 2026

 

This Privacy Policy describes how G-Stacker (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use our platform at gstacker.com (the “Service”).

1. INFORMATION WE COLLECT

1.1 Account Information When you sign up for G-Stacker, we collect the information provided through Google OAuth authentication, including:

  • Your name and email address
  • Google account profile information
  • Google OAuth access and refresh tokens (used solely to create and manage Google properties on your behalf)
  • Google Ads Keyword Planner credentials (customer ID, developer token), if you choose to connect this service
  • Google Sites session data, if you use the Google Sites integration

1.2 Brand and Business Information When you create brand profiles on G-Stacker, you may provide:

  • Business name, website URL, phone number, email address, and physical address
  • Industry, target audience, and service area information
  • Brand voice, messaging, and content preferences
  • Brand colors, logos, and visual identity preferences
  • Cultural representation preferences
  • Social media profile URLs (up to 7 platforms)

1.3 Content and Generated Assets We store content generated by and through the platform, including:

  • Google Docs, Sheets, Slides, and Calendar event content
  • Authority site content for Cloudflare Pages and GitHub Pages
  • Podcast audio and video files
  • AI-generated images
  • PDF reports
  • Keyword research data and topical cluster maps
  • Lead capture form submissions

1.4 Payment Information Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe may collect and store payment data in accordance with their own privacy policy.

1.5 Usage and Technical Data We collect:

  • Browser type and version
  • Pages visited within the platform
  • Feature usage and interaction data
  • Stack generation history and status
  • Error logs for debugging and service improvement

1.6 Cookies and Local Storage G-Stacker uses the following local storage mechanisms:

  • Authentication session data: To keep you logged in
  • Language preference: To remember your chosen interface language
  • Theme preference: To remember your light/dark mode selection
  • Compliance banner dismissal: To remember that you’ve acknowledged our acceptable use notice
  • Onboarding state: To track which onboarding tips you’ve seen

We do not use third-party tracking cookies or advertising cookies.

2. HOW WE USE YOUR INFORMATION

We use the information we collect to:

  • Provide, maintain, and improve the G-Stacker platform 
  • Create and manage Google properties on your behalf using your authorized Google account 
  • Generate brand-specific, SEO-optimized content tailored to your business 
  • Process payments and manage your subscription 
  • Send transactional emails related to your account (via Resend) 
  • Provide customer support 
  • Detect and prevent spam, abuse, and violations of our Acceptable Use Policy 
  • Improve our AI content generation and design systems

DATA PROTECTION & SECURITY

G-Stacker is committed to protecting your personal information and Google account data. We employ industry-standard security measures to ensure your data remains safe and secure.

Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) via HTTPS. This ensures that your information cannot be intercepted or read by unauthorized parties during transmission.

Encryption at Rest
Your data is stored in encrypted PostgreSQL databases hosted on secure, SOC 2-compliant infrastructure. Database backups are also encrypted to prevent unauthorized access.

OAuth Token Security
When you connect your Google account, we store OAuth access tokens and refresh tokens in our encrypted database. These tokens are used solely to perform the actions you authorize (such as creating Google Docs, Sheets, Slides, and Drive folders on your behalf). We never store your Google password.

Minimal Data Access
G-Stacker only requests the minimum permissions necessary to function. We use the drive.file scope, which limits our access to only the files and folders that G-Stacker creates — we cannot see, access, or modify any other files in your Google Drive.

Third-Party Services
We use the following third-party services to operate G-Stacker:
– Stripe for payment processing (PCI DSS compliant)
– Resend for transactional email delivery
– OpenRouter and OpenAI for AI-powered content generation
– ElevenLabs for audio generation

These services only receive the minimum data necessary to perform their function. We do not sell or share your personal data with any third parties for marketing or advertising purposes.

Data Retention
Your data is retained for as long as your account is active. If you delete your account, all associated data — including stored OAuth tokens, brand profiles, and generated content metadata — will be permanently deleted within 30 days.

Your Rights & Revoking Access
You may revoke G-Stacker’s access to your Google account at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions. Upon revocation, G-Stacker will no longer be able to access your Google services, and stored tokens will be invalidated.

You have the right to:
– Request a copy of the data we hold about you
– Request deletion of your data
– Revoke Google account access at any time
– Contact us with any privacy concerns

Contact
For any questions about data protection or privacy, contact us at: [email protected]

3. THIRD-PARTY SERVICES

G-Stacker integrates with the following third-party services to provide its features. Each service receives only the data necessary for its function:

SERVICE: Google APIs (Docs, Sheets, Slides, Calendar, Drive, Sites) 
PURPOSE: Creating and managing Google properties 
DATA SHARED: Brand content, your Google OAuth tokens
SERVICE: Google Knowledge Graph API 
PURPOSE: Checking brand entity recognition status 
DATA SHARED: Brand name
SERVICE: Google Ads Keyword Planner 
PURPOSE: Keyword research and search volume data 
DATA SHARED: Keywords, your Google Ads credentials (if connected)
SERVICE: OpenRouter / OpenAI / Google Gemini
PURPOSE: AI content generation 
DATA SHARED: Brand details, keywords, content prompts
SERVICE: ElevenLabs
PURPOSE: Text-to-speech for podcast generation 
DATA SHARED: Podcast script text
SERVICE: FAL
PURPOSE: AI image generation
DATA SHARED: Image generation prompts
SERVICE: Stripe
PURPOSE: Payment processing and subscription management 
DATA SHARED: Email, subscription plan selection
SERVICE: Resend
PURPOSE: Transactional email delivery 
DATA SHARED: Email address, notification content
SERVICE: Cloudflare Pages
PURPOSE: Hosting generated authority sites 
DATA SHARED: Generated site HTML/CSS/JS
SERVICE: GitHub Pages
PURPOSE: Hosting generated authority sites 
DATA SHARED: Generated site HTML/CSS/JS
SERVICE: DataForSEO
PURPOSE: Keyword research and SERP analysis 
DATA SHARED: Keywords, domain names
SERVICE: Perplexity 
PURPOSE: Brand and industry research 
DATA SHARED: Brand name, website URL, research queries
SERVICE: Cloud Object Storage 
PURPOSE: Storage of generated media (images, audio, video) 
DATA SHARED: Generated files

We do not sell, rent, or trade your personal information to third parties. Data is shared with third-party services only as necessary to provide G-Stacker’s features.

4. DATA STORAGE AND SECURITY

  • All data is stored in a PostgreSQL database hosted on secure, managed infrastructure. 
  • Google OAuth tokens are stored encrypted and are used only to perform authorized actions on your Google account. 
  • All data transmission uses HTTPS/TLS encryption. 
  • We review our codebase and infrastructure for security issues on an ongoing basis.

5. DATA RETENTION

  • Account data: Retained for the duration of your account. Upon account deletion, your data is removed within 30 days.
  • Generated content: Stored as long as your account is active. Content pushed to Google properties or external hosting (Cloudflare Pages, GitHub Pages) remains on those platforms under your own account and is not controlled by G-Stacker after creation.
  • Payment records: Retained as required by applicable tax and financial regulations.
  • Server logs: Retained for up to 90 days for debugging and security purposes.

6. YOUR RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you 
  • Correct inaccurate or incomplete data
  • Delete your account and associated data 
  • Export your data in a portable format 
  • Withdraw consent for data processing where consent is the legal basis 
  • Object to certain types of data processing


To exercise any of these rights, contact us through the Help Center or at the email address listed in your account dashboard.

7. CHILDREN'S PRIVACY

G-Stacker is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

8. INTERNATIONAL DATA TRANSFERS

Your data may be processed in countries other than your own. By using G-Stacker, you consent to the transfer of your data to the United States and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for all international data transfers.

9. CHANGES TO THIS POLICY

Your data may be processed in countries other than your own. By using G-Stacker, you consent to the transfer of your data to the United States and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for all international data transfers.

10. CONTACT

For support questions contact us at [email protected]. For privacy-related questions or requests, contact us through our Discord server: https://discord.gg/AHt886UC

Scroll to Top