Skip to main content
StackCube handles sensitive business data — customer details, order histories, pricing agreements, and logistics records — and protecting that data is a core part of how the platform is built, not an afterthought. This page explains the technical controls in place, how AI processing works, how long data is retained, and what rights you have over the information your account holds. If you have a specific security question not covered here, contact the team at support@stackcube.io.

Encryption and Transmission Security

All communication between your browser, your customers, and StackCube’s servers travels over HTTPS/TLS, ensuring that order data, credentials, and file uploads are encrypted in transit and cannot be intercepted by third parties. Additional controls protect data at rest and at access boundaries:
  • Password hashing — user passwords are hashed using a strong one-way algorithm before storage; plain-text passwords are never written to disk.
  • Signed URLs — access to files and assets (such as uploaded spreadsheets or PDFs) is granted through time-limited, cryptographically signed URLs, preventing unauthorized access even if a URL is shared.

Access Controls

StackCube applies a least-privilege model across the platform. Each user and internal system component is granted only the permissions it needs to perform its function — nothing more. This limits the blast radius of any accidental misconfiguration or compromised credential. The Enterprise plan extends this model to your team with multi-entity roles, giving you fine-grained control over who in your organization can view, approve, or administer orders across different entities or departments.

Logging and Backups

StackCube maintains comprehensive activity logs and regular data backups to support both operational continuity and security auditing:
  • Logs are retained for at least 3 months.
  • Backups are retained for up to 90 days.
In the event of an incident, these records allow the team to investigate what happened and restore data to a known good state.

AI Processing and Data Use

StackCube uses the OpenAI API to power the AI features in the review queue — parsing unstructured order messages, mapping customer item names to your SKUs, and applying the correct price lists.
Your customer and order data is never used to train OpenAI’s models. Data sent to the OpenAI API is used solely to generate responses for your active session.
OpenAI retains abuse-monitoring logs for up to 30 days as part of their standard safety operations. StackCube does not control this retention period, but no training occurs on your data during or after that window. If you prefer not to use AI-assisted features, you can request AI deactivation for your account by contacting support@stackcube.io. The platform’s core order management functions remain available without AI processing.

Third-Party Data Processors

StackCube works with a set of vetted sub-processors to deliver the service. International data transfers are covered by standard contractual clauses (SCCs) where required. Current processors include:

Infrastructure

Cloudflare, Vercel, AWS

AI & Search

OpenAI, Google

Payments

Stripe

Data Retention

StackCube retains different categories of data for different periods based on their purpose:
Data CategoryRetention Period
Consultation and pre-sales dataUp to 3 years
Account and order data30 days after account termination
BackupsUp to 90 days
Activity logsAt least 3 months
OpenAI abuse logsUp to 30 days
After the applicable retention period, data is deleted from active systems. If you terminate your account and need to export your order history first, contact support@stackcube.io before the 30-day window closes.

Your Data Rights

As a StackCube customer, you have the following rights over the data held in your account:
  • Access — request a copy of the personal or business data StackCube holds about you.
  • Correction — request that inaccurate data be corrected.
  • Deletion — request that your data be deleted, subject to any legal retention obligations.
  • Suspension of processing — request that StackCube stop processing your data in certain circumstances.
  • Consent withdrawal — withdraw consent for any processing that is based on consent, at any time.
To exercise any of these rights, email support@stackcube.io with your request. The team will respond in accordance with applicable data protection law.
StackCube is a B2B service intended exclusively for business use. No personal data of individuals under the age of 14 is knowingly processed on the platform.

Contact

For security questions, vulnerability disclosures, data rights requests, or anything not covered on this page, reach the StackCube team at support@stackcube.io.