SoStackSoStack
Sign in

Privacy Policy

Effective Date: 02/01/2026

SoStack ("we", "our", or "us") operates the SoStack mobile application and sostack.app website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use SoStack.

By using SoStack, you agree to the practices described in this Privacy Policy.

1. Information We Collect

A. Account Information

When you create an account, we collect:

  • Phone number (for authentication via one-time password)
  • Display name / username
  • Profile photo (if provided)
  • Bio (optional)
  • Account settings and preferences
  • Subscription and entitlement status (e.g., SoStack Plus)

For App Store review builds, an optional email-based review login may be used.

B. User Content

When you use SoStack, we collect and store:

  • Messages sent in private groups
  • Events created in group calendars
  • RSVP status and attendance responses
  • Public group updates and media uploads
  • Images and attachments you upload

Messages and event data are stored on our secure servers and protected through access controls. Messages are not end-to-end encrypted.

C. Engagement and Usage Data

We collect usage data including:

  • Group follows
  • Event impressions
  • Event add-to-calendar actions
  • Event shares
  • Group and event clicks
  • Ad impressions and clicks (for promoted content)

For SoStack Plus public groups, engagement metrics (such as event add-to-calendar and shares) may be shared with the public group administrator.

D. Contact Information (Optional)

If you grant permission, SoStack may access your device contacts to:

  • Help you invite people to groups
  • Match contacts to existing SoStack users

We do not permanently store your entire address book. Phone numbers may be transmitted to our servers for matching and invitation purposes.

E. Location Information (Optional)

If you enable location access, we may collect:

  • Approximate or precise location (foreground only)
  • Location used for discovery filtering
  • Event or group location data

Location permission is optional and feature-driven.

F. Device and Technical Information

We may collect:

  • Device type
  • Operating system version
  • App version
  • IP address
  • Crash logs and diagnostics

Web usage may involve cookies for authentication and session management.

2. How We Use Information

We use collected information to:

  • Provide messaging and calendar features
  • Authenticate users
  • Enable group coordination
  • Provide discovery and search functionality
  • Deliver optional internal ads
  • Provide analytics to SoStack Plus public group administrators
  • Improve app performance and reliability
  • Prevent abuse and ensure safety
  • Comply with legal obligations

3. Public Groups and Analytics

Public groups may receive aggregated engagement analytics, including:

  • Follows
  • Event impressions
  • Add-to-calendar actions
  • Shares
  • Click activity

These metrics help public groups understand how users interact with their content. Personal message content is never shared with public group administrators.

4. Advertising

SoStack uses internal promotional placements within the Discovery screen. We do not use third-party ad networks.

We track:

  • Ad impressions
  • Ad clicks
  • Engagement events

Billing for ads is managed through Stripe for web purchases.

5. Data Sharing and Service Providers

We use trusted service providers to operate SoStack:

  • Supabase (authentication, database, storage, backend services) – United States
  • Twilio (SMS verification via Supabase)
  • Google (Places API and map services)
  • OpenAI (AI-based filtering features)
  • Expo (push notification delivery)
  • Stripe (payments and subscriptions)
  • Sentry (error monitoring)
  • Vercel (web hosting)

These providers process data only as necessary to provide their services.

We do not sell user data.

6. Data Retention

We retain user data as long as your account remains active or as necessary to provide the Service.

When you delete your account:

  • Your authentication record is permanently deleted.
  • Associated user data is removed in accordance with database cascading rules.
  • A deletion request log is retained for administrative purposes.

Specific retention periods for logs and analytics may vary.

7. Data Security

We implement reasonable technical and organizational safeguards to protect user data, including:

  • Role-based database access controls
  • Encrypted transmission (HTTPS)
  • Secure cloud infrastructure

No system is completely secure. We encourage users to protect their devices and account access.

8. Your Rights and Choices

You may:

  • Access and update your profile information
  • Delete your account in-app (Settings → Advanced → Delete Account)
  • Disable location permissions at any time via device settings
  • Disable contact access via device settings

If you have questions about your data, contact us at support@sostack.app.

9. Children’s Privacy

SoStack is not intended for children under 13. We do not knowingly collect personal information from children under 13.

If we become aware that such data has been collected, we will delete it.

10. International Data Processing

SoStack’s infrastructure is primarily hosted in the United States. By using the Service, you consent to data processing in the United States.

11. Law Enforcement Requests

We may disclose information if required by law, subpoena, or valid legal process.

12. Changes to This Policy

We may update this Privacy Policy periodically. Continued use of SoStack after updates constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy, contact:

SoStack Limited Liability Company
Support