Privacy Policy
Effective date: June 30, 2026 · Last updated: July 5, 2026
RackStack Pro ("we," "us," or "our") operates the RackStack Pro platform — a woodshop inventory and project management service. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using RackStack Pro, you agree to the practices described here.
1. Information We Collect
Account information
When you register, we collect your name, email address, and password (stored as a hashed value — we never see your plaintext password). If you sign in with Google or Microsoft, we receive basic profile information (name and email) from that provider.
Phone number
If you enable SMS-based two-factor authentication (2FA), or add a recovery phone number, we collect and store your mobile phone number. We use it solely to send account-security codes and to help you recover access — never for marketing. See the SMS & Text Messaging section below.
Organization and shop data
We store the shop/organization name, member roles, and any inventory, project, or takeoff data you enter into the platform. This data belongs to you.
Usage data
We collect basic usage information such as log-in timestamps and feature interactions to help us improve the product. We do not sell this data or use it for advertising.
Communications
If you contact us by email or submit feedback, we retain that correspondence to respond and improve our service.
2. How We Use Your Information
- Provide, maintain, and improve the RackStack Pro platform
- Authenticate your identity, including two-factor authentication, and enforce organizational access controls
- Send one-time verification codes — by SMS or email — for two-factor authentication, recovery-phone verification, and step-up confirmation of sensitive account actions
- Send transactional emails (account confirmation, password reset, team invitations)
- Respond to support requests and feedback
- Detect and prevent fraud, abuse, or unauthorized access
- Comply with applicable laws and regulations
We do not sell your personal information. We do not use your data for advertising or share it with data brokers.
3. SMS & Text Messaging
If you provide a mobile phone number for two-factor authentication or account recovery, we send you automated account-security text messages — such as two-factor sign-in codes, recovery-phone verification codes, and confirmation codes for sensitive actions. These are transactional messages triggered by your own activity; we do not send marketing or promotional texts.
- Message frequency depends on your account activity (for example, each time you sign in with 2FA).
- Message and data rates may apply, depending on your mobile carrier and plan.
- Reply HELP for help, or contact support@rackstackpro.com.
- Reply STOP to opt out of texts. Note that opting out disables SMS-based two-factor authentication and may limit your ability to sign in; you can remove or update your number anytime in Settings.
We do not share or sell your mobile phone number or SMS opt-in data with third parties or affiliates for their marketing or promotional purposes. Phone numbers are shared only with our SMS provider (Twilio) for the sole purpose of delivering the messages described above.
4. Third-Party Services
We use the following infrastructure providers to operate the platform. Each has its own privacy policy.
Supabase
Database, authentication, and file storage. Your account credentials and inventory data are stored in Supabase infrastructure hosted on AWS.
Vercel
Hosting and content delivery. Web requests to RackStack Pro are served via Vercel's edge network.
Resend
Transactional email delivery. Used only for account-related emails (confirmation, password reset, invitations, and email verification codes). We do not send marketing email.
Twilio
SMS delivery. Used only to send account-security text messages — two-factor authentication codes, recovery-phone verification, and step-up confirmation codes. Mobile numbers shared with Twilio are used solely to deliver these messages and are not used for marketing.
Stripe
Payment processing for paid subscriptions. Stripe collects and processes your billing details directly under its own privacy policy; we do not store full payment card numbers.
5. Data Retention
We retain your account and shop data for as long as your account is active. If you close your account or request deletion, we will delete your personal information and shop data within 30 days, except where retention is required by law. Anonymized or aggregated data may be retained for product analytics.
6. Your Rights
Depending on where you are located, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Export your data in a portable format
- Object to or restrict certain types of processing
To exercise any of these rights, email us at legal@rackstackpro.com. We will respond within 30 days.
7. Security
We use industry-standard measures including TLS encryption in transit, encrypted-at-rest storage via Supabase, hashed passwords, optional and (for some accounts) required two-factor authentication, re-verification of sensitive actions, and row-level security policies to isolate each organization's data. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
8. Children's Privacy
RackStack Pro is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us their information, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy periodically. When we do, we will update the "Last updated" date at the top and notify account holders by email for material changes. Continued use of the platform after changes constitutes acceptance of the updated policy.
10. Contact Us
Questions or concerns about this Privacy Policy? Reach us at legal@rackstackpro.com.