Privacy Policy

StackOverlap is a software-as-a-service platform that helps marketing technology leaders identify capability overlaps in their MarTech stacks. We are based in Australia. For privacy enquiries, contact us at [email protected].

2.1 Information You Provide Directly

• Account information: name and email address collected via Clerk authentication (including Google OAuth if you choose to sign in with Google).
• Onboarding profile: company size, industry, business model, operating region, and annual turnover — used to personalise your audit analysis.
• MarTech stack data: the tools you select when building an audit, and any contextual notes you add.
• Payment information: billing details processed by Stripe. We do not store your card number, CVV, or full payment details on our servers.
• Communications: any messages you send us via email or support channels.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, audit actions taken, and timestamps.
• Device and browser information: browser type, operating system, IP address, and referring URLs.
• Cookies and session tokens: used to maintain your authenticated session. We do not use third-party advertising cookies.

2.3 Aggregate and Anonymised Data

We aggregate and anonymise audit data (overlap patterns, waste estimates, tool combinations) to power the Open Stack Transparency Dashboard — a public dataset showing industry-wide MarTech waste trends. No personally identifiable information or company-identifying data is included in this dataset.

• To provide, operate, and improve the Service, including generating AI-powered audit reports.
• To personalise your audit analysis based on your company profile.
• To process payments and manage your subscription via Stripe.
• To send transactional emails (account verification, payment receipts, audit completion notifications).
• To respond to your support requests and communications.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.
• To generate anonymised aggregate statistics for the Transparency Dashboard and internal product analytics.

We do not sell your personal information to third parties. We do not use your data for third-party advertising.

The audit reports generated by StackOverlap are produced using large language model (LLM) technology. Your MarTech stack data and company profile are sent to our AI provider (OpenAI) to generate analysis. OpenAI's data handling is governed by their Privacy Policy. We use the API in a manner that does not allow OpenAI to use your data to train their models.

AI-generated reports are advisory in nature. You should apply professional judgement before acting on any recommendation. See our Terms of Service for full disclaimers.

We share your information only in the following circumstances:

• Service providers: Clerk (authentication), Stripe (payments), OpenAI (AI analysis), and our cloud infrastructure provider. Each is bound by data processing agreements.
• Legal requirements: if required by law, court order, or government authority.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
• With your consent: for any other purpose with your explicit consent.

We retain your personal information for as long as your account is active or as needed to provide the Service. Audit data is retained for the lifetime of your account. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data ("right to be forgotten").
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing of your data for certain purposes.
• Withdrawal of consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

We implement industry-standard security measures including HTTPS encryption, secure session management via Clerk, and access controls on our database. Payment data is handled entirely by Stripe and never passes through our servers in raw form. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take reasonable precautions to protect your data.

We use session cookies to maintain your authenticated state. These are essential for the Service to function and cannot be disabled while using the platform. We do not use tracking cookies, advertising cookies, or third-party analytics cookies that share data with external parties.

Our Service is operated from Australia. Your data may be processed by our service providers in other countries (including the United States). Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable privacy laws.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

For privacy-related questions, requests, or complaints, contact us at: