Privacy Policy

Last Updated: April 20, 2026

Effective Date: April 20, 2026

SingleStack (“SingleStack,” “we,” “us,” or “our”) is a business operations platform operated by SingleStackOps LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, API, MCP integrations, and related services (collectively, the “Service”).

By using SingleStack, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

When you create a SingleStack account, we collect:

• Business name
• Email address
• Password (encrypted, never stored in plaintext)
• Industry and business type
• Business size and revenue range
• Selected service modules (“Stacks”)

1.2 Business Data You Provide

Through your use of the Service, you may provide:

• Customer/Contact Data: Names, email addresses, phone numbers, company names, communication history, and customer relationship details stored within your CRM and contact management tools
• Financial Data: Invoice details, expense records, budget information, payment amounts, and tax-related data entered into your finance tools
• Marketing Content: Social media posts, email campaigns, blog content, landing pages, images, and other marketing materials created or managed through the platform
• Sales Data: Lead information, pipeline stages, proposals, quotes, deal values, and sales communications
• Service Data: Support tickets, customer conversations, knowledge base articles, satisfaction ratings, and service interaction records
• HR Data: Job postings, candidate information, employee records, handbook content, performance reviews, and compliance documents
• Operations Data: Projects, tasks, SOPs, workflow configurations, and automation rules
• Creator Content: Courses, webinars, website pages, community posts, and digital products
• Product/Service Catalog: Your business offerings, pricing, descriptions, and target customer information

1.3 Automatically Collected Information

When you access the Service, we automatically collect:

• Device information (browser type, operating system, device identifiers)
• IP address and approximate location
• Usage data (features accessed, actions taken, timestamps)
• Performance data (page load times, errors encountered)
• Authentication tokens and session data

1.4 Information from Third-Party Integrations

When you connect third-party platforms, we may receive:

• Social Media Platforms (LinkedIn, X/Twitter, Facebook, Instagram, TikTok, YouTube): Account identifiers, posting permissions, and engagement metrics. We store encrypted OAuth access tokens and refresh tokens to maintain your connections.
• Payment Processors (Stripe, PayPal): Transaction confirmations, payment status, and customer payment identifiers. We do NOT store credit card numbers, bank account numbers, or full payment credentials.
• Communication Platforms: Email delivery status, open rates, and engagement data from email campaigns sent through the platform.

1.5 AI-Generated Content

Our AI employees generate content on your behalf, including:

• Social media post drafts
• Email copy and templates
• Blog posts and marketing materials
• Customer service response drafts
• Financial summaries and reports
• Course content and educational materials
• Website page content
• Quality scores and coaching recommendations
• Business insights and recommendations

This AI-generated content is created for your account and is treated as your business data under this policy.

2. How We Use Your Information

2.1 Core Service Delivery

We use your information to:

• Provide and maintain the SingleStack platform
• Configure AI employees based on your business profile and industry
• Generate, schedule, and publish content on your behalf across connected platforms
• Process and manage your business operations (sales pipelines, support tickets, invoicing, etc.)
• Provide AI-powered insights, recommendations, and quality scoring
• Execute automated workflows and scheduled tasks you configure
• Maintain your persistent memory and context across sessions

2.2 AI and Machine Learning Processing

SingleStack uses artificial intelligence to power its core functionality. Your data is processed by:

• Anthropic (Claude): Content generation, customer service drafts, complex reasoning, cross-department intelligence, and code generation
• Google (Gemini): Content drafts, image generation, intent classification, structured data analysis, quality scoring, and bulk processing tasks
• OpenAI (GPT, DALL-E, Whisper): Content refinement, image generation, transcription, and fallback processing

Important: When your data is sent to these AI providers for processing:

• It is sent via secure, encrypted API connections
• It is used solely to generate responses for your account
• Per these providers' API terms of service, data sent via API is NOT used to train their models
• We select the most appropriate AI model for each task based on quality requirements and cost efficiency
• We do not send your data to AI providers for any purpose other than delivering the Service to you

2.3 Platform Intelligence

Our platform intelligence system (Amber) uses your data to:

• Configure employee settings based on your industry and business profile during onboarding
• Detect cross-department patterns that require coordination between AI employees
• Generate smart suggestions for features and optimizations
• Monitor platform health and employee performance
• Progressively unlock features based on your usage and comfort level
• Track automation confidence levels and suggest autonomy upgrades

2.4 Communication

We may use your email address to:

• Send service-related notifications (approvals needed, errors, system updates)
• Deliver account security alerts
• Provide onboarding guidance and feature tips
• Send billing and subscription communications

We will NOT send unsolicited marketing emails. You may opt out of non-essential communications at any time through your account settings.

2.5 Service Improvement

We use aggregated, anonymized usage data to:

• Improve AI model selection and routing efficiency
• Optimize platform performance and reliability
• Identify and fix bugs and errors
• Develop new features based on usage patterns

We do NOT use your individual business data, customer data, or content to train AI models or improve our service for other customers.

3. Multi-Tenant Data Isolation

SingleStack operates a multi-tenant architecture. Your data is isolated from all other customers through:

• Tenant-scoped data storage: All data is stored under your unique tenant identifier. Database queries are scoped to your tenant and cannot access another tenant's data.
• Encrypted credentials: All third-party OAuth tokens and API credentials are encrypted at rest using AES-256-GCM encryption with unique initialization vectors per credential.
• Isolated AI context: AI conversations and memory are scoped to your tenant. AI employees do not share context, memories, or learned patterns between tenants.
• Role-based access: Platform administrators, AI employees, and integrations operate within the permissions boundaries of your tenant only.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share data with third-party providers solely to deliver the Service:

4.2 When We May Disclose Your Information

We may disclose your information in the following circumstances:

• With your consent: When you explicitly authorize disclosure
• Legal compliance: When required by law, subpoena, court order, or governmental regulation
• Safety and rights protection: To protect the rights, property, or safety of SingleStack, our users, or others
• Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users
• Aggregated data: We may share anonymized, aggregated statistics that cannot identify you or your business

4.3 What We Never Do

• We NEVER sell your personal information or business data to third parties
• We NEVER share your data with other SingleStack customers
• We NEVER use your content to train AI models for other customers' benefit
• We NEVER provide your customer's data to advertisers or data brokers
• We NEVER access your connected social media accounts for any purpose other than executing actions you authorize

5. Data Retention

5.1 Active Account Data

While your account is active, we retain all data necessary to provide the Service, including:

• Account and business profile information
• All content created by or through AI employees
• Customer/contact records and interaction history
• Financial records and transaction history
• Conversation history and AI memory
• Audit logs and activity records

5.2 Deleted Data

When you delete specific data (contacts, posts, records):

• The data is marked for deletion and removed from active views immediately
• Permanent deletion from all storage systems occurs within 30 days
• Backup copies are purged within 90 days

5.3 Account Termination

When you close your SingleStack account:

• All business data is permanently deleted within 30 days of account closure
• Encrypted OAuth tokens for connected platforms are revoked and deleted immediately
• AI memory and conversation history are purged
• Anonymized, aggregated usage statistics may be retained for service improvement
• We will provide a data export option before account deletion upon request

5.4 Legal Retention

Certain records may be retained longer when required by law (e.g., financial transaction records, tax-related data) or when necessary to resolve disputes.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.2+ encryption
• Encryption at Rest: All data stored in our database is encrypted at rest. Third-party OAuth tokens use additional AES-256-GCM encryption with unique initialization vectors
• Authentication: Firebase Authentication with secure password hashing, session management, and optional multi-factor authentication
• Access Controls: Tenant-scoped database rules prevent cross-tenant data access. API endpoints validate tenant ownership on every request
• Infrastructure Security: Hosted on Google Cloud Platform with SOC 1/2/3, ISO 27001, and GDPR compliance certifications
• Input Sanitization: All user input and external content is sanitized to prevent injection attacks, XSS, and prompt injection before processing
• Monitoring: Automated health monitoring, error detection, and anomaly alerts
• Secure Credential Storage: Third-party API keys and tokens are stored encrypted and never exposed in client-side code or logs

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 All Users

You have the right to:

• Access: Request a copy of all data we hold about you and your business
• Correction: Update or correct inaccurate information in your account
• Deletion: Request deletion of your account and associated data
• Export: Request a machine-readable export of your data
• Disconnect: Revoke any third-party integration at any time through your account settings
• Autonomy Control: Set each AI employee to Manual, Guided, or Autopilot mode, controlling what actions require your approval
• Opt Out: Opt out of non-essential communications

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at the address listed in Section 12.

7.3 European Economic Area Residents (GDPR)

If you are located in the EEA, our legal bases for processing your data are:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interest: Service improvement, security, and fraud prevention
• Consent: Where you have explicitly opted in (e.g., connecting third-party platforms)

You additionally have the right to:

• Data portability
• Restriction of processing
• Object to processing based on legitimate interest
• Lodge a complaint with your local supervisory authority

7.4 Your Customers' Data

If you use SingleStack to manage your own customers' data (contacts, leads, support tickets), you are the data controller for that data. SingleStack acts as a data processor on your behalf. You are responsible for:

• Obtaining appropriate consent from your customers for data collection and processing
• Responding to your customers' data access and deletion requests
• Complying with applicable privacy laws regarding your customers' data
• Configuring AI autonomy levels appropriately for customer-facing actions

We will assist you in fulfilling data subject requests related to your customers' data upon request.

8. AI Transparency and Automated Decision-Making

8.1 AI-Powered Features

SingleStack uses AI extensively. Key disclosures:

• Content Generation: AI employees draft content (social posts, emails, service responses) based on your business profile, industry, and instructions. All customer-facing content passes through approval workflows unless you enable Autopilot mode.
• Quality Scoring: AI evaluates the quality of employee interactions across defined rubrics (opening, discovery, resolution, follow-up). These scores are advisory and designed to improve service quality.
• Recommendations: AI generates suggestions for features, automations, and optimizations. These are suggestions only — you decide what to implement.
• Intent Classification: AI classifies incoming requests to route them to the appropriate employee or workflow. This is an internal routing mechanism, not a decision affecting your rights.
• Lead Scoring and Customer Insights: AI analyzes customer data to suggest priority levels, personality types, and engagement strategies. These are advisory tools to assist your decision-making.

8.2 Human Oversight

• All AI employees operate under configurable autonomy levels (Manual, Guided, Autopilot)
• In Manual and Guided modes, no customer-facing action is taken without your approval
• You can review, edit, or reject any AI-generated content before it is published or sent
• Quality scoring includes calibration features allowing you to compare and adjust AI assessments against your own judgment

8.3 AI Model Providers

We use multiple AI providers and select models based on task requirements:

• Anthropic (Claude family): Primary provider for content quality, customer service, and complex reasoning
• Google (Gemini family): Used for high-volume tasks, image generation, classification, and structured analysis
• OpenAI (GPT family): Used for content refinement, image generation, transcription, and as a fallback provider

All providers are bound by their respective API terms of service, which prohibit using API-submitted data for model training. We maintain a multi-provider architecture so that no single provider outage disrupts your operations.

9. Cookies and Tracking

9.1 Essential Cookies

We use essential cookies for:

• Authentication and session management
• Security (CSRF protection)
• User preferences (selected stacks, dashboard layout)

9.2 Analytics

We may use privacy-respecting analytics to understand platform usage patterns. We do not use third-party advertising trackers, and we do not serve ads on the platform.

9.3 Third-Party Cookies

Connected third-party platforms (LinkedIn, X/Twitter, etc.) may set their own cookies when you authenticate through their OAuth flows. These are governed by those platforms' respective privacy policies.

10. Children's Privacy

SingleStack is a business operations platform designed for business owners and professionals. We do not knowingly collect personal information from anyone under the age of 16. If we become aware that we have collected data from a child under 16, we will delete that information promptly.

11. MCP and Plugin Integrations

11.1 Model Context Protocol (MCP) Connections

SingleStack may be accessed through MCP integrations with LLM platforms (such as Anthropic's Claude, OpenAI's ChatGPT, or Google's Gemini). When accessed via MCP:

• The host LLM platform may process your prompts under their own privacy policy
• SingleStack receives only the tool calls and parameters necessary to execute your requested action
• SingleStack does not receive or store the full conversation history from the host platform
• Your SingleStack data is not shared with the host platform beyond the specific tool call responses

11.2 OAuth and API Access

When third-party platforms or MCP integrations connect to SingleStack:

• Authentication is handled via OAuth 2.0 with scoped permissions
• Access tokens are short-lived and automatically refreshed
• You can revoke any integration's access at any time
• All API requests are authenticated, rate-limited, and logged

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern:

SingleStackOps LLC
Privacy Requests: privacy@singlestackops.com
General Support: support@singlestackops.com
Website: singlestackops.com

We will respond to all privacy-related requests within 30 days.

See also our Terms of Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the “Last Updated” date at the top of this policy
• We will notify active users via email or in-platform notification
• Continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.