← Back to Stasher

Stasher Privacy Policy

Last updated: June 2026

1. What we collect

When you create an account we collect your email address, optional display name, and preferred language. When you upload a document we store the file and extract metadata (document type, issuer, date, amount, summary, tags). We log standard server access logs (IP address, timestamps) for security and debugging.

We do NOT collect payment data, advertising identifiers, or location data.

2. Third-party processors

Your documents are sent to the following services:

  • Google Cloud Storage – file storage (EU region)
  • Google Document AI – OCR text extraction
  • Google Vertex AI – document embeddings for search
  • Anthropic Claude – AI understanding and search
  • Sentry – crash reporting (no document content)
  • PostHog – anonymous product analytics (no document content)

All processors are under Data Processing Agreements.

3. How we use your data

We use your data solely to provide the Stasher service: storing your documents, making them searchable, and displaying them to you. We do not sell your data, use it for advertising, or share it with third parties beyond the processors listed above.

3a. Our commitment not to read your documents

The Stasher team does not read, view, or access the content of your documents. Access to document storage is restricted to automated systems. AI-powered search requires server-side text processing, which means document text passes through our servers and third-party AI models — but no human on the Stasher team reads your documents.

4. Data retention

Documents and extracted data are retained as long as your account is active. When you delete a document it is removed within 24 hours. When you delete your account, all data is permanently deleted after a 30-day grace period (so you can cancel accidental deletions).

5. Security

Files are stored encrypted at rest (AES-256, Google-managed keys) in Google Cloud Storage in the EU region. All data in transit is encrypted with TLS 1.2+. Access tokens expire after 15 minutes; refresh tokens after 365 days.

6. Your rights (GDPR / Israeli Privacy Protection Law)

You have the right to: access your data (use "Download My Data" in the app), correct inaccurate data (edit your profile), delete your data (use "Delete Account" in the app), and data portability (JSON export via "Download My Data").

7. Children

Stasher is not directed at children under 16. We do not knowingly collect data from children.

8. Changes to this policy

We will update the "Last updated" date at the top of this page if we make material changes. Continued use of the service after changes constitutes acceptance.

9. Contact

Questions or requests: privacy@stasher.app