LEGAL

Privacy Policy

Last updated: June 2025

This policy applies to the StackBuddy web application at stackbuddy.io and the StackBuddy Chrome Extension.

1. Who We Are

StackBuddy is a scheduling and publishing tool for Substack creators. It is operated by the StackBuddy team. If you have any questions about this policy, please contact us at privacy@stackbuddy.io.

2. Data We Collect

Account Information

When you create an account we collect your email address and a securely hashed password. We also store the role assigned to your account (e.g. Pro, Expert).

Substack Profile Data

To connect your Substack account you provide your Substack handle, publication URL, and profile ID. We may also store your subscriber count when it is retrieved to display analytics.

Notes & Content

We store the Substack Notes you create or schedule in StackBuddy, including their text, attachments, and scheduled publish time. We also store notes synced from your Substack profile via the Chrome extension (see section 4), including text, author handle, and engagement metrics (likes, restacks, comments).

Writer Profile

If you use the AI generation features, we store your writer profile – a description of your writing voice and style that you create in the app – to generate notes in your voice.

Payment & Subscription

Payments are processed by LemonSqueezy. We do not store your card or banking details. We store your subscription status and plan (e.g. Pro, Expert) to gate features.

Technical & Usage Data

We collect basic server-side logs for error tracking and performance monitoring. The Chrome extension periodically sends a lightweight heartbeat containing the extension version number and a truncated browser user-agent string (max 256 characters). This is used solely to monitor extension health and compatibility – no browsing history or personal data is included.

3. How We Use Your Data

To operate the scheduling and automated publishing service
To sync your Substack notes to your StackBuddy dashboard
To generate AI-powered note suggestions using your writer profile via OpenAI
To process your subscription and manage feature access
To send transactional emails (e.g. password reset, billing)
To monitor and improve the reliability of the Chrome extension
To detect and prevent abuse

We do not use your data for advertising, profiling, or any purpose unrelated to providing the StackBuddy service.

4. Chrome Extension – Detailed Disclosure

The StackBuddy Chrome Extension interacts with Substack on your behalf. Here is exactly what it does and why:

Permission	Why it is needed
storage	Saves your settings locally in the browser (StackBuddy server URL and publishing check interval) so they persist across browser sessions.
activeTab	Opens a Substack tab when needed to publish scheduled notes or fetch your existing notes for syncing.
scripting	Injects scripts into Substack pages to programmatically create and publish your scheduled Notes, and to read your existing notes for syncing to your StackBuddy dashboard.
alarms	Schedules background tasks: publishing checks (configurable interval), notes sync (every 6 hours), and heartbeat pings (every 2 minutes) to keep the extension responsive.
Host permissions (stackbuddy.io, substack.com)	stackbuddy.io – to retrieve your scheduled notes and report publish results to the API. substack.com – to publish notes and read your existing notes on your behalf.

The extension does not use remote code. All JavaScript is bundled within the extension package. It does not read, store, or transmit your Substack session cookies. Your active Substack login is used natively by the browser to authenticate API calls, exactly as a normal browser tab would.

The note content the extension reads from Substack is sent to your StackBuddy account on stackbuddy.io and is used only to populate your notes dashboard and analytics. It is not used for any other purpose and is not shared with third parties.

5. Third-Party Services

We use the following third-party providers to operate StackBuddy:

OpenAI – AI note generation. Your writer profile and note text may be sent to the OpenAI API to generate suggestions. OpenAI's privacy policy applies.
LemonSqueezy – payment processing. Card data is handled entirely by LemonSqueezy and is never stored on our servers.
Microsoft Azure – cloud hosting and file storage for the StackBuddy platform.
Postmark / SMTP – transactional email delivery (e.g. password reset).

We do not sell, rent, or trade your personal data with any third parties outside the above service providers.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes (e.g. payment records).

7. Your Rights

Depending on your location you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your account and all associated data
Export your data in a portable format
Object to certain processing activities

To exercise any of these rights, please contact us at privacy@stackbuddy.io.

8. Security

All data is transmitted over HTTPS. Passwords are hashed using ASP.NET Core Identity's built-in secure hashing. We apply role-based access control so users can only access their own data. We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

9. Cookies

We use an authentication cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. The Chrome extension uses the browser's chrome.storage.local API (not browser cookies) to store settings.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes we will notify you by email or via an in-app notice.

Questions?

If you have any questions about this Privacy Policy or how we handle your data, please get in touch.

hello@stackbuddy.io