Legal

Privacy Policy

Last updated: April 8, 2025

1. Introduction

Stow Inc. ("Stow," "we," "us," or "our") operates the Stow platform, a secure credential vault and AI agent management service. This Privacy Policy describes how we collect, use, and protect information about you when you use our website at stow.app and our related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you register, we collect your email address and a hashed password. We do not store your plain-text password.

Service Credentials

When you connect third-party services (Google, GitHub, Vercel, etc.), we store OAuth tokens, API keys, and related credentials in an encrypted vault using AES-256 encryption. These secrets are never logged or transmitted in plain text.

Usage Data

We automatically collect information about how you interact with the Service, including connectivity test results, agent execution logs, API request metadata (status codes, timestamps), and browser/device information for security purposes.

Payment Information

Subscription billing is handled by a third-party payment processor. We do not store full credit card numbers or payment card data on our servers.

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To authenticate your identity and secure your account
  • To execute API calls on behalf of your AI agents using your stored credentials
  • To send transactional emails (account verification, password reset, billing receipts)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

We do not sell your personal information to third parties. We do not use your stored credentials for any purpose other than executing requests you or your agents initiate.

4. Zero-Retention Policy for Agent Data

Stow does not retain the content of API responses processed by your agents. Execution logs record metadata (timestamps, status codes, service identifiers) but do not store the payload content returned by third-party APIs. Your agents' outputs belong to you.

5. Sharing Your Information

We may share your information only in the following circumstances:

  • Service Providers: Infrastructure partners (hosting, database, email delivery) who process data on our behalf under confidentiality agreements.
  • Legal Requirements: When required by law, court order, or to protect the rights and safety of Stow and its users.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice provided to affected users.

6. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS in transit, isolated credential contexts per service, and role-based access controls. We conduct regular security reviews and use Supabase Vault for hardware-level secret isolation.

Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

7. Data Retention

We retain your account data for as long as your account is active. Connectivity logs and execution metadata are retained for 90 days. Upon account deletion, your credentials are purged from the vault within 30 days. You may request immediate deletion by contacting us.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability (receiving a copy of your data in a machine-readable format)

To exercise these rights, contact us at privacy@stow.app.

9. Cookies

We use strictly necessary cookies for authentication session management and security (CSRF protection). We do not use advertising or behavioral tracking cookies. You can review our Cookie Policy for more detail.

10. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Stow Inc.

Email: privacy@stow.app

Terms of Service →← Back to Stow