Security and Compliance

Last updated: February 7, 2026

 

At G-Stacker, protecting your data and maintaining the integrity of our platform is a top priority. This page describes the security measures, compliance standards, and data protection practices we implement.

AUTHENTICATION AND ACCESS CONTROL

Google OAuth 2.0 G-Stacker uses Google OAuth 2.0 for authentication. We never see or store your Google password. When you sign in, Google verifies your identity and issues secure tokens that allow G-Stacker to act on your behalf — only within the permissions you authorize.

Token Security Google OAuth access and refresh tokens are stored encrypted in our database. Tokens are used solely to create and manage Google properties you have authorized. You can revoke G-Stacker’s access at any time through your Google Account security settings.

Session Management User sessions are managed through secure, server-side session handling. Sessions expire after periods of inactivity and are invalidated upon logout.

Role-Based Access Account capabilities are determined by your subscription tier. Each tier has defined limits on brands, Google accounts, and monthly stack generation to prevent abuse and ensure platform stability.

DATA ENCRYPTION

In Transit All data transmitted between your browser and G-Stacker servers is encrypted using HTTPS/TLS. This includes all API calls, authentication flows, and content delivery.

At Rest Sensitive data stored in our database — including OAuth tokens, Google Ads credentials, and Google Sites session data — is encrypted. Database infrastructure is hosted on managed, secure cloud platforms.

INFRASTRUCTURE SECURITY

  • Managed Database: PostgreSQL database hosted on managed cloud infrastructure. 
  • Environment Isolation: API keys, secrets, and service credentials are stored as encrypted environment variables, separate from application code. They are never committed to source control or exposed in client-side code. 
  • Secure Integrations: All third-party API communications (Google APIs, OpenRouter, OpenAI, Stripe, ElevenLabs, etc.) use encrypted HTTPS connections with authenticated API keys.

PAYMENT SECURITY

G-Stacker uses Stripe for all payment processing. Stripe is a PCI DSS Level 1 certified payment processor — the highest level of certification in the payments industry. We never store, process, or have access to your full credit card number. All payment data is handled directly by Stripe’s secure infrastructure.

ANTI-SPAM AND PLATFORM INTEGRITY

G-Stacker is built for legitimate brand authority and SEO optimization. We enforce a comprehensive Acceptable Use Policy that prohibits:

  • Spam or mass unsolicited content distribution 
  • Creating properties for fake, deceptive, or non-existent businesses 
  • Manipulating search rankings through deceptive practices 
  • Impersonating other businesses or individuals 
  • Generating content that violates Google’s Terms of Service

Accounts found violating these policies are subject to warnings, suspension, or termination. See our full Acceptable Use Policy for details.

CONTENT GENERATION SAFEGUARDS

  •  Unique Content: Every piece of content generated by G-Stacker is original and created specifically for your brand. No duplicate content is produced across stacks or accounts. 
  • Anti-Footprint Technology: Our system randomizes templates, section ordering, naming conventions, anchor text distribution, and timing to ensure each stack is distinct and natural-looking. 
  • Cultural Representation Controls: AI-generated imagery includes user-controlled cultural identity settings with built-in safeguards against stereotyping, bias, and misrepresentation. 
  • Content Review: Our document-first workflow ensures you can review and edit all generated content before it is published to any platform.

DATA HANDLING PRACTICES

  • Minimal Data Collection: We collect only the data necessary to provide the Service. 
  • No Data Selling: We do not sell, rent, or trade your personal data or brand information to third parties. 
  • Purpose Limitation: Your data is used only to provide G-Stacker’s features and improve the platform. 
  • Data Portability: You can export your brand data and generated content. 
  • Right to Deletion: You can request deletion of your account and all associated data at any time.

THIRD-PARTY SECURITY

We integrate only with established, reputable third-party services that maintain their own security programs:

  • Google APIs: Google’s enterprise-grade security infrastructure 
  • Stripe: PCI DSS Level 1 certified payment processor 
  • Cloudflare: Enterprise-grade hosting and CDN 
  • GitHub: Industry-standard code hosting and Pages deployment 
  • OpenRouter / OpenAI / Google Gemini: AI service providers with established security practices
  • ElevenLabs: Audio generation with secure API access 
  • DataForSEO / Perplexity: Research data providers with secure API access

For specific security certifications and compliance details of these providers, please refer to their individual security pages.

INCIDENT RESPONSE

In the event of a security incident:

  1. We will investigate immediately and take steps to contain the issue.
  2. Affected users will be notified within 72 hours of discovery.
  3. We will provide clear information about what happened, what data was affected, and what steps we are taking.
  4. Relevant authorities will be notified as required by law.

RESPONSIBLE DISCLOSURE

If you discover a security vulnerability in G-Stacker, please report it to us through the Help Center. We appreciate responsible disclosure and will work with you to address the issue promptly. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to fix them.

COMPLIANCE

  • GDPR: We support the rights of EU residents including access, correction, deletion, portability, and the right to object to data processing.
  • CCPA: California residents have the right to know what personal information we collect, request deletion, and opt out of data sharing (note: we do not sell personal data).
  • Google API Services User Data Policy: G-Stacker complies with Google’s API Services User Data Policy, including the Limited Use requirements. We access Google user data only to provide the features you have authorized.
  • CAN-SPAM: All email communications comply with CAN-SPAM requirements, including clear sender identification and unsubscribe mechanisms.

QUESTIONS

For security-related questions or to report a concern, contact us through the Help Center within the G-Stacker platform.

Scroll to Top