CapStack

Legal

Privacy Policy

Last updated: May 26, 2026

Placeholder pending final legal review. Our intended posture is described below; the production version will replace this page before public launch.

What we collect

  • Account data: email, chosen username, password hash, and any profile fields you set.
  • Deal data: the property inputs and analyses you save in CapStack. Stored under your account; never shared with other users.
  • Billing data: if you upgrade to a paid plan, Stripe collects payment details directly — we never see your card number. We store the Stripe customer/subscription IDs and your current plan status.
  • Operational logs: IP address, user agent, and request timing for security and abuse-prevention purposes. Retained for 30 days.

What we don't do

  • We don't sell your data to anyone.
  • We don't show ads, so there are no advertising trackers.
  • We don't read or share the deals you analyze. They're stored encrypted at rest and only your account can see them.

Subprocessors

We use the following infrastructure providers to run the service. Each has signed a Data Processing Addendum with us where applicable:

  • Supabase — database, authentication, and storage.
  • Vercel — hosting and edge functions.
  • Stripe — billing and subscription management.
  • Resend (or our current SMTP provider) — transactional email delivery.
  • Cloudflare — DDoS protection and bot-mitigation (Turnstile).

Your rights

You can export or delete your data at any time from your account page. Deletion is permanent and immediate. If you need help, email privacy@capstackinvest.com.

Cookies

We use first-party cookies only — exclusively to keep you signed in. No third-party analytics or ad-tech cookies are loaded by the app.

← Back to sign up