Privacy Policy

1. Who We Are

Stotos ("we", "us", or "our") operates the Stotos analytics platform accessible at stotos.com and admin.stotos.com. We are committed to protecting your personal data and respecting your privacy.

2. Data We Collect

We collect the following personal data when you use our service:

• Account data: email address, name, and password (hashed) when you register.
• Billing data: payment information is processed by Stripe and not stored on our servers.
• Store credentials: WooCommerce API keys stored in encrypted form (AES-256-GCM).
• Usage data: analytics events to improve the product (no personal store customer data is retained).

3. How We Use Your Data

• Provide and improve the Stotos service.
• Process payments and manage subscriptions.
• Send transactional emails (account activation, billing receipts).
• Respond to support requests.

4. Data Sharing

We do not sell your personal data. We share data only with service providers necessary to operate our platform: Supabase (database), Stripe (payments), Groq (AI processing), and Cloudflare (hosting). All providers are GDPR-compliant.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, personal data is deleted within 30 days. Encrypted store credentials are deleted immediately on account deletion.

6. Your Rights (GDPR)

As an EU resident, you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Object to or restrict processing of your data.
• Data portability.

To exercise these rights, contact us at [email protected].

7. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

8. Contact

For privacy inquiries, contact us at [email protected].