Privacy Policy

Last updated: April 2026

Introduction

At StashCanvas, we value your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application. We are committed to protecting your personal data and being transparent about our practices.

StashCanvas is a local-first application. Unlike traditional SaaS platforms, we are designed to process your data locally on your machine or through your own AI provider accounts. This means you maintain control over your data.

Information We Collect

Account Information

When you register for an account, we collect:

  • Email address (for authentication)
  • Full name (for account identification)
  • Password (hashed and stored securely)

Authentication Data

We use session-based authentication. Session tokens are stored securely and are necessary to maintain your logged-in state.

Usage and Analytics Data

We collect anonymised usage data to understand how our application is used and to improve our services. This data cannot be used to identify you personally and includes:

  • Pages visited and features used
  • General location data (country/region level only)
  • Device and browser information
  • Interaction patterns with the application

How We Use Your Information

We use your information for the following purposes:

  • Account Management: To create and maintain your account, authenticate your identity, and provide access to our services.
  • Service Delivery: To provide, maintain, and improve our application based on user feedback and usage patterns.
  • Communication: To respond to your inquiries, provide support, and send important notices about our service.
  • Analytics: To analyse usage trends and optimise the user experience.
  • Security: To detect, prevent, and address technical issues and protect against fraud or unauthorised access.

Local Data Processing

StashCanvas is designed as a local-first application. Here is how your data is handled:

Local AI Processing (Ollama)

When you use local Ollama models, all AI processing happens directly on your machine. We do not have access to:

  • Your AI prompts or messages
  • AI model responses
  • Any documents or data processed locally
  • Local model configurations

Your data never leaves your device in this mode.

Local Storage

StashCanvas stores certain data locally on your device, including workspace configurations, canvas layouts, and preferences. This data remains on your device and is managed by your browser or application storage.

API Keys and External AI Providers

When you use external AI providers (such as OpenRouter, OpenAI, Anthropic, or others), you provide your own API keys. In this case:

  • No Storage: We do not store your API keys on our servers. Keys are used only for the duration of your session.
  • Direct Communication: Your API keys are sent directly to AI providers when you make requests. We do not intercept or log your keys.
  • Your Responsibility: You are responsible for safeguarding your API keys and understanding the privacy policies of the AI providers you use.
  • Provider Privacy: When using external AI providers, their privacy policies apply to how they handle your prompts and responses. We encourage you to review their policies.

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to outside parties except in the following circumstances:

Service Providers

We may share data with third-party service providers who assist us in operating our application, such as:

  • Hosting and infrastructure providers
  • Analytics services (anonymised data only)
  • Email and communication services

These providers are obligated to maintain the confidentiality of your information.

Legal Requirements

We may disclose your information when required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, safety, or the safety of others.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for a reasonable period after deletion.
  • Local Data: Stored on your device and managed by you through browser or application settings.
  • Analytics Data: Retained in anonymised form for up to 24 months for improvement purposes.

Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request correction of inaccurate or incomplete data.
  • Deletion: You may request deletion of your account and associated personal data.
  • Data Portability: You may request a structured, machine-readable copy of your data.
  • Withdraw Consent: You may withdraw consent for processing where consent was the legal basis.

To exercise any of these rights, please contact us at adormantsakthi@gmail.com

Security Measures

We implement appropriate technical and organisational security measures to protect your personal data:

  • Encryption: Passwords are hashed using industry standard algorithms.
  • Access Controls: Access to personal data is restricted to authorised personnel only.
  • Secure Transmission: Data is transmitted over secure, encrypted connections (HTTPS).
  • Regular Review: We regularly review and update our security practices.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Necessary for basic functionality, such as maintaining your session.
  • Analytics Cookies: Help us understand how visitors interact with our application. This data is anonymised.

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the application.

International Data Transfers

Our servers are currently located in the United States. If you are accessing from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where data protection laws may differ from those in your country.

By using our service, you consent to this transfer.

Children's Privacy

Our service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly.

Third-Party Links

Our application may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at adormantsakthi@gmail.com

← Back to Home