Privacy Policy

Effective date: 7 March 2026

StackNest (“we”, “us”, “our”) operates the website at stacknests.com. This policy explains what personal data we collect, why we collect it, and your rights under applicable data protection law (including the UK GDPR and EU GDPR).

1. Data We Collect

Account registration

• Email address and username (required to create an account)
• Hashed password — we never store your password in plain text
• Account creation date and subscription tier

Google OAuth sign-in (optional)

• Google account name, email address, and profile picture URL provided by Google at sign-in
• Google user ID (used to link your Google account to your StackNest account)

Billing & payments (Pro and Studio plans)

• Payments are processed by Stripe. We receive and store your Stripe Customer ID and subscription status.
• We do not store raw card numbers or full payment details; these remain with Stripe under their own PCI-compliant systems.
• Billing email address associated with your Stripe subscription

User-generated content

• Plugin generation prompts you submit to the AI
• Generated code and project files, stored when you explicitly save a project
• Version history entries for saved projects
• Community gallery submissions (title, description, code, and associated GitHub links) if you choose to share a plugin publicly

Technical & usage data

• IP address — used for rate limiting and abuse prevention; not linked to your identity beyond session context
• Server access logs (request path, timestamp, HTTP status code) — retained for up to 7 days
• Browser and operating system type (from the User-Agent header)

2. How We Use Your Data

• Service delivery — authenticating your account, tracking your generation quota, storing your saved projects
• Billing — managing your subscription via Stripe
• Security — detecting abuse, applying rate limits, and protecting other users
• Service improvement — aggregate, anonymised usage statistics (e.g. which generation modes are most popular)
• Communications — transactional emails only (account creation, password reset, billing receipts). We do not send marketing emails unless you explicitly opt in.

3. AI Providers

Your generation prompts are sent to third-party AI providers to produce code:

• Google Gemini (free tier) — prompts are transmitted to Google’s API
• Anthropic Claude (Pro and Studio tiers) — prompts are transmitted to Anthropic’s API

We pass only the content necessary to generate your plugin (prompt text, selected mode, and Minecraft version context). We do not use your submitted prompts or generated code to train our own AI models. Each provider’s own privacy policy governs how they handle API input data.

4. Cookies & Local Storage

StackNest does not use tracking cookies or advertising cookies. Your authentication token (JWT) is stored in your browser’s localStorage, not in a cookie. This token is used solely to keep you signed in and is never shared with third parties.

Google Fonts may set a short-lived cache indicator in your browser as part of serving font files. No analytics or advertising cookies are placed by StackNest.

5. Third-Party Services

• Stripe — payment processing (stripe.com/privacy)
• Google — OAuth sign-in and Gemini AI API (policies.google.com/privacy)
• Anthropic — Claude AI API (anthropic.com/privacy)
• Google Fonts — web font delivery (no account data is shared)
• Hetzner — server infrastructure provider (data centre located in Germany, EU)

6. Data Retention

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• Saved projects — retained until you delete them or your account is deleted.
• Generation prompts (unsaved sessions) — not persisted beyond the current request.
• Server logs — automatically purged after 7 days.
• Billing records — retained for 7 years as required by UK financial regulations.

7. Your Rights

Under the UK GDPR and EU GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your saved projects in a machine-readable format
• Object to or restrict certain uses of your data
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at hello@stacknest.dev. We will respond within 30 days.

8. Data Security

All data is transmitted over HTTPS. Passwords are stored as bcrypt hashes with a work factor of 12 or higher. Database access is restricted to the application server and is not publicly exposed. We apply principle-of-least-privilege to all service accounts.

9. Children’s Privacy

StackNest is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete the account promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of StackNest after changes are posted constitutes acceptance of the updated policy.

Questions about this policy? Contact us at hello@stacknest.dev.