Legal
Privacy Policy
Effective Date: April 19, 2026 · Last Updated: April 19, 2026 · Website: stackrx.net
Our Core Commitment
StackRx will never sell, share, or distribute your contact information to any third party. If you choose to connect with a vendor, only the information you explicitly approve is shared — and only with the vendor you select. You stay anonymous until you decide otherwise.
1.Introduction
StackRx ("we," "us," or "our") operates the website stackrx.net (the "Site") and the Stax AI diagnostic platform (the "Service"). StackRx provides AI-powered vendor diagnostics and matching for Managed Service Providers ("MSPs"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our Site and Service.
By using StackRx, you acknowledge that you have read and understood this Privacy Policy. We are committed to transparency, user control, and data minimization. Privacy is not a feature of StackRx — it is the foundation on which the platform is built.
2.Information We Collect
2.1 Information You Provide Directly
- Diagnostic Input Data: When you run a diagnostic, you provide a plain-English description of your operational pain points. You may also provide structural profile information such as endpoint count, budget range, decision timeline, current tool stack, and PSA/RMM platforms.
- Contact Information: If you choose to connect with a vendor, you may provide your name, email address, company name, preferred contact method, availability windows, and engagement notes. This information is only collected when you voluntarily initiate a vendor connection.
- Beta Signup Information: If you sign up for our beta program, you provide your name, email, and company information.
- Contact Form Submissions: If you reach out via our contact form, you provide your name, email, and message content.
- Vendor Portal Information: Solution providers accessing our vendor dashboard provide authentication credentials and business contact information.
2.2 Information Collected Automatically
- Usage Data: We collect standard web server logs including IP address, browser type, device type, pages visited, referring URL, and timestamps. This data is used for security monitoring, rate limiting, and service improvement.
- Diagnostic Analytics: We log anonymized, aggregated diagnostic metadata (category distributions, root cause classifications, completion rates) to improve the Stax engine. This data cannot be traced back to an individual user.
2.3 Information We Do NOT Collect
- We do not use tracking cookies for advertising or behavioral profiling.
- We do not collect biometric data, voice recordings, or facial recognition data.
- We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or genetic data.
- We do not knowingly collect information from children under the age of 13.
3.How We Use Your Information
| Purpose | Description |
|---|---|
| Diagnostic Services | To process your pain point descriptions through the Stax AI pipeline, classify root causes, and generate ranked vendor recommendations. |
| Vendor Connections | To facilitate introductions between you and vendors you choose to engage with — only with your explicit, affirmative consent. |
| Service Improvement | To improve recommendation accuracy, refine the Stax engine, and enhance user experience using anonymized, aggregated data. |
| Communications | To send diagnostic results, beta updates, and follow-up communications anchored to your stated decision timeline — not arbitrary marketing cadences. |
| Security & Integrity | To prevent abuse, enforce rate limits, detect prompt injection attempts, and maintain platform security. |
| Legal Compliance | To comply with applicable laws, respond to lawful requests, and protect our legal rights. |
4.Our Consent-Based Vendor Connection Model
This section describes the core of how StackRx handles MSP-to-vendor introductions. It is the most important section of this policy because it defines the trust model that differentiates StackRx from every other vendor marketplace.
4.1 The Three-Stage Connection Model
- Stage 1 — Anonymous (Default): When you run a diagnostic, your results are matched to relevant vendor categories. Vendors in our system may see anonymized diagnostic data (pain category, root cause classification, endpoint range, budget range, decision timeline) but they never see your name, company name, email address, or any personally identifiable information. You are anonymous by default.
- Stage 2 — Connected: If you click "Connect with Vendor" on a specific recommendation, you choose to share your company name and contact email with that vendor — and only that vendor. Before any information is transmitted, you are shown a preview of exactly what the vendor will receive. You must affirmatively confirm before any data is shared.
- Stage 3 — Opted In: You may optionally provide your preferred contact method (email, phone, or video call), availability windows, and engagement notes. This information gives the vendor guidance on how to approach you respectfully, on your terms.
4.2 What Vendors Never Receive
- Your raw, unprocessed diagnostic input text (vendors see category-level summaries, not your exact words)
- Your search history or browsing behavior on StackRx
- Information about other vendors you viewed, connected with, or rejected
- Any personal information beyond what you explicitly approved in the data preview
4.3 StackRx as Intermediary
All vendor connections are routed through StackRx for review before any MSP information is released. We act as an intermediary to ensure that vendor outreach is relevant, respectful, and aligned with your stated preferences. We reserve the right to deny or revoke vendor access to lead data if a vendor violates our engagement standards.
5.Data Sharing and Disclosure
We do not sell your personal information. We do not share your personal information for advertising purposes. We share information only in the following circumstances:
- With Your Consent: When you affirmatively choose to connect with a vendor through our consent-based connection model, we share only the information you approved with only the vendor you selected.
- Service Providers: We use third-party service providers to host our infrastructure (Vercel, Supabase), process AI queries (Google Gemini), and deliver transactional emails (Resend). These providers process data solely on our behalf and are contractually bound to protect your information.
- Aggregated or De-Identified Data: We may share anonymized, aggregated market intelligence data (such as category trends and pain point distributions) that cannot be used to identify any individual user.
- Legal Requirements: We may disclose information if required by law, subpoena, court order, or other legal process, or to protect the rights, property, or safety of StackRx, our users, or the public.
6.Data Security
We implement commercially reasonable technical, administrative, and organizational safeguards to protect your personal information, including:
- All data is transmitted over HTTPS/TLS encryption.
- Database access is governed by Row Level Security (RLS) policies that prevent unauthorized reads of personally identifiable information.
- Server-side input validation and prompt injection defense protects against common attack vectors.
- Session-based rate limiting prevents abuse of diagnostic services.
- Administrative access to user data requires service-role credentials and is restricted to authorized personnel.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
7.Data Retention
- Diagnostic Data: Retained to improve the Stax engine and provide continuity if you return for future diagnostics. You may request deletion at any time.
- Contact Information: Retained for the duration of an active vendor connection or until you request deletion, whichever comes first.
- Beta and Contact Form Data: Retained for the duration of the beta program and a reasonable period thereafter for follow-up purposes.
- Aggregated Analytics: Anonymized, aggregated data may be retained indefinitely as it cannot be used to identify individuals.
8.Your Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate personal information.
- Right to Deletion: You may request deletion of your personal information, including diagnostic data and contact information.
- Right to Data Portability: You may request a copy of your data in a portable, machine-readable format.
- Right to Opt Out: You may opt out of any vendor connection at any time. You may also opt out of non-essential communications.
- Right to Withdraw Consent: Where we process your data based on consent, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing conducted prior to withdrawal.
To exercise any of these rights, contact us at privacy@stackrx.net. We will respond to your request within 30 days.
9.AI and Automated Processing
StackRx uses artificial intelligence to process diagnostic inputs and generate vendor recommendations. Specifically:
- Your plain-English pain descriptions are processed through a multi-stage AI pipeline (Stax) that classifies root causes and matches vendor capabilities against a curated database of 247+ vendors.
- AI processing is performed server-side using Google Gemini models. Your input is transmitted to Google's API for processing. Google's use of this data is governed by their enterprise API terms, which prohibit using API input data to train their models.
- AI-generated vendor recommendations are informational only and do not constitute professional advice.
- Vendor rankings are determined algorithmically and cannot be purchased or influenced by vendors.
- No automated decisions with legal or similarly significant effects are made about you based on AI processing.
10.Third-Party Services
StackRx relies on the following categories of third-party service providers to deliver the Service:
| Provider | Purpose | Data Processed |
|---|---|---|
| Cloud Hosting (Vercel) | Application hosting and delivery | Web traffic, server logs, application code execution |
| Database (Supabase) | Data storage and management | Diagnostic data, vendor data, user-submitted contact information |
| AI Processing (Google Gemini) | Natural language processing for diagnostics | Diagnostic input text for classification and recommendation generation |
| Email (Resend) | Transactional email delivery | Email addresses and message content |
| Notifications (Slack) | Internal operational alerts | Anonymized event notifications (no PII transmitted) |
Each third-party provider is subject to their own privacy policy. We select providers that maintain commercially reasonable security standards and limit the data shared with each provider to what is necessary for their specific function.
11.Cookies and Tracking Technologies
- Essential Cookies: We use strictly necessary session cookies to maintain your diagnostic session state and enforce rate limiting. These cookies are required for the Service to function and cannot be disabled.
- No Advertising or Analytics Cookies: We do not use third-party advertising cookies, social media tracking pixels, or behavioral analytics platforms. We do not participate in cross-site tracking or retargeting.
12.Children's Privacy
StackRx is a business-to-business service designed for use by IT professionals and MSP operators. Our Service is not directed at individuals under the age of 13 (or 16 in jurisdictions where that higher threshold applies). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the applicable age threshold, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at privacy@stackrx.net.
13.State-Specific Privacy Rights
13.1 California (CCPA/CPRA)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect and how it is used, the right to request deletion, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.
13.2 Florida (FDBR / FIPA)
The Florida Digital Bill of Rights (FDBR) applies to entities meeting specific high-revenue thresholds. While StackRx may not currently meet the FDBR applicability threshold, we voluntarily honor the consumer rights established under the FDBR as a matter of principle. The Florida Information Protection Act (FIPA) requires businesses to take reasonable measures to protect and secure personal information and to provide notification in the event of a data breach. We comply with FIPA requirements.
13.3 Other U.S. States
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain data processing. We honor these rights regardless of which state you reside in. To exercise your rights, contact us at privacy@stackrx.net.
13.4 International Users
StackRx is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. If you are located in the European Economic Area, United Kingdom, or other jurisdictions with data protection laws that provide rights beyond those described in this policy, please contact us so we can address your specific requirements.
14."Do Not Sell or Share My Personal Information"
StackRx does not sell your personal information as defined by the CCPA, CPRA, or any other applicable state privacy law. We do not share personal information for cross-context behavioral advertising. Because we do not sell or share personal information for these purposes, there is no need to submit a "Do Not Sell" request — but if you wish to confirm this, you may contact us at privacy@stackrx.net.
15.Business Transfers
In the event that StackRx is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Site before your personal information becomes subject to a different privacy policy. Any successor entity will be bound to honor the commitments made in this Privacy Policy with respect to data previously collected.
16.Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, providing additional notice via email or a prominent banner on our Site. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
17.Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please contact us:
- StackRx
- Email: privacy@stackrx.net
- Website: stackrx.net/contact
Privacy is not a feature. It is the foundation.