Effective date: 2026-05-16
This Privacy Policy explains how Stack NPC Editorial (“Stack NPC”, “we”, “us”, or “our”) collects, uses, and shares information when you visit stacknpc.com and any associated subpaths.
We comply with applicable privacy laws including the UK Data Protection Act 2018, the UK GDPR, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Brazilian LGPD.
1. Who we are
Stack NPC Editorial publishes editorial content about software, AI tools, and SaaS. The site is operated under Brazilian jurisdiction by an individual operator publishing under the Stack NPC brand.
For privacy-related contact: [email protected]
2. Information we collect
Information you provide directly
- Email content when you write to us at our contact address
- Form submissions (when contact forms are available)
- Comments (currently disabled site-wide)
Information collected automatically
- Server logs: IP address (anonymised after 30 days), user agent, requested URL, referrer, timestamp. Used for security, debugging, and aggregate analytics.
- Cookies and similar technologies: see Section 6.
- Analytics: anonymised page-level metrics via Cloudflare Web Analytics and (when activated) Google Analytics 4 with IP anonymisation enabled.
Information from third parties
- Affiliate networks (Impact, PartnerStack, Amazon Associates, etc.) report referral conversions back to us in aggregate form. We receive no personally identifiable information from these reports — only counts and commission amounts.
3. How we use information
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Operating the site (page delivery, security, fraud prevention) | Legitimate interest |
| Analytics (aggregate site usage understanding) | Legitimate interest / consent (where required) |
| Responding to your messages | Performance of contract / legitimate interest |
| Complying with legal obligations | Legal obligation |
| Affiliate commission tracking | Legitimate interest |
We do not:
- Sell your personal information
- Use your data for personalised advertising profiling
- Build retargeting audiences
- Combine data across sessions to identify individual readers
4. Sharing of information
We share data only with the following processors:
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Hosting (server in Helsinki, Finland) | EU (Germany / Finland) |
| Cloudflare, Inc. | CDN, DDoS protection, edge analytics | Global edge network |
| Google LLC (Analytics 4, when active) | Aggregate analytics | EU + US (Standard Contractual Clauses) |
| Affiliate networks (Impact, PartnerStack, Amazon, etc.) | Click and conversion tracking | Varies; typically US |
We do not share information with marketing platforms, data brokers, or social media platforms beyond the standard third-party share buttons we may include in articles.
5. International data transfers
Data may be processed in the EU, the United States, and Brazil. Where data leaves the UK or EEA, we rely on:
- UK International Data Transfer Agreement (IDTA) and the UK Addendum
- Standard Contractual Clauses (SCCs) for EEA transfers
- Adequacy decisions where applicable
- Encryption in transit (TLS 1.2+)
6. Cookies and similar technologies
Stack NPC uses the following cookie categories:
| Category | Required? | Examples |
|---|---|---|
| Strictly necessary | Yes | Session, security tokens, language preference (pll_language), CDN session (__cf_bm) |
| Functional | No | UI preferences, returning-visitor recognition |
| Analytics | No | Cloudflare Web Analytics (_cfuvid), Google Analytics (_ga, _gid) |
| Affiliate / referral | No | Vendor-specific tracking (set by destination sites after click, not by us) |
Cookie controls. UK and EU/EEA visitors will see a cookie consent banner once analytics are activated. You can reject non-essential cookies, change preferences, or clear them through your browser at any time.
7. Your rights
Under UK GDPR and applicable law you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or your local data protection authority
To exercise any of these rights, email [email protected]. We respond within 30 days as required by UK GDPR.
8. Data retention
| Data type | Retention period |
|---|---|
| Server logs | 30 days, then aggregated/anonymised |
| Email correspondence | Up to 24 months |
| Aggregate analytics | Indefinite (no individual identification) |
| Affiliate conversion records | As required by tax law (typically 5 years) |
9. Children’s privacy
Stack NPC is not directed at children under 13 (UK) / 16 (EU). We do not knowingly collect personal information from minors. If you believe a child has submitted information, contact us and we will delete it.
10. Security
We employ industry-standard security measures including:
- TLS 1.2+ encryption in transit (HTTPS enforced site-wide)
- Origin server protected by Cloudflare WAF and Wordfence Security
- Application-level security hardening (no XML-RPC authentication, strong password policy)
- Regular security updates and monitoring
No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities within the timeframes required by law (72 hours for the ICO under UK GDPR).
11. Third-party links
Stack NPC contains links to third-party sites (vendor pages, documentation, news sources, affiliate destinations). Once you leave our site, this Privacy Policy no longer applies. Review the privacy policies of those sites before providing personal information.
12. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated by:
- Updating the “Effective date” at the top
- Posting a notice on the homepage for at least 14 days
- Where required, requesting renewed consent
13. Contact
For privacy questions, data subject requests, or to report concerns:
→ Email: [email protected]
We respond within 30 days as required by applicable law.
Last updated: 2026-05-16