Privacy Policy

Your privacy matters. Here is exactly how we handle your data — in plain English.

Last updated: February 24, 2026

Introduction

STOA Tools ("we," "our," or "us") is operated by STOA Agency. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at tools.stoa.agency and related services (collectively, the "Service").

We are committed to being transparent about your data. We wrote this policy in simple language so you can actually understand it. If you have questions, reach out to us through our contact page.

What We Collect

We collect information in a few different ways:

Information You Give Us

Account information: When you sign up, we collect your email address, name, and password. During onboarding, we may collect your business type, team size, industry, and software preferences.
Newsletter subscription: If you subscribe to our weekly digest, we collect your email address.
Assessment responses: When you use our Tech Stack Assessment, we collect your answers so we can generate personalized recommendations.
AI conversations: When you chat with our AI Tech Advisor, we store the conversation history to provide better recommendations.
Contact form submissions: If you reach out to us, we collect the information you include in your message.
Payment information: If you subscribe to a paid plan, your payment details are processed securely by Stripe. We never see or store your full credit card number.

Information We Collect Automatically

Usage data: We track which pages you visit, which tools you view, and how you interact with the platform. This helps us improve the experience.
Device information: We collect basic information about your browser, operating system, and device type.
IP address: We collect your IP address for security purposes and to understand where our users are located (at a country/region level).

Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how you use our site. Here is a breakdown:

Essential cookies: Required for the site to work properly (authentication, session management). You cannot opt out of these.
Analytics cookies: We use OpenPanel to understand how people use STOA Tools. Analytics data is self-hosted on our own servers and not shared with advertisers. You can opt out of analytics tracking by using your browser's Do Not Track setting.

We do not use advertising cookies or sell your data to ad networks.

Third-Party Services

We use a handful of trusted third-party services to run STOA Tools. Here is who has access to what:

Supabase (database and authentication): Stores your account data, preferences, tool ratings, and assessment results. Supabase provides our authentication system and database hosting.
Stripe (payments): Processes subscription payments securely. Stripe stores your payment method details (card number, billing address) on their servers. We only receive a token — we never see your full card number.
OpenPanel (analytics): Tracks anonymous usage patterns to help us improve the product. Analytics data is self-hosted on our own infrastructure and not shared with any third parties.
Resend (email delivery): Sends transactional emails (confirmation emails, password resets) and our weekly digest newsletter. Resend processes your email address to deliver these messages.
Vercel (hosting): Hosts our website. Vercel may process server logs that include IP addresses and request data.
Anthropic / Claude API (AI features): Powers our AI Tech Advisor conversations. Your conversation messages are sent to Anthropic's API for processing. Anthropic does not use your data to train their models when accessed via their API.
Sentry (error monitoring): Helps us identify and fix bugs. Sentry may receive error reports that include technical information about your session, but not personal data.

How We Use Your Data

We use your information to:

Provide and improve the STOA Tools platform
Personalize your tool recommendations based on your business profile
Send you the weekly digest newsletter (only if you opted in)
Process subscription payments
Respond to your questions and support requests
Generate Tech Stack Assessment reports and Team Training guides
Prevent fraud and protect the security of our platform
Understand usage patterns so we can build better features

We do not sell your personal information to anyone. Period.

Data Retention

We keep your data for as long as you have an active account. If you delete your account, we will remove your personal data within 30 days, except where we are legally required to retain it (such as payment records for tax purposes).

Newsletter subscriber data is retained until you unsubscribe. After unsubscribing, we keep your email address in a suppression list to make sure we do not accidentally email you again.

Anonymous analytics data may be retained indefinitely in aggregate form.

Your Rights

You have the right to:

Access your data: You can view your profile, assessment history, and conversation logs in your dashboard at any time.
Update your data: You can edit your profile and preferences from your account settings.
Delete your data: You can request account deletion through your account settings or by contacting us. We will process your request within 30 days.
Export your data: You can request a copy of your personal data by contacting us.
Opt out of marketing: You can unsubscribe from our newsletter at any time using the link in every email.
Opt out of analytics: You can enable your browser's Do Not Track setting to opt out of analytics tracking.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know: You can request details about the categories of personal information we collect, the purposes for collecting it, and the third parties we share it with.
Right to delete: You can request that we delete the personal information we have collected about you, subject to certain exceptions.
Right to opt out of sale: We do not sell your personal information. We never have and we never will.
Right to non-discrimination: We will not treat you differently for exercising your privacy rights.

To exercise any of these rights, contact us at our contact page. We will respond within 45 days as required by law.

Data Security

We take reasonable measures to protect your personal information, including:

Encrypted data transmission (HTTPS) for all connections
Row-level security policies on our database to prevent unauthorized access
Secure password hashing (handled by Supabase Auth)
PCI-compliant payment processing through Stripe
Regular security reviews of our codebase and dependencies

No system is 100% secure. If we ever discover a data breach that affects your personal information, we will notify you as required by applicable law.

Children's Privacy

STOA Tools is designed for business owners and professionals. We do not knowingly collect personal information from anyone under 16 years of age. If you believe we have collected data from a minor, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email (if you have an account) or by posting a notice on our website. The date at the top of this page always shows when the policy was last updated.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please reach out:

Contact form
STOA Agency, United States