Privacy Policy

Last updated: June 13, 2026

StackBridge (“StackBridge,” “we,” “us”) is a control plane that connects your tools and APIs to AI agents with permissions, approvals, and an audit trail. This policy explains what we collect, how we use it, and the choices you have. It is written to be read by a human, not just a lawyer.

What we collect

• Account data — your email address and a salted, hashed password (we never store your password in plaintext).
• Workspace content — the tools you create, their descriptions and configuration, and the call logs they generate.
• Credentials you add — API keys and OAuth tokens you connect, stored encrypted at rest with AES-256-GCM. They are decrypted only in memory at the moment a tool runs, and are never returned to the browser or written to logs.
• Operational metadata — timestamps, status codes, and durations of tool calls. Secret values are redacted before anything is logged.

How we use it

We use your data only to operate the service: to authenticate you, run the tools you build, enforce your approval policies, and show you logs and quality reports. We do not sell your data, and we do not use the contents of your tools or credentials for advertising.

Subprocessors

We rely on a small set of providers to run the service:

• Neon — managed Postgres database (stores your account and encrypted workspace data).
• Vercel — application hosting and serverless execution.
• Anthropic — powers AI features (the connector compiler and the built-in assistant) when you use them. If you supply your own AI key, calls bill to your account.
• The services you connect — when a tool runs, the request goes directly to the third-party API you configured (e.g. GitHub, Notion, Slack, Google), authenticated with your own credentials. Those providers’ privacy policies govern that data.

Your keys, your control

StackBridge is built around bring-your-own-keys. The API keys and OAuth tokens you connect are used solely to make the calls you configure, under the approval rules you set. You can remove a key or disconnect an account at any time in Settings.

Cookies

We use a single httpOnly session cookie to keep you signed in, and a short-lived cookie during the OAuth connect flow. We do not use third-party advertising or tracking cookies.

Retention & deletion

We keep your data while your account is active. You can delete tools, keys, and connections yourself; to delete your account and associated workspace data, contact us and we will remove it within a reasonable period, subject to any legal retention obligations.

Children

StackBridge is not directed to children under 16 and is intended for business use.

Changes

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above.

Contact

Questions or requests: support@sb.nxyz.art (replace with your monitored support address before launch).