This Privacy Policy explains what information RigStack (“we,” “us”) collects when you use the RigStack subscription service (the “Service”), why we collect it, how it's protected, and the choices you have about it.
Account information. When you sign up, we collect the email address and password you provide. Your password is never stored in plain text — it's hashed by our authentication provider (Supabase Auth) using industry-standard hashing, and we never have access to the original password.
Billing information. Payments are processed by Stripe. We never receive or store your full card number, expiration date, or CVC — Stripe handles that directly. We do store a reference to your Stripe customer and subscription IDs, and your subscription status (active, canceled, past due, etc.), so we can determine whether your account should have access to the Service.
The business data you enter into the tools. RigStack's tools are built for you to store your own creator-business data, including (depending on which tools you use): content calendar entries, brand deal details (including a brand contact's name and email, if you enter one), income and expense figures you log in the Tax & Income Estimator, and follower/view statistics you manually enter in the Analytics Dashboard. We do not pull this data from TikTok, Instagram, or YouTube automatically — everything in these tools is what you type in yourself.
AI tool inputs. Certain RigStack features use AI (including Anthropic's Claude) to generate content suggestions. If you use an AI-powered tool (the Hook & Script Writer, the Viral Caption & Hashtag Generator, or the Viral Video Idea Generator), the niche, topic, tone, or platform details you type in are sent to our AI provider (Anthropic) to generate a response. We do not store the generated output or your inputs after the response is returned to you — only a numeric count of how many generations you've used this month is retained, to enforce your monthly usage limit. These tools are clearly labeled as AI-generated in the product itself, and their output should be reviewed before you rely on or publish it.
Uploaded images.Two tools accept an image upload. The Color Grading LUT Generator's live-preview frame is processed entirely in your browser via JavaScript — it is never sent to our servers or stored anywhere. The Animated Overlay Generator's profile photo upload is sent to our servers, but only at the moment you export a video, only to render that specific export, and it is never written to our database — it lives in server memory and a temporary file for the duration of the export, then the temporary file is deleted automatically (immediately after you download it, or within 15 minutes if abandoned).
We do not use tracking cookies, third-party analytics scripts, or advertising trackers. The only cookies set are the ones our authentication provider uses to keep you logged in.
We do not sell your personal information or your business data to anyone, for any reason.
Your account data and the business data you enter into each tool are stored in a Postgres database with Row Level Security enabled on every table that holds it — meaning the database itself enforces that you can only ever read or write your own data, not another user's, independent of any check in the application code. Data is encrypted in transit (HTTPS/TLS) between your browser and our servers. At rest, your data relies on our database provider's standard infrastructure-level encryption; we do not currently apply additional field-level encryption on top of that for financial or contact-detail fields.
Administrative access that bypasses these per-user restrictions is limited to two narrow, server-only operations — creating your account after a verified payment, and updating your subscription status when Stripe notifies us of a billing event — and is never exposed to client-side code.
We keep your account and the data you've entered into the tools for as long as your account exists, including through a canceled subscription (your data isn't deleted when you cancel — your access is simply paused until you resubscribe).
We do not currently offer a fully self-service “delete my account” button in the app. If you'd like your account and all associated data deleted, contact us and we'll process that request manually.
We rely on a small number of infrastructure providers to run RigStack, each of which processes a limited slice of your data solely to provide their specific service to us:
We do not share your data with any other third party, including advertisers or data brokers.
You can review, edit, or delete most of the business data you've entered directly within each tool at any time. For anything you can't change yourself in-app — including a full account and data deletion request, or a request to export a copy of your data — contact us and we'll handle it manually. Depending on where you live, you may have additional legal rights over your data (for example, under GDPR or state privacy laws) — see the disclaimer at the bottom of this page.
RigStack is not directed at, and we do not knowingly collect information from, anyone under 18. If you believe a minor has created an account, contact us and we'll remove it.
If we make material changes to this policy, we'll update the date at the top of this page. Continued use of the Service after a change means you accept the updated policy.
DATA_AUDIT.md) — it is not a substitute for review by a qualified lawyer, and it does not, by itself, make RigStack legally compliant with any specific privacy law or regulation. The business owner should have this document (and the underlying data practices it describes) reviewed by an attorney before relying on it, especially before handling real users' financial or business data at scale.Questions about this policy? See our Terms of Service or reach out through the contact details on our homepage.