Privacy Policy

Last updated: March 17, 2026

This Privacy Policy describes how StackPro Tools ("we," "us," or "our") collects, uses, and protects your information when you use stackpro.tools (the "Service"). We are committed to protecting your privacy and being transparent about our data practices.

1. 100% Client-Side Processing

StackPro Tools is built on a privacy-first architecture. We do not upload, store, or process your files on our servers. All tool operations — including image compression, PDF generation, invoice creation, text extraction, and formatting — are executed entirely within your device's web browser using client-side JavaScript, the Canvas API, and Web Workers. Your files never leave your device.

2. Information We Collect

2.1 Free Tier Users

If you use StackPro Tools without creating an account, we collect no personal information. Usage limits are tracked locally in your browser's localStorage and are never sent to our servers.

2.2 Registered / Pro Users

When you create an account or subscribe to Pro, we collect:

  • Email address and display name — provided during registration for account identification and communication.
  • Authentication data — managed by Firebase Authentication (Google sign-in or email/password). We do not store passwords; Firebase handles credential management securely.
  • Subscription status — stored in our Firestore database to determine your plan tier (Free or Pro). We do NOT store credit card numbers, payment card details, or bank information.

2.3 Analytics Data (Optional)

If you accept cookies via our consent banner, we use Google Analytics 4 (Measurement ID: G-P9P588J0JW) to collect anonymized usage data such as page views, tool usage frequency, and user flow. IP addresses are anonymized. If you decline cookies, no analytics data is collected whatsoever.

3. Third-Party Services

We use the following third-party services:

  • Firebase Authentication (by Google) — manages user sign-in, sessions, and email verification securely.
  • Cloud Firestore (by Google) — stores user account metadata and subscription status. No user-generated content (files, images, documents) is ever stored here.
  • Stripe — processes payments and manages subscriptions for Pro users. Stripe handles all payment data including credit cards directly and is PCI DSS Level 1 certified. We never see or store your card number.
  • Google Analytics 4 — collects anonymized analytics data only if you accept cookies. We have IP anonymization enabled.

4. Cookies and Local Storage

We use the following local storage mechanisms:

  • localStorage — stores your cookie consent preference, UI settings (dark/light mode), and free-tier daily usage counters. This data is never transmitted to our servers.
  • Firebase session cookies — used by Firebase Authentication to maintain your signed-in state. These are essential for account functionality.
  • Google Analytics cookies — only set if you explicitly accept cookies via our consent banner. These are used for anonymized usage analytics.

We do not use advertising cookies, tracking pixels, or third-party ad networks.

5. Data Retention

Account data is retained for as long as your account is active. If you delete your account or request data deletion, we will remove your personal data from our systems within 30 days. Anonymized analytics data may be retained for up to 14 months in accordance with Google Analytics defaults.

6. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data.
  • Withdraw consent for analytics cookies at any time.
  • Object to processing or request restriction of processing.
  • Data portability — receive your data in a structured format.

To exercise any of these rights, please contact us using the information provided below.

7. Data Security

We use industry-standard security measures including HTTPS/TLS encryption for all data in transit, Firebase Authentication for secure session management, and Stripe's PCI DSS Level 1 compliant infrastructure for payment processing. Since all file processing happens client-side, your files are never exposed to network-based threats.

8. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: