ConfigStack

Privacy Policy

1. Introduction

ConfigStack ("we", "us") provides a platform to create, version and securely share environment configuration ("Stacks").

2. Information We Collect

  • Account data: email address and password hash.
  • Project and Stack data: project names, stack names, variable keys, and encrypted secret values.
  • Usage data: basic analytics events (page views and key interactions).
  • Technical data for security: IP address and User-Agent may be recorded in audit logs for security events (e.g., Stack Link access).

3. How We Use Information

  • Provide and operate the service (authentication, storage, exports).
  • Secure the platform (abuse prevention, audit logging).
  • Improve product usability (analytics and performance).

4. How We Store Data

  • Secret values are encrypted at rest using AES-256-GCM prior to database storage.
  • Passwords are stored as secure hashes (never plaintext).
  • Access to data is restricted to authenticated users and enforced by server-side authorization checks.

5. Stack Links and Shared Access

ConfigStack allows users to generate public "Stack Links" for sharing configuration data. By default:

  • Secret values are masked.
  • Downloads are disabled.
  • Links may expire automatically.

If a user enables downloads for a Stack Link, the link may allow downloading decrypted secret values in .env or JSON format. Users are solely responsible for choosing whether to enable downloads, sharing links securely, and managing expiration/revocation.

6. Third-Party Services

  • Plausible Analytics (privacy-friendly analytics).
  • Hosting and infrastructure providers required to run the service.

7. Data Retention

We retain data for as long as your account is active. You may delete your account to remove associated data, subject to backup retention policies.

8. Your Rights (UK GDPR & EU GDPR)

If you are located in the United Kingdom or the European Economic Area, you have rights under applicable data protection law:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object

You may exercise these rights by contacting: support@configstack.dev. We process personal data on the following legal bases:

  • Performance of a contract (providing the service)
  • Legitimate interests (improving and securing the platform)
  • Legal obligations where applicable

9. Contact

support@configstack.dev

Last updated: 1 March 2026

Back to home · Terms of Service · Acceptable Use · Security