Privacy Policy

Last updated: April 2026

Data We Collect

We collect the following information:

• Account information: your email address and display name when you create an account.
• Session cookie: a session identifier (indiestack_session) stored in your browser to keep you logged in. Anonymous visitors also receive a session cookie so that features like tool reactions work without an account.
• IP address and User-Agent: your IP address and browser User-Agent string are hashed together to produce an anonymous visitor identifier used for aggregate analytics (e.g. unique visitor counts). We do not store raw IP addresses or build individual profiles.
• Usage data: page views, search queries, outbound clicks to tool websites, and tool reactions ("I use this" / "Bookmarked"). This data is stored in our database and used to power activity feeds, search rankings, and aggregate statistics shown on the site.
• MCP server queries: when an AI agent searches our catalog via the MCP server, we log the search query, the agent platform identifier (e.g. "Claude Desktop"), and increment view counts. No personal data from the agent's user is collected.
• MCP agent feedback: AI agents may optionally report tool integration outcomes (success/failure) and tool compatibility data via report_outcome and report_compatibility functions. This data is used to improve tool recommendations and build trust signals. No personal data is included in these reports.
• Oracle API calls: when an AI agent queries our paid Oracle API (via the x402 protocol), we log the endpoint called, the tool slugs queried, and a timestamp. We do not log wallet addresses, payment signatures, or any identifying information about the agent or its user. Payment verification is handled entirely by the x402 protocol and the Base blockchain network — we receive USDC but do not process or store payment credentials.

How We Use Your Data

Your data is used to: provide and maintain your account, send transactional emails (e.g. email verification, tool approval notifications), improve search results and tool rankings, display aggregate activity on the site (e.g. "X searches this week"), and prevent abuse or fraud.

Third-Party Services

We use the following third-party services:

• Fly.io — hosting. Your requests are processed on Fly.io infrastructure.
• Gmail SMTP — transactional emails are sent from our Gmail account.
• Stripe — payments for paid plans are processed by Stripe. We do not store your payment card details — these are handled entirely by Stripe.
• Base network (x402) — Oracle API payments are processed on the Base blockchain via the x402 protocol. Payments are peer-to-peer USDC transfers verified by a facilitator service. On-chain transaction data (wallet addresses, amounts, timestamps) is publicly visible on the Base blockchain as with any blockchain transaction.

We do not sell your personal data. We do not use any third-party analytics, advertising, or tracking services.

Cookies

IndieStack uses a single session cookie (indiestack_session) for authentication and anonymous feature access (e.g. reactions). A temporary github_oauth_state cookie is used during GitHub login for security (expires after 10 minutes). We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics. No cookie consent banner is needed because we only use strictly necessary cookies.

Data Retention

Account data is retained for as long as your account is active. If you delete your account, your personal data will be removed within 30 days. Anonymised analytics data (page views, search logs, aggregated usage statistics) may be retained indefinitely. Session data for anonymous visitors is periodically cleaned up.

Your Rights (GDPR)

If you are in the UK or EU, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct any inaccurate data.
• Erasure — ask us to delete your personal data ("right to be forgotten").
• Portability — request your data in a machine-readable format.
• Object — object to processing of your data in certain circumstances.

Contact

For any privacy-related questions or to exercise your rights, contact us at pajebay1@gmail.com.