STACKr← Home

STACKr Privacy Policy

Last updated: May 22, 2026

Quick summary

STACKr is a US-only personal finance service that helps you pay down debt faster. To do that, we need to access information about your bank accounts, debts, and payments. This policy explains what we collect, who we share it with, and the choices you have.

We do not sell your personal information. We do not show you advertising inside STACKr. We share data with specific service providers (listed below) who help us operate the service. You can request a copy of your data, ask us to delete it, or close your account at any time.

If you have questions, email privacy@trystackr.com.

1. Who we are

STACKr is operated by Stackr Inc., a Nevada corporation.

When this policy says "STACKr," "we," "us," or "our," we mean Stackr Inc.

When it says "you" or "your," we mean the individual using the STACKr service through the web app at https://app.trystackr.com or the marketing site at https://trystackr.com.

2. What this policy covers

This policy covers the personal information we collect through the STACKr service. The STACKr service includes our web app, our marketing site, and any related features we offer.

This policy does not cover websites or services operated by other companies, even when we link to them. When you connect a bank account through Plaid, link debts through Method Financial, pay a subscription through Stripe, or click an offer to apply for a financial product through a partner, the company on the other side has its own privacy policy. We encourage you to read those policies.

3. Information we collect

We collect the categories of information described in this section. Each category is something the service genuinely needs to function. We do not collect information just to collect it.

3.1 Account information

When you create a STACKr account, we collect your name, email address, and a password.

We store your password in hashed form (using bcrypt with a cost factor of 10). No one at STACKr — including engineers, support staff, or executives — can read your password. If you forget it, you reset it through an email link.

We may also collect a username if you choose one.

3.2 Bank account information (via Plaid)

To calculate your Safe-to-Pay amount and execute payments, we need to access information about the checking account you connect to STACKr.

We use Plaid Technologies, Inc. to securely link your bank account. When you connect your bank, Plaid asks for your bank login credentials directly — your bank password is never sent to STACKr. Plaid then provides STACKr with:

  • Your bank account name, last four digits of the account number, and balance
  • A transaction history (so we can detect round-up amounts and analyze your cash flow)
  • Bank routing information needed to initiate ACH payments
  • Institution metadata (which bank, which type of account)

We store an encrypted Plaid access token that lets us refresh this information periodically. The token is encrypted at rest in our database.

You can review Plaid's privacy practices at https://plaid.com/legal/.

3.3 Credit account information (via Method Financial)

To discover the debts you owe and route payments to your creditors, we use Method Financial, Inc.

With your explicit consent (which we request as a separate step in onboarding, not buried in this policy or our Terms), Method performs a soft credit inquiry on your behalf. A soft inquiry does not affect your credit score. Method uses its permissible-purpose authority under the Fair Credit Reporting Act to perform this inquiry for the purpose of identifying debts you can pay down through STACKr.

From Method, we receive:

  • Your credit account balances, APRs, minimum payments, and due dates
  • The statement cycle close dates we need to schedule payments
  • Account identifiers Method uses to route ACH payments to your creditors

Method tokens are stored encrypted at rest. You can review Method Financial's privacy practices at https://methodfi.com/privacy.

3.4 Payment information

For every payment STACKr initiates on your behalf, we record:

  • The amount
  • The date and time
  • The source bank account
  • The destination creditor account
  • Whether the payment succeeded or failed

We keep this information to give you an accurate payment history, troubleshoot failures, and meet financial recordkeeping requirements.

3.5 Subscription and billing information

When you subscribe to a STACKr plan, we collect billing information needed to charge your subscription.

For web subscriptions, payment is processed by Stripe, Inc. Stripe collects and stores your full card details — STACKr never sees your full card number. We store a Stripe customer ID, subscription status, trial dates, and a record of charges.

We also store whether you are a Founders Lifetime member and your founder number (if applicable).

3.6 Onboarding questionnaire responses

When you sign up, we ask you a short series of questions about your relationship with money. This includes:

  • How much mental load you feel about your finances (rated 1 to 5)
  • How you feel about debt (stressed, overwhelmed, curious, motivated, or similar)
  • Your money personality preferences
  • An optional short reflection about your future self (up to 500 characters)

This is sensitive personal information. We treat it carefully. We use these answers to personalize tier recommendations and the language you see in your dashboard. We do not sell this information, share it with advertisers, or use it to target you with marketing outside of STACKr.

You can delete this information by deleting your account (see Section 6).

3.7 Device and usage data

Like most web services, we automatically collect:

  • Device type, operating system, and browser
  • IP address (we hash this in some audit logs to reduce identifiability)
  • The pages or screens you visit within STACKr
  • Actions you take in the app (so we can fix errors and improve the product)
  • Crash reports and performance data

We use this information to operate, secure, and improve the service.

3.8 Communications

If you email us, text us, or contact our support team, we keep a record of the communication and our response so we can help you and improve our service.

3.9 Information we do not collect

We do not collect:

  • Your bank account password (Plaid handles authentication directly with your bank)
  • Your full credit card number or CVV (Stripe handles this)
  • Your Social Security Number (unless Method requires it for debt discovery; in that case it goes directly to Method, not STACKr)
  • Biometric information
  • Location data beyond IP-derived approximations
  • Children's information (see Section 10)

4. How we use your information

We use your information to provide and improve STACKr. Specifically:

4.1 To operate the service

  • Calculate your Safe-to-Pay amount each day
  • Execute weekly or biweekly ACH payments to your creditors via Method Financial
  • Detect and process round-up amounts (if you enable round-ups)
  • Allocate windfall amounts you choose to apply (if you use the windfall feature)
  • Recommend a subscription tier
  • Personalize your dashboard
  • Send you payment confirmations, trial reminders, and important account notices

4.2 To power the AI Debt Coach (if you use it)

If you use STACKr's AI Debt Coach feature, we send the following to Anthropic, PBC (the maker of Claude, the AI model that powers the coach):

  • A system prompt describing your debt situation (account names, balances, APRs, payment cadence)
  • The question or message you send to the coach

Anthropic operates the Claude API with zero data retention — meaning Anthropic does not store the prompts or responses after returning them to us. However, your debt context does leave our servers when you use this feature. If you do not want your information sent to Anthropic, do not use the AI Debt Coach.

Coach access and message limits vary by subscription tier.

4.3 To process payments and subscriptions

  • Charge your subscription on the cadence you selected
  • Verify your subscription status on mobile (when we eventually launch native apps)
  • Handle Founders Lifetime Deal purchases as one-time transactions

4.4 To send transactional emails

We use Resend to send:

  • Account verification emails
  • Password reset emails
  • Trial-ending reminders
  • Payment failure alerts
  • Important service notices

These are not marketing emails. You cannot opt out of essential service communications without closing your account.

4.5 To improve the service

  • Diagnose bugs and crashes (using Sentry, with personal information excluded from error payloads)
  • Analyze product usage to improve features (using PostHog)
  • Test new features (A/B testing on a small subset of users)

4.6 To match you with relevant offers

We may show you offers for financial products (balance-transfer credit cards, refinancing options, savings accounts, etc.) that could save you money based on your debts and cash flow.

We may earn a commission if you click an offer and apply. This is called affiliate revenue. We disclose this clearly when offers are shown.

We share the minimum information necessary with affiliate partners to attribute your click. We do not share your bank credentials, your transaction history, or your STACKr account password with affiliate partners.

4.7 To comply with the law

We may use and disclose your information to comply with legal obligations, respond to lawful requests from government authorities, enforce our Terms of Service, and protect STACKr, our users, or others from fraud, abuse, or harm.

5. Who we share information with

We share information only with the parties listed below, and only for the purposes described.

5.1 Service providers (sub-processors)

ProviderWhat they doWhere data goes
Plaid Technologies, Inc.Bank account linking, transaction data, ACH routingUS
Method Financial, Inc.Debt discovery via soft credit inquiry, ACH payment routing to creditorsUS
Stripe, Inc.Web subscription billing, Founders Lifetime Deal processingUS
Anthropic, PBCAI Debt Coach (zero data retention on API)US
ResendTransactional email deliveryUS
SentryError tracking (PII excluded from payloads)US
PostHogProduct analyticsUS
RailwayBackend infrastructure and database hostingUS
VercelWeb app hostingUS
CloudflareDNS, content delivery, marketing site hostingUS

Each provider is contractually required to use your information only to provide services to STACKr.

5.2 Affiliate partners

When you click an offer for a third-party financial product from within STACKr, we may share a limited identifier with the affiliate network so the partner can attribute the click for commission purposes. The third-party financial company will then collect its own information from you through its own application process.

5.3 Legal and safety

We may share information when required by law, court order, or subpoena, or when we believe in good faith that sharing is necessary to protect rights, property, or safety.

5.4 Business transfers

If STACKr is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We would notify you before your information becomes subject to a different privacy policy.

5.5 With your consent

We may share your information for purposes not described above when you give us explicit consent to do so.

5.6 What we do not do

  • We do not sell your personal information to anyone.
  • We do not share your information with data brokers.
  • We do not show you advertising inside STACKr (no ads, no sponsored content in your feed).
  • We do not let advertisers target you based on your STACKr data.

6. How long we keep your information

We keep your information as long as your account is active.

6.1 If you request account deletion

To delete your account, email privacy@trystackr.com from the email address associated with your STACKr account, with the subject line "Account deletion request." We will verify your identity and then:

  • Within 30 days, we permanently delete or anonymize your personal information from our active systems.
  • For up to 7 years, we retain financial transaction records (payment amounts, dates, source and destination) in aggregated or anonymized form to comply with IRS and CFPB recordkeeping requirements.
  • For up to 90 days, encrypted backups may contain your data. We do not restore deleted accounts from backups except in the case of a system disaster recovery event, in which case we re-delete the data immediately.

We will confirm in writing when deletion is complete.

6.2 Information we keep for legal reasons

We may retain information beyond your account deletion if required by law, by a regulatory requirement, or to defend against a legal claim.

7. Your privacy rights

You have rights over your personal information. The specific rights you have depend on where you live.

7.1 Rights available to all STACKr users

Regardless of your state:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can ask us to correct inaccurate information.
  • Deletion: You can ask us to delete your account and information (see Section 6).
  • Export: You can request a portable copy of your information in a common format.

To exercise any of these rights, email privacy@trystackr.com.

7.2 California residents (CCPA / CPRA)

If you live in California, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • The right to know what categories of personal information we collect and how we use them
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information (STACKr does not sell or share your personal information for cross-context behavioral advertising)
  • The right to limit the use of sensitive personal information
  • The right not to be discriminated against for exercising these rights

To exercise California rights, email privacy@trystackr.com with "California privacy request" in the subject line.

7.3 Other state privacy laws

Residents of Colorado, Connecticut, Utah, and Virginia (and any state that adopts a comprehensive privacy law) have similar rights to access, correct, delete, and opt out of certain uses of personal information. Contact us at privacy@trystackr.com to exercise these rights.

7.4 How we verify requests

To protect your information, we may ask you to verify your identity before we act on a request. Typically this means confirming you control the email address on the account.

7.5 Authorized agents

You can authorize someone else to make a request on your behalf. We will require proof of the authorization.

8. Cookies and tracking

STACKr uses cookies and similar technologies to operate the service.

8.1 Cookies we use

  • Essential cookies: A session cookie that keeps you logged in. The service does not function without this.
  • Analytics cookies: PostHog sets a cookie to help us understand how STACKr is used in aggregate. This helps us improve the product.
  • Affiliate attribution: When you click an offer for a third-party financial product, the third-party network may set a cookie to attribute the click. This is how we earn affiliate revenue.
  • Marketing measurement: We may use limited cookies or pixels (such as Meta Pixel or Google Ads conversion tracking) to measure the effectiveness of marketing campaigns. We do not use these to build advertising profiles of you within STACKr.

8.2 Your choices

Most browsers let you block or delete cookies. Blocking essential cookies will prevent STACKr from working.

If you use a "Global Privacy Control" signal in your browser, we treat it as an opt-out request for sale/sharing of personal information (which is already off by default since we do not sell information).

9. Security

We take security seriously because we have to.

9.1 How we protect your information

  • Encryption in transit: All communication between your device and STACKr uses TLS 1.2 or higher.
  • Encryption at rest: Sensitive tokens (including your Plaid and Method tokens) are encrypted at rest in our database.
  • Password hashing: Your password is stored using bcrypt with a cost factor of 10. We cannot read your password.
  • Account lockout: After 5 failed login attempts, your account is temporarily locked for 15 minutes to prevent brute-force attacks.
  • Rate limiting: We rate-limit authentication and other sensitive endpoints by IP address.
  • Audit logging: We log sensitive actions (with hashed IP addresses) so we can detect and investigate suspicious activity.
  • Infrastructure: We host data with reputable US-based providers who maintain industry-standard security practices.

9.2 What you can do

  • Use a strong, unique password for STACKr.
  • Do not share your password with anyone.
  • Keep your email account secure (since email is how you reset your STACKr password).
  • Log out when using a shared device.

9.3 In the event of a breach

If we discover a data breach affecting your information, we will notify you and applicable regulators as required by law.

10. Children

STACKr is not directed to anyone under 18.

We do not knowingly collect personal information from children under 13 (under the Children's Online Privacy Protection Act, COPPA), and we do not knowingly collect personal information from anyone under 18 generally.

If you believe a minor has provided personal information to STACKr, please contact us at privacy@trystackr.com and we will delete it.

11. International users

STACKr is currently available only to residents of the United States.

The service is not offered to, and is not intended for, residents of the European Economic Area, the United Kingdom, Canada, or any other country outside the United States. If you are not a US resident, please do not use STACKr.

If we expand internationally in the future, we will publish separate region-specific privacy documents (such as a GDPR-compliant policy for European users) before offering the service to residents of those regions.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top.

Your continued use of STACKr after a change takes effect means you accept the updated policy. If you do not agree with a change, you may delete your account before it takes effect.

13. How to contact us

For privacy questions, requests, or concerns:

Email: privacy@trystackr.com
Subject line: "Privacy request" (or "California privacy request" for CCPA matters, "Account deletion request" for deletion)

Mailing address:
Stackr Inc.
Attn: Privacy
1913 Ranch Road 620 S, Suite 102
Lakeway, TX 78734

We will respond to most requests within 30 days. For complex requests, we may take up to 45 days and will let you know.