Adastack Logo

Privacy Policy

Last updated: October 27, 2025

Introduction

Welcome to Adastack ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Cardano ecosystem directory services.

By accessing or using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Information You Provide

  • Account Information: Name, email address, and profile information when you create an account
  • Project Submissions: Information about DApps, tools, or services you submit to our directory
  • Communications: Messages, feedback, or support requests you send to us
  • Payment Information: Billing details for premium features (processed securely through Stripe)
  • Public Research Data: Information we collect from publicly available sources (project websites, social media, documentation, GitHub repositories) to enhance and complete directory listings

Information Automatically Collected

  • Anonymized Usage Data: Pages visited, time spent, and general traffic patterns (collected via Plausible Analytics - no personal data or cookies)
  • Device Information: Browser type, operating system, and device type (anonymized, no IP addresses stored)
  • Authentication Cookies: Session management for logged-in users only (no analytics or tracking cookies)
  • Log Data: Server logs for security and error monitoring (no personal identifiers retained)

✓ Privacy-First Analytics

We use Plausible Analytics, a privacy-focused, cookie-less analytics service that does NOT collect any personal data, IP addresses, or use cookies. All analytics data is fully anonymized and aggregated. No consent banner is required as no personal information is tracked.

How We Use Your Information

  • Provide, maintain, and improve our directory services
  • Process and display project submissions
  • Send important updates, security alerts, and service announcements
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to enhance user experience
  • Prevent fraud, abuse, and ensure platform security
  • Comply with legal obligations and protect our rights
  • Send newsletters and promotional content (with your consent)

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Public Directory: Project information you submit may be publicly displayed in our directory
  • Service Providers: Third-party services that help us operate (analytics, email, payments)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Consent: With your explicit permission for specific purposes

Third-Party Services

We use the following trusted third-party services to provide our platform. Each service has been selected with your privacy in mind:

  • Analytics: Plausible Analytics (EU-hosted, cookie-less, no personal data collected) - Privacy Policy
  • Email Delivery: Resend for transactional emails and newsletters - Privacy Policy
  • Authentication: Google and GitHub OAuth for secure login (authentication only, not used for tracking)
  • Payment Processing: Stripe for secure payment handling (PCI-DSS compliant) - Privacy Policy
  • Content Management: Sanity CMS for content storage and management - Privacy Policy
  • Hosting & Deployment: Vercel for website hosting and infrastructure - Privacy Policy

We encourage you to review the privacy policies of these services to understand how they handle your information. We only share the minimum necessary data with each service to provide functionality.

Cookies and Tracking

We have a minimal cookie policy focused on essential functionality only:

Cookies We Use (Essential Only)

  • Authentication Cookies: Session management for logged-in users (NextAuth) - required for account functionality
  • Security Cookies: CSRF protection and secure authentication flows

What We DON'T Use Cookies For

  • Analytics or Tracking: Our analytics (Plausible) are completely cookie-less
  • Advertising or Marketing: We do not use any advertising cookies
  • Cross-Site Tracking: We do not track you across other websites
  • Third-Party Cookies: Only first-party cookies for essential functions

✓ No Cookie Consent Banner Required

Since we only use essential authentication cookies and our analytics are cookie-less, we do not require a cookie consent banner under GDPR/CCPA regulations. Your privacy is protected by design.

You can control essential cookies through your browser settings. However, disabling authentication cookies will prevent you from logging into your account.

Data Security

We implement appropriate security measures to protect your information:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and updates
  • Limited access to personal information on a need-to-know basis
  • Secure third-party integrations and API calls

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any significant data breaches.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request your data in a portable format
  • Opt-out: Unsubscribe from marketing communications at any time
  • Restriction: Request limitation of processing in certain circumstances

To exercise these rights, please contact us at contact@adastack.io. We will respond to your request within 30 days.

Data Retention

We retain different types of data for specific periods based on legal requirements and business needs:

  • Account Data: Retained until you request account deletion or 2 years of inactivity
  • Analytics Data: Aggregated and anonymized data retained indefinitely (no personal identifiers)
  • Payment Records: Retained for 7 years to comply with tax and accounting regulations
  • Session Data: Automatically deleted upon logout or after 30 days of inactivity
  • Communication Logs: Retained for 1 year for customer support and quality purposes
  • Security Logs: Retained for 90 days for fraud prevention and security monitoring

You may request deletion of your personal information at any time. We will comply within 30 days, subject to legal retention requirements.

International Data Transfers

We have designed our infrastructure with data privacy in mind:

  • Analytics Data (Plausible): Remains exclusively in the EU (Germany) - never transferred to the US. Fully compliant with GDPR without additional safeguards needed.
  • Application Data: Hosted primarily in the US via Vercel. We use Standard Contractual Clauses (SCCs) and ensure GDPR-compliant data processing agreements.
  • Payment Data (Stripe): Processed according to Stripe's global data protection standards with appropriate safeguards for international transfers.
  • Content Data (Sanity CMS): Stored in accordance with Sanity's data processing terms and regional compliance.

If you are located in the European Economic Area (EEA), UK, or Switzerland, we ensure that appropriate safeguards are in place for any data transferred outside these regions, including Standard Contractual Clauses approved by the European Commission.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@adastack.io

Response Time: We aim to respond within 48 hours for general inquiries, 30 days for GDPR requests, 45 days for CCPA requests

Note: This service is operated from the United States. EU users may request additional data controller information by contacting us.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information
  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment

Do Not Sell or Share My Personal Information

We do NOT sell or share your personal information for advertising or marketing purposes. We do not engage in the sale of personal data as defined by the CCPA.

Categories of Personal Information

We collect the following categories of personal information under CCPA:

  • Identifiers: Name, email address (when you create an account)
  • Commercial Information: Payment and transaction records (via Stripe)
  • Internet Activity: Anonymized browsing patterns (cookie-less analytics via Plausible)
  • Professional Information: Project submissions and business details (if provided)

To exercise your CCPA rights, please contact us at contact@adastack.io. We will respond to verifiable requests within 45 days.

GDPR, CCPA & Privacy Compliance

This Privacy Policy is designed to comply with applicable privacy laws including:

  • GDPR (General Data Protection Regulation) - EU and UK
  • CCPA (California Consumer Privacy Act) - California, USA
  • PECR (Privacy and Electronic Communications Regulations) - UK
  • Other Regional Privacy Laws: We strive to comply with applicable privacy regulations worldwide

We are committed to maintaining the highest standards of data protection and privacy. Our use of privacy-first tools like Plausible Analytics demonstrates our commitment to protecting your privacy by design.