Privacy Policy

Your privacy is protected by design, not just by policy.

OverviewInformation We CollectHow We Use InformationData Storage & SecurityYour RightsData RetentionCookies & TrackingContact Us

Overview

At Stagic, privacy isn't just a policy—it's the foundation of everything we build. Our zero-knowledge architecture means we cannot access, read, or share your data, even if compelled by law. This document explains how we handle information in our systems.

Last updated: December 1, 2025 Effective date: December 1, 2025

Information We Collect

Account Information When you create an account, we collect:
• Email address (for authentication and communication)
• Name (optional, for personalization)
• Company name (for business accounts)
• Payment information (processed by Stripe, never stored on our servers)

Usage Data We collect anonymous, aggregated usage statistics:
• Feature usage patterns (not content)
• Performance metrics
• Error logs (anonymized)

What We Cannot Access Due to zero-knowledge encryption:
• Your files and documents
• Your messages and communications
• Your encryption keys
• Any content you store or transmit

How We Use Information

Service Provision
• Account management and authentication
• Customer support
• Service improvements based on aggregated usage patterns

Communication
• Essential service notifications
• Security alerts
• Product updates (with opt-out option)

Legal Compliance
• Responding to valid legal requests
• Note: We can only provide account metadata, never your encrypted content

We Never
• Sell your personal information
• Share data with advertisers
• Use your data for AI training
• Access your encrypted content

Data Storage & Security

Encryption
• All data encrypted at rest with AES-256
• All transmissions encrypted with TLS 1.3
• Client-side encryption for your content (we never see plaintext)

Infrastructure
• EU-based data centers (GDPR compliant)
• SOC 2 Type II certified infrastructure
• Regular security audits by third parties

Access Controls
• Strict employee access policies
• Multi-factor authentication required
• Comprehensive audit logging

Your Rights

Under GDPR and similar regulations, you have the right to:

Access - Request a copy of data we hold about you Rectification - Correct inaccurate personal data Erasure - Request deletion of your data ("right to be forgotten") Portability - Export your data in a standard format Objection - Object to certain processing activities Restriction - Limit how we process your data

To exercise these rights: Email privacy@stagic.io or use your account settings. We respond to all requests within 30 days.

Data Retention

Active Accounts
• Account data retained while account is active
• Encrypted content stored until you delete it

After Account Deletion
• Account data deleted within 30 days
• Encrypted content purged from all systems within 90 days
• Anonymized usage statistics may be retained indefinitely

Legal Requirements
• Some data may be retained longer if required by law
• We will notify you if this applies to your data

Cookies & Tracking

Essential Cookies
• Authentication tokens
• Session management
• Security features

Analytics (Optional)
• Anonymous usage statistics
• Can be disabled in settings

We Don't Use
• Third-party advertising cookies
• Social media tracking pixels
• Cross-site tracking

See our [Cookie Policy](/cookies) for full details.

Contact Us

Data Protection Officer Email: dpo@stagic.io

Privacy Team Email: privacy@stagic.io

Mailing Address Stagic Security Kungsgatan 12 111 35 Stockholm Sweden

Response Time We respond to all privacy inquiries within 5 business days.

Questions about privacy?

Our privacy team is here to help.

Contact Us