Power Stack
TermsPrivacy
Legal

Privacy Notice

Last updated May 12, 2026

Power Stack (“we”, “us”) operates the installed-base management software at power-stack.netlify.app. This Privacy Notice explains what we collect, why, how long we keep it, and your rights. It covers two groups: dealers who sign up to use Power Stack, and the customer records dealers upload to manage their installed base.

1. Data we collect from dealers (Power Stack users)

  • Account data: email address, name, dealer company name, country, role, authentication tokens.
  • Profile + onboarding: brands you sell, regions you serve, optional descriptions of your existing data and operations.
  • Billing data (when paid tiers are active): Stripe customer ID and subscription identifiers. Card details are handled by Stripe; we never see them.
  • Usage data: server logs of API requests, IP addresses, dashboard activity, audit-log entries for write operations.

2. Data dealers upload about their customers

When you add a customer or UPS unit to Power Stack, you are processing personal data and equipment data on behalf of that customer. Typical fields include customer company name, contact name, contact email/phone, address, UPS brand/model/serial, install date, service history, ticket notes.

For data of natural persons (typically the customer's site contact), you are the data controller and Power Stack is the data processor. You are responsible for having a lawful basis (consent, legitimate interest, contract) to enter their details into the platform and for responding to their access / deletion requests.

3. Why we process this data

  • To deliver the dashboard, calculators, alerts, and WhatsApp/email notifications you request.
  • To detect abuse and protect the integrity of the platform.
  • To send you product-related transactional emails (sign-in links, billing receipts, service announcements). Marketing emails only with your prior consent.
  • To comply with legal obligations (tax records, lawful information requests).

4. Who has access

Power Stack data is multi-tenant: each dealer's rows live in shared Postgres tables isolated by row-level security policies keyed on dealer membership. The Power Stack team can view your data only when you ask us to (support requests) or when required to detect/resolve an outage.

Sub-processors that receive data in the normal course of operation:

  • Supabase (PostgreSQL, Auth, Storage) — EU region, Frankfurt.
  • Netlify (web hosting, CDN, deploy previews).
  • Resend (transactional email delivery).
  • 360dialog and Twilio (WhatsApp Business API delivery, when WhatsApp notifications are enabled).
  • Stripe (payment processing — only when paid plans are active).

5. International transfers

Your primary data store (Supabase) is hosted in the EU. Sub-processors based in the United States receive data under appropriate safeguards — Standard Contractual Clauses where required, or the EU-US Data Privacy Framework. We do not knowingly transfer data outside the EU/UK for any purpose other than delivering the Service.

6. Retention

  • Active account data is retained for the life of the account.
  • On account cancellation, production data is retained for 30 days (reactivation window) and then permanently deleted within 90 days.
  • Encrypted backups roll off the rolling window within 35 days.
  • Audit-log entries are retained for 24 months for security investigation purposes.
  • Anonymised, aggregated usage statistics may be retained indefinitely.

7. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and the personal data within it.
  • Object to or restrict certain processing.
  • Portability — export your data in a machine-readable format.
  • Lodge a complaint with your supervisory authority.

For dealer accounts: most of these can be exercised directly from the dashboard. For anything else, or for requests about customer data your dealer uploaded, contact george@power-stack.io and we will respond within 30 days.

8. Cookies and analytics

Power Stack uses strictly-necessary cookies for authentication and session management. We do not use third-party advertising or cross-site-tracking cookies. If we add product analytics in the future, we will update this notice and offer an opt-out before we start collecting.

9. Security

Data is encrypted in transit (TLS 1.2+) and at rest (Postgres tablespace + Storage bucket encryption). Access to the production database is restricted to a small number of named operators and is logged. We do not store payment card details. Passwords are not used — authentication is by single-use magic links via Supabase Auth.

10. Contact

Privacy questions and rights requests can be addressed to george@power-stack.io.