Sign in

Privacy Policy

Last updated: April 2026

At Stash, your thoughts belong to you. This policy explains what we collect, how we use it, who we share it with, and what control you have. We've tried to keep it honest and specific rather than hiding behind legal boilerplate.

Information You Provide

  • Account information: Your email address and password when you sign up.
  • Content: Everything you capture in Stash — text, voice memos, screenshots, images, files, URLs, and emails. This is the core of the service.
  • Emails you send to Stash: If you forward emails to capture@stash.bar or a personal @stash.bar handle, we process the email content, metadata, and attachments to create records.
  • Emails you send from Stash: If you compose and send emails through Stash, we store the message content and metadata.
  • Waitlist: If you join the waitlist, we collect your email address.
  • Support: If you contact us, we keep records of those communications.

Information Collected Automatically

  • Analytics: We run our own first-party analytics (no Google Analytics, no third-party trackers). We record pages visited, time on page, scroll depth, and events like signups. This data is stored in our own database, not sent to any third party.
  • Device information: Browser type and version, operating system, and device type — parsed from your User-Agent header.
  • Location: We derive approximate geographic location (country, region, city) from your IP address using a local MaxMind GeoLite2 database. The IP lookup happens on our server — your IP is not sent to MaxMind.
  • Log data: Our servers record IP addresses, request paths, and access times.

Cookies

We set two first-party cookies. No third-party tracking cookies.

  • _stash_vid (visitor): Identifies your browser across visits. Expires after 2 years. HttpOnly, Secure, SameSite=Lax.
  • _stash_sid (session): Tracks your current browsing session. Expires after 30 minutes of inactivity. HttpOnly, Secure, SameSite=Lax.

Your browser's cookie settings control whether these are stored. Some features may not work without them.

How We Use Your Information

  • Store and organize your content
  • Generate vector embeddings for semantic search
  • Extract entities (people, companies, projects), topics, and relationships from your content using AI
  • Build wiki pages about entities and topics mentioned across your captures
  • Transcribe voice memos and analyze images and videos
  • Power chat, recall, and AI-assisted features
  • Send transactional emails (welcome, account activation)
  • Understand how people use Stash so we can improve it
  • Protect against fraud and abuse

AI Providers

Stash uses AI to power its core features. Your content is sent to the following providers for processing. We send only the data needed for each task — never your full account.

  • Anthropic (Claude): Chat conversations, content enrichment, entity extraction, and web search. Your messages and record content are sent to Anthropic's API.
  • OpenAI: Voice memo transcription via Whisper. Your audio files are sent to OpenAI's transcription API.
  • Google (Gemini): Video analysis and transcription. Video URLs are sent to Google's Gemini API.
  • OpenRouter: Embedding generation, image analysis, PDF extraction, and intent classification. Text, images, and documents are sent to OpenRouter, which routes to underlying models (OpenAI, Google).

We log every AI API call internally (provider, model, token count, cost, latency) for cost tracking and debugging. These logs do not contain your content — only metadata about the request.

Your content is not used to train AI models. We use API-based access to all providers, which means your data is processed and discarded — not retained for model training. See each provider's API data usage policies for their specific commitments.

Third-Party Services

Beyond AI providers, your data touches these services:

  • Cloudflare R2: File storage. Uploaded files (images, documents, attachments) are stored in Cloudflare's R2 object storage.
  • SMTP provider: Outbound email delivery for transactional emails and emails you send from Stash.

We do not use third-party analytics services. We do not sell your personal information.

Data Storage and Security

Your data is stored on servers in the United States. Content and metadata are stored in PostgreSQL. Files are stored in Cloudflare R2. All data is encrypted in transit (TLS) and at rest.

We take security seriously, but no system is perfectly secure. We implement industry-standard safeguards and will notify you if a breach affects your data.

Data Retention

  • Your content: Retained as long as your account is active.
  • Inbound emails: Raw email data is automatically deleted after 30 days. Extracted content (the records created from emails) is retained as part of your account.
  • Analytics data: Retained indefinitely in aggregate. Individual session data may be pruned over time.
  • Error logs: Automatically purged after 30 days.
  • Account deletion: If you delete your account, we will delete your personal information within 30 days, except where required by law.

Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Ask us to correct inaccurate information.
  • Deletion: Request that we delete your account and associated data.
  • Export: Export your content from Stash.
  • Object: Object to processing of your data for specific purposes.

If you are in the EU/EEA, you also have rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are in California, you have rights under the CCPA including the right to know what personal information is collected and the right to opt out of its sale (we don't sell it).

To exercise any of these rights, contact us at the email below.

Children's Privacy

Stash is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this policy as Stash evolves. We will notify you of significant changes by posting the new policy on this page and updating the date above. If changes are material, we will notify you by email.

Contact Us

If you have questions about this policy or how we handle your data:

privacy@stash.bar