Privacy Policy

1. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use our services.

Personal Identifiers

• Name and email address
• Phone number (optional)
• Account credentials

Business Information

• Company name and industry
• Job title and role
• Company size and location

Platform Content

• RFP (Request for Proposal) content you create
• Proposals and responses submitted
• Messages and communications through the platform
• Tech stack and software inventory data

Technical Information

• IP address and device identifiers
• Browser type and operating system
• Usage data and analytics

2. How We Collect Information

We collect information through the following methods:

• Direct submission: When you create an account, submit RFPs, or fill out forms
• Automated collection: Through cookies, analytics tools, and similar technologies
• Third-party sources: When you sign in using OAuth providers (Google, LinkedIn)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

• Consent: When you have given explicit consent for specific purposes
• Contract performance: When processing is necessary to fulfill our service agreement with you
• Legitimate interests: For purposes such as improving our services, fraud prevention, and security
• Legal obligations: When required to comply with applicable laws

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Match buyers with relevant software vendors
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Analyze usage patterns to improve user experience
• Detect, prevent, and address fraud and security issues

5. Information Sharing & Third-Party Services

We do not sell your personal information. We may share information in the following circumstances:

• With vendors: When you submit an RFP, relevant information is shared with vendors to facilitate proposals
• Service providers: With third-party companies that help us operate our platform
• Legal requirements: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

Third-Party Service Providers

We use the following third-party services to operate our platform. Each has their own privacy policy governing their use of data:

• Vercel (hosting): vercel.com/legal/privacy-policy
• Supabase (database & authentication): supabase.com/privacy
• Google Analytics (analytics): policies.google.com/privacy
• Resend (email): resend.com/legal/privacy-policy
• LinkedIn (advertising): linkedin.com/legal/privacy-policy
• Meta/Facebook (advertising): facebook.com/privacy/policy

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Active accounts: Data is retained while your account remains active
• Closed accounts: Personal data is deleted within 30 days of account closure upon request
• Legal requirements: Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our services:

• Essential cookies: Required for authentication and session management
• Analytics cookies: Google Analytics to understand how users interact with our platform
• Advertising cookies: LinkedIn Insight Tag and Meta Pixel for marketing purposes

You can manage cookie preferences through your browser settings. For more information on how Google uses data, visit: How Google uses data when you use our partners' sites or apps

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication requirements
• Regular security reviews and monitoring
• Incident response procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights - California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

How to Exercise Your Rights: Submit a request by emailing [email protected]. We will verify your identity before processing your request.

Categories of Information: In the past 12 months, we have collected identifiers, commercial information, internet activity, and professional information as described in Section 1.

10. Your Rights - European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

How to Exercise Your Rights: Contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

For transfers from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your data.

12. Children's Privacy

StackMatch is a B2B platform intended for business professionals. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: