Stilltide

Privacy Policy

Last updated: April 5, 2026

1. Introduction

Luka Fagundes, doing business as Stilltide ("we," "us," or "our"), operates the Stilltide platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, name, and password when you create an account
  • Equipment photos and documents: images and files you upload for evaluation
  • Payment information: billing details processed through Stripe (we do not store your full credit card number)
  • Issue submissions: when reporting bugs or requesting features, we collect your name, email address, description, and any attached files. This information is stored in our database and sent to our private GitHub repository for internal issue tracking, accessible only to Stilltide.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, and actions taken within the Service
  • Device information: browser type, operating system, and device identifiers
  • Error and performance data: collected through Sentry for diagnosing issues and improving reliability (no personally identifiable information is included in error reports)

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including generating evaluation reports
  • Process your uploaded photos and documents through AI for equipment analysis
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, password resets, evaluation notifications)
  • Monitor and improve the performance and reliability of the Service
  • Enforce our Terms of Service and protect against misuse

4. AI Processing of Your Data

Photos and documents you upload are processed by third-party AI services (Google Gemini) to generate evaluation reports. This processing includes identifying equipment, extracting specifications, and estimating market pricing. Your uploaded content is sent to these AI services solely for the purpose of generating your reports and is not used to train AI models.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: authentication, database, and file storage
  • Stripe: payment processing and subscription management
  • Google Gemini: AI-powered equipment analysis
  • Resend: transactional email delivery
  • Sentry: error tracking and performance monitoring
  • Vercel: application hosting
  • GitHub: internal issue tracking only. When you submit bug reports or feature requests, your name and email are included in the issue created in our private GitHub repository for internal tracking purposes

Each of these services has its own privacy policy governing their handling of data. We encourage you to review them.

6. Data Storage and Security

Your data is stored securely using Supabase infrastructure with row-level security policies that ensure you can only access your own data. Uploaded photos are stored in secure cloud storage. We use encryption in transit (TLS) for all communications.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your account information and evaluation data for as long as your account is active. If you delete your account, we will remove your personal information and evaluation data. Some data may be retained in backups for a limited period.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate personal data
  • Deletion: request deletion of your personal data and account
  • Data portability: request your data in a portable format
  • Opt-out: opt out of non-essential data processing

You can exercise many of these rights directly through your account settings.

9. Do Not Track

The Service does not respond to Do Not Track (DNT) browser signals. We do not track users across third-party websites. No third parties collect personally identifiable information about your online activities over time or across websites through the Service.

10. Cookies and Local Storage

The Service uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services integrated into the platform may set their own cookies as described in their respective privacy policies.

The Service also uses browser localStorage to store your last-seen release version, which prevents duplicate release notification popups. This data is stored locally on your device, does not contain personally identifiable information, and can be cleared at any time through your browser settings.

11. Data Sale Disclosure

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not share your data for cross-context behavioral advertising. Your data is only shared with the third-party service providers listed in Section 5, solely for the purpose of operating the Service.

12. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • Right to know: request the categories and specific pieces of personal information we have collected about you
  • Right to delete: request deletion of your personal information
  • Right to correct: request correction of inaccurate personal information
  • Right to opt-out: opt out of the sale or sharing of your personal information (we do not sell or share your data)
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights

Categories of personal information we collect: identifiers (name, email), commercial information (subscription and payment records), internet activity (usage data, pages visited), visual information (equipment photos you upload), and inferences (AI-generated evaluations).

Data retention: we retain your account information and evaluation data for as long as your account is active. Payment records are retained for 7 years for tax and legal compliance. Error tracking data is retained for 90 days. Upon account deletion, your personal data is removed and evaluation records are anonymized.

To exercise your rights: you can manage most rights directly through your account settings (email change, account deletion). For other requests, email us at privacy@stilltide.us. We will respond to verified requests within 45 days.

13. Business Transfers

If Stilltide is acquired, merged with another company, or sells substantially all of its assets, your personal information may be transferred to the successor entity. The successor will be bound by this Privacy Policy with respect to your data. We will notify you of any such transfer via the email address associated with your account.

14. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Governing Law

This Privacy Policy is governed by the laws of the State of California. See our Terms of Service for additional details including jurisdiction and venue.