Privacy Policy

1. Introduction

FAR CNCPT LLC ("the Company", "we", "our", or "us") operates the StackDive™ platform at stackdive.app. StackDive™ is a trademark of FAR CNCPT LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication credentials via our authentication provider (Stack Auth).

Usage Data: We automatically collect information about how you interact with our platform, including courses accessed, walkthrough progress, pages visited, and time spent on the platform.

AI Tutor Interactions: Questions you ask the AI tutor are processed to generate responses. We may retain anonymized conversation data to improve the quality of AI-generated explanations.

Device Information: We collect browser type, operating system, IP address, and device identifiers for security and analytics purposes.

Payment Information: If you subscribe to paid features, payment processing is handled by Stripe. We do not store your full credit card number — only a tokenized reference and billing details.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform and services
• Track your learning progress across courses and walkthroughs
• Power the AI tutor with relevant codebase context
• Send you service-related notifications and updates
• Analyze usage patterns to improve content and user experience
• Detect, prevent, and address technical issues or fraud
• Process payments and manage subscriptions

4. Subprocessors and Third-Party Services

We rely on a small set of trusted third-party service providers (subprocessors) to operate StackDive. Each subprocessor only receives the data it needs to perform its function, and each has its own privacy policy governing how it handles your data. Our current subprocessors are:

• Stack Auth (authentication and identity management) — receives account identifiers, email, and session tokens.
• Neon (managed PostgreSQL database hosting) — stores your account, enrollments, progress, AI credit ledger, and payment metadata (but never full card numbers).
• Vercel (web hosting, CDN, edge functions, analytics) — processes HTTP requests, IP addresses, and basic usage metrics.
• Stripe (payment processing and subscription billing) — receives billing name, email, and payment method details directly from you; we only store a tokenized reference, not your card number.
• Cloudflare R2 (object storage for uploaded assets) — stores files you upload, such as course media.
• Sentry (error tracking and performance monitoring) — receives stack traces, error metadata, and approximate request context when something breaks.
• OpenAI and Anthropic (AI model providers powering the Kojo tutor, walkthrough AI, and related features) — receive the prompts, code snippets, and course context needed to generate responses.
• Upstash Redis (rate limiting and ephemeral state) — receives IP addresses and request fingerprints for abuse prevention.
• Nodemailer via SMTP provider (transactional email) — receives your email address and the content of service emails we send you.

We will update this list when subprocessors change. Enterprise and organization customers may request advance notice of material subprocessor changes by contacting privacy@stackdive.app.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: Third-party companies listed above that help us operate the platform
• Legal Requirements: When required by law, subpoena, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal profile, enrollments, progress, and AI conversation history within 30 days, except where we are required to retain certain records to comply with law (such as Stripe payment records kept for tax, accounting, and anti-fraud purposes for up to 7 years). Usage analytics and AI interaction logs are retained in anonymized, aggregate form for up to 24 months for product improvement. You may request deletion of your data at any time by contacting privacy@stackdive.app.

7. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage for sensitive data, Content Security Policy headers, and regular security audits. However, no method of electronic storage is 100% secure.

8. Your Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights with respect to your personal data:

• Access (Right to know): request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate or incomplete data
• Erasure: request deletion of your personal data ("right to be forgotten")
• Portability: receive your data in a machine-readable format and transfer it to another service
• Restriction and objection: restrict or object to certain processing activities
• Withdraw consent: withdraw previously given consent at any time, without affecting the lawfulness of prior processing
• Complaint: lodge a complaint with your local supervisory authority

To exercise any of these rights, email privacy@stackdive.app. We will respond within the time required by applicable law (generally 30 days).

9. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights:

• Right to know what personal information we collect, use, disclose, and share about you
• Right to delete personal information we have collected from you (subject to legal exceptions)
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing of your personal information
• Right to limit the use and disclosure of sensitive personal information
• Right to non-discrimination for exercising any of these rights

We do not sell your personal information, and we do not share it with third parties for cross-context behavioral advertising. The only parties that receive your data are the subprocessors listed in Section 4, and they only use it to perform services for us.

To submit a California privacy rights request, email privacy@stackdive.app with the subject line "California Privacy Request" and indicate which right you are exercising. You may designate an authorized agent to make a request on your behalf; we will verify the agent's authority before acting on the request.

10. Cookies and Similar Technologies

We use a small number of cookies and similar technologies, and we keep this list short on purpose:

• Authentication cookies (set by Stack Auth — stack-access, stack-refresh-*, stack-is-https) — keep you signed in across pages. Strictly necessary; the platform does not function without them.
• Session and return-URL cookies (set by StackDive — __stackdive_return_to) — let us return you to the page you were trying to reach after sign-in.
• Payment fraud-prevention cookies (set by Stripe — __stripe_mid, __stripe_sid) — protect against payment fraud on checkout pages.
• Analytics (Vercel Analytics, if enabled) — aggregate, privacy-respecting page views and Web Vitals. No cross-site tracking.
• Error monitoring (Sentry) — collects crash reports and performance traces tied to a short-lived session ID.

We do not use advertising cookies, retargeting pixels, or third-party trackers for advertising. You can control cookie behavior through your browser settings, but disabling strictly necessary cookies will break sign-in.

11. Children's Privacy

StackDive is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy, please contact FAR CNCPT LLC at privacy@stackdive.app.