Privacy Policy

Last updated: 2 June 2026

This policy explains what personal data StackSift collects, why we collect it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR). It is written to satisfy the information requirements of GDPR Article 13.

1. Who we are

StackSift is an AI-powered log-analysis and SRE platform. For questions about this policy or to exercise any of your rights, contact us at dardan.ternava@gjirafa.com.

2. Controller vs. processor

For your account data (your email, name, billing details, and audit trail), StackSift is the controller and decides why and how it is processed.

For the log data you send us — the contents of your log entries and any context fed into an AI analysis — StackSift is a processor acting on your instructions under GDPR Article 28. You are the controller of any personal data your logs may contain about your own end-users. We do not redact log content server-side by default; controlling what your applications log is your responsibility. We provide guidance and a sample redaction enricher to help.

3. Account data we collect

The following data is collected when you create an account, join a team, or subscribe to a paid plan.

Email address

Purpose: Identity, sign-in, billing receipts, service notifications
Legal basis: Contract
Retention: Until account deletion

Display name

Purpose: Personalising the in-app UI
Legal basis: Contract
Retention: Until account deletion

Authentication credentials (password)

Purpose: Authenticating you to the platform
Legal basis: Contract
Retention: Until account deletion (stored Argon2-hashed in Keycloak)

Last login IP address

Purpose: Abuse and fraud detection
Legal basis: Legitimate interests
Retention: 90 days (rolling)

Invitation email address

Purpose: Delivering a pending team invitation
Legal basis: Legitimate interests
Retention: Until accepted, or 30 days

Audit log (actor email + IP)

Purpose: Security audit trail and forensics
Legal basis: Legal obligation / legitimate interests
Retention: 365 days, then actor identifiers are anonymised

Billing identifiers (Stripe customer + subscription)

Purpose: Subscription billing and reconciliation
Legal basis: Contract / legal obligation
Retention: 7 years (statutory accounting requirement)

Log-source API key (hashed)

Purpose: Authenticating log ingestion
Legal basis: Contract
Retention: Until the log source is deleted (HMAC-SHA256, never stored in clear)

Data	Purpose	Legal basis	Retention
Email address	Identity, sign-in, billing receipts, service notifications	Contract	Until account deletion
Display name	Personalising the in-app UI	Contract	Until account deletion
Authentication credentials (password)	Authenticating you to the platform	Contract	Until account deletion (stored Argon2-hashed in Keycloak)
Last login IP address	Abuse and fraud detection	Legitimate interests	90 days (rolling)
Invitation email address	Delivering a pending team invitation	Legitimate interests	Until accepted, or 30 days
Audit log (actor email + IP)	Security audit trail and forensics	Legal obligation / legitimate interests	365 days, then actor identifiers are anonymised
Billing identifiers (Stripe customer + subscription)	Subscription billing and reconciliation	Contract / legal obligation	7 years (statutory accounting requirement)
Log-source API key (hashed)	Authenticating log ingestion	Contract	Until the log source is deleted (HMAC-SHA256, never stored in clear)

4. Log data processed on your behalf

Log entries are indexed in Elasticsearch hosted on Hetzner (EU, Germany), isolated per organisation. AI analyses send a relevant slice of your log context to OpenAI for embedding and completion (see international transfers below).

Log entry content (message + metadata)

Purpose: Core product function — search, alerting, incident analysis
Legal basis: Processed on your behalf (Art. 28 processor)
Retention: Per plan tier — 3 days (Free), 30 days (Indie), 90 days (Team)

AI-analysis input context

Purpose: Generating root-cause analyses (RAG embeddings + completion)
Legal basis: Processed on your behalf (Art. 28 processor)
Retention: Retained while your organisation is active

Data	Purpose	Legal basis	Retention
Log entry content (message + metadata)	Core product function — search, alerting, incident analysis	Processed on your behalf (Art. 28 processor)	Per plan tier — 3 days (Free), 30 days (Indie), 90 days (Team)
AI-analysis input context	Generating root-cause analyses (RAG embeddings + completion)	Processed on your behalf (Art. 28 processor)	Retained while your organisation is active

5. Subprocessors

We rely on the following third-party processors to operate the service. This list is kept consistent with our subprocessors page.

Vercel

Purpose: Marketing site hosting (stacksift.io)
Region: Global edge

Hetzner Cloud

Purpose: Application + database + log indexing
Region: EU (Falkenstein, Germany)

OpenAI

Purpose: Embeddings (text-embedding-3-small) and chat completion (gpt-4o-mini) for AI root-cause analyses
Region: US

Stripe

Purpose: Subscription billing, payment processing, hosted customer portal. Card data never reaches StackSift servers.
Region: US (with EU data-residency option)

Plausible

Purpose: Privacy-friendly site analytics (self-hosted at plausible.stacksift.io)
Region: EU

Service	Purpose	Region
Vercel	Marketing site hosting (stacksift.io)	Global edge
Hetzner Cloud	Application + database + log indexing	EU (Falkenstein, Germany)
OpenAI	Embeddings (text-embedding-3-small) and chat completion (gpt-4o-mini) for AI root-cause analyses	US
Stripe	Subscription billing, payment processing, hosted customer portal. Card data never reaches StackSift servers.	US (with EU data-residency option)
Plausible	Privacy-friendly site analytics (self-hosted at plausible.stacksift.io)	EU

6. International data transfers

Your account data and log indices are stored in the EU (Hetzner, Germany). AI root-cause analysis sends log context to OpenAI in the United States. That transfer is governed by the EU Standard Contractual Clauses (SCCs). Stripe processes billing data in the US with an EU data-residency option. We use no other transfer outside the EEA.

7. How long we keep data

Retention periods are listed in the tables above. Log retention follows your plan tier (3 / 30 / 90 days). Two categories are subject to a regulatory floor that overrides account deletion: audit events are kept for 365 days and Stripe billing records for 7 years. When you delete your account, those rows are retained for the floor period but the actor identifiers are anonymised.

8. Security

All data is encrypted in transit (TLS) and at rest. Passwords are stored Argon2-hashed by Keycloak; log-source API keys are stored as HMAC-SHA256 hashes with a server-side pepper and are never logged. Access is gated behind authenticated, per-organisation API calls.

9. Your rights

Under the GDPR you have the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — delete your account and associated data (subject to the legal retention floors below).
Portability — export your data in a machine-readable format.
Restriction — ask us to limit how we process your data.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing relies on consent, withdraw it at any time.
Complaint — lodge a complaint with your local supervisory authority.

You can exercise access, portability, and erasure directly from your account settings: request a data export, or delete your account. Account deletion starts a 30-day grace period (during which you can restore the account with a one-time token); after the grace period your organisation data is permanently removed, except the regulatory-floor records described in section 7.

10. Cookies and analytics

The marketing site uses no advertising or cross-site tracking cookies, so no consent banner is required. When site analytics are enabled we use Plausible, a privacy-friendly, cookieless analytics tool that collects only aggregate, non-identifying metrics and sets no cookies. The application itself uses a single strictly-necessary, HTTP-only session cookie to keep you signed in.

11. Changes

We will update this policy as the service evolves and revise the “last updated” date above. Material changes will be communicated in-app or by email.

← Back to home