AS
AdminStack
Beta
← Back to registration

Privacy Policy

Last updated: March 13, 2026

1. Introduction

CW Affiliate Investments LLC ("Company", "we", "us", or "our") operates AdminStack™ ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service. By using AdminStack™, you consent to the practices described in this policy.

2. Information We Collect

Information you provide directly:

  • Account information: name, email address, company name, and password
  • Billing information: payment method details (processed and stored by Stripe, not by us)
  • Business data: client information, project details, invoices, credentials, files, and messages you create within the Service
  • Communications: support requests, feedback, and messages you send us

Information collected automatically:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, features used, and time spent on the Service
  • Login timestamps and authentication events
  • Error logs and performance data

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, invoice notifications)
  • Provide customer support and respond to your inquiries
  • Monitor and improve the security, performance, and reliability of the Service
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your business data to train machine learning models. We do not serve advertisements.

4. Third-Party Services

We use the following third-party services to operate AdminStack™. Each service processes only the minimum data necessary for its function:

Supabase

Database hosting, file storage, and backend infrastructure. Your business data is stored in Supabase-managed PostgreSQL databases with row-level security. Data is encrypted at rest and in transit.

Stripe

Payment processing for subscriptions and portal invoices. Stripe receives your payment method details, email, and billing address. We do not store your full card number. Stripe's privacy policy applies to payment data they process.

SendGrid (Twilio)

Transactional and marketing email delivery. SendGrid receives recipient email addresses and email content for messages sent through the Service, including invoice emails, portal notifications, and email marketing campaigns you create.

5. Data Storage and Security

Your data is stored on servers located in the United States. We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Bcrypt hashing for passwords — we never store plaintext passwords
  • Row-level security policies in our database to enforce tenant isolation
  • Rate limiting on authentication endpoints to prevent brute-force attacks
  • Audit logging of security-relevant account actions
  • Optional two-factor authentication (TOTP) for account access

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Cookies

AdminStack™ uses a single essential cookie (adminstack_token) to maintain your authenticated session. This cookie is strictly necessary for the Service to function and cannot be disabled.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not participate in cross-site tracking or ad networks.

7. Data Retention

We retain your account data and business data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (e.g., financial records, audit logs).

Automatically collected data (logs, analytics) is retained for up to 90 days for security and debugging purposes, then deleted.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Export your data in a machine-readable format
  • Withdraw consent for optional data processing at any time
  • Object to processing based on our legitimate interests

To exercise any of these rights, contact us at the email address below. We will respond to requests within 30 days.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@adminstack.io.

CW Affiliate Investments LLC · Wisconsin, USA