Skip to main content
Stackr
Sign In

Privacy Policy

Last updated: February 10, 2026Effective: February 10, 2026

Introduction

Who we are and what this policy covers

TL;DR

Stackr is an LFG (Looking for Group) gaming platform. We collect only what we need to match you with teammates, run the platform, and keep it safe. We never sell your data.

Welcome to Stackr ("we," "us," or "our"). Stackr is a gaming platform that helps players find teammates for competitive and casual games including CS2, Apex Legends, Dota 2, League of Legends, PUBG, and Arena Breakout: Infinite.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what choices you have. It applies to all users of the Stackr website, web application, and related services (collectively, the "Platform").

By creating an account or using Stackr, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any part, please do not use the Platform.

This policy should be read alongside our Terms of Service and Community Guidelines.

Information We Collect

Three categories: account, profile, and usage data

TL;DR

We collect your account credentials, the gaming profile you build, and data about how you use the platform. Nothing more.

Account Data

When you register, we collect the minimum information needed to create and secure your account:

  • Email address — to verify your identity, send notifications, and enable password recovery
  • Username — your unique identifier on the platform, visible to other users
  • Password hash — we never store your password in plain text; only a bcrypt hash
  • Display name — the name shown to other players in lobbies and profiles
  • Avatar — your profile picture, either uploaded or pulled from Discord
  • Discord ID, username, email, and avatar — received via OAuth when you connect your Discord account

Profile Data

You choose what to add to your gaming profile. This data powers our matching recommendations:

  • Game profiles — which games you play (CS2, Apex, Dota 2, LoL, PUBG, Arena Breakout: Infinite)
  • Rank selections — your current rank in each game (e.g., Gold Nova, Diamond, Immortal)
  • Play style preferences — competitive, casual, ranked practice, or mixed
  • Languages spoken — so we can match you with teammates you can communicate with
  • Bio / about section — free-text description you write about yourself as a player

Usage Data

We automatically collect certain data when you interact with the Platform. This helps us operate, improve, and secure Stackr:

  • Lobby participation — which lobbies you create, join, or leave, and timestamps
  • Chat messages — messages sent in lobby chat rooms via WebSocket (used for moderation and safety)
  • Reviews and ratings — feedback you leave on other players after sessions
  • Friend connections — your friend list and connection requests
  • IP address — collected for security, rate limiting, and abuse prevention
  • Browser and device information — browser type, operating system, screen resolution, and device type
  • Session data — login times, session duration, pages visited, and referral source

What we do NOT collect

We do not collect financial information (no payments yet), biometric data, precise geolocation, contacts from your device, or data from third-party ad networks. We do not read your Discord messages or access your Discord servers — we only receive the specific data you authorize during OAuth.

How We Use Your Information

Every piece of data has a specific purpose

TL;DR

We use your data to match you with teammates, run the platform, keep it safe, and make it better. That is it.

Matching & Recommendations

Your game profiles, rank, language preferences, play style, and friend graph are used by our recommendation engine to suggest relevant lobbies and teammates. This is all first-party data processed on our own servers — we do not send your profile to external recommendation services.

Platform Operation

Account data keeps your profile secure and identifiable. Session data and WebSocket connections power real-time features like lobby chat, presence indicators, and live lobby updates.

Communication

We use your email address to send account-related notifications: password resets, lobby invitations from friends, important platform updates, and policy changes. You can opt out of non-essential emails at any time through your account settings.

Safety & Moderation

Chat messages, IP addresses, and usage patterns are monitored to detect and prevent abuse, harassment, spam, and violations of our Community Guidelines. We use automated systems and human review when necessary.

Analytics & Improvement

Aggregated, anonymized usage data helps us understand how people use Stackr — which features are popular, where users get stuck, and what to build next. We process analytics internally; we do not currently use third-party analytics services like Google Analytics.

Legal Compliance

We may process your data when required to comply with applicable laws, respond to valid legal requests, enforce our Terms of Service, or protect the rights and safety of Stackr and its users.

Information Sharing

Who can see your data and why

TL;DR

We do not sell your personal data. Period. We share limited data only with service providers that help us run the platform, and with law enforcement when legally required.

Other Users

Your username, display name, avatar, game profiles, rank, play style, languages, bio, and reviews are visible to other Stackr users. Chat messages are visible to members of the same lobby. Your email address is never shown to other users.

Discord (OAuth Provider)

When you connect your Discord account, Discord receives confirmation that you authorized Stackr. We receive your Discord user ID, username, avatar URL, and email. We do not share your Stackr activity back to Discord.

Hosting & Infrastructure Providers

Your data is stored on servers managed by our hosting provider. These providers process data on our behalf under strict data processing agreements. They do not have independent rights to use your data.

Analytics Tools

We currently process analytics internally and do not use third-party analytics services. If this changes in the future, we will update this policy and notify you before any data is shared with external analytics providers.

Law Enforcement & Legal Requests

We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to: comply with a legal obligation or valid court order; protect and defend the rights or property of Stackr; prevent fraud or abuse; or protect the personal safety of users or the public.

Business Transfers

If Stackr is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Platform before your data is transferred and becomes subject to a different privacy policy.

Cookies & Tracking

What cookies we use and why

TL;DR

We use essential session cookies only. No third-party tracking cookies, no ad pixels, no fingerprinting.

Stackr uses a minimal set of cookies required for the platform to function. Here is exactly what we set:

CookieTypePurposeDuration
session_tokenEssentialJWT authentication token. Keeps you logged in and verifies your identity on each request.7 days
refresh_tokenEssentialUsed to issue a new session token when the current one expires, without requiring you to log in again.30 days
csrf_tokenEssentialProtects against cross-site request forgery attacks.Session
themeFunctionalStores your UI theme preference (dark/light) so it persists across visits.1 year

All essential cookies are httpOnly and Secure (transmitted only over HTTPS). We do not use third-party tracking cookies, advertising pixels, social media trackers, or browser fingerprinting techniques. If we ever introduce non-essential cookies, we will implement a cookie consent mechanism and update this policy.

Data Retention

How long we keep your data

TL;DR

We keep your data while your account is active, then delete it within 30 days of account deletion. Specific categories have shorter retention periods.

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy. Here are the specific retention periods:

Data TypeRetention Period
Account dataWhile your account is active, plus 30 days after you request deletion
Profile dataWhile your account is active; deleted with your account
Chat messages1 year from the date sent, then permanently deleted
Usage logs90 days, then automatically purged
IP addresses90 days (stored in usage logs)
Reviews & ratingsWhile your account is active; anonymized upon deletion
Encrypted backups30 days after account deletion, then permanently destroyed

When you delete your account, we begin a 30-day grace period during which you can reactivate it. After 30 days, we permanently delete your account data and profile data from our primary databases. Encrypted backups containing your data are purged within an additional 30 days after that.

We may retain certain data beyond these periods if required by law (for example, to comply with tax or legal reporting obligations) or to resolve disputes and enforce our agreements.

Your Rights

Access, correct, delete, and export your data

TL;DR

You own your data. You can access, correct, delete, or export it at any time. We honor GDPR, CCPA, and similar privacy regulations regardless of where you live.

Depending on your location and applicable law, you have the following rights regarding your personal data:

  • Right to Access — Request a copy of all personal data we hold about you, in a structured, machine-readable format
  • Right to Correction — Request that we correct any inaccurate or incomplete personal data
  • Right to Deletion — Request that we delete your personal data (also known as the "right to be forgotten" under GDPR)
  • Right to Data Export — Download your data in a portable format (JSON) so you can transfer it to another service
  • Right to Restrict Processing — Ask us to temporarily stop processing your data while we address a concern
  • Right to Object — Object to our processing of your data for specific purposes, such as analytics
  • Right to Withdraw Consent — Where processing is based on consent, withdraw it at any time without affecting prior processing

GDPR (European Economic Area)

If you are in the EEA, UK, or Switzerland, the General Data Protection Regulation grants you all of the rights listed above. Our legal bases for processing your data include: performance of a contract (operating your account), legitimate interests (platform security, analytics), and consent (where specifically requested). You also have the right to lodge a complaint with your local data protection authority.

CCPA (California)

If you are a California resident, the California Consumer Privacy Act gives you the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. As stated above, we do not sell your personal information. We do not discriminate against you for exercising any CCPA rights.

How to Exercise Your Rights

You can exercise your rights in any of the following ways:

  • Self-service: Go to Settings > Privacy > Your Data in your account to download, correct, or delete your data directly.
  • Email: Send a request to privacy@stackr.gg from the email address associated with your account.
  • Response time: We will respond to all requests within 30 days. If we need more time, we will notify you of the extension and the reason for it.
  • Verification: We may ask you to verify your identity before processing certain requests to protect your account from unauthorized access.

Data Security

How we protect your information

TL;DR

We encrypt data in transit and at rest, hash passwords with bcrypt, enforce strict access controls, and have an incident response plan.

We take the security of your data seriously and implement industry-standard measures to protect it:

Encryption

  • All data in transit is encrypted using TLS 1.2+ (HTTPS for web traffic, WSS for WebSocket connections)
  • Passwords are hashed using bcrypt with appropriate cost factors — we never store plaintext passwords
  • Database backups are encrypted at rest
  • Session tokens (JWTs) are signed with strong cryptographic keys and rotated regularly

Access Controls

  • Access to production data is restricted to authorized team members on a need-to-know basis
  • All administrative access requires multi-factor authentication
  • Database access is controlled through role-based permissions with the principle of least privilege
  • We use separate environments for development, staging, and production — no production data in non-production environments

Monitoring & Response

  • Continuous monitoring for suspicious activity, unauthorized access attempts, and anomalies
  • Regular security reviews of our codebase and infrastructure
  • A documented incident response plan with defined escalation procedures
  • If a data breach occurs that affects your personal data, we will notify you and the relevant authorities within 72 hours as required by GDPR

No system is 100% secure

While we implement strong security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data using best practices and responding quickly if something goes wrong.

Children's Privacy

Age requirements and how we handle minors' data

TL;DR

Stackr is not for users under 16. We do not knowingly collect data from children. If we discover a user is under 16, we delete their account and data immediately.

Stackr is designed for users aged 16 and older. We chose 16 (rather than 13) to align with the GDPR requirement for digital consent in many European jurisdictions and to ensure a safer environment for our community.

We do not knowingly collect or solicit personal information from anyone under 16 years of age. If you are under 16, do not create an account or send any information to us.

If we learn that we have collected personal information from a child under 16, we will take immediate steps to delete that information and terminate the associated account. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@stackr.gg so we can take appropriate action.

International Transfers

Where your data is stored and processed

TL;DR

Our servers are in Europe. If your data needs to be processed in another jurisdiction, we ensure equivalent protections are in place.

Stackr's primary servers and databases are located in the European Union. Your data is stored and processed primarily within the EU.

However, some of our infrastructure providers may process data in other jurisdictions. When data is transferred outside the EEA, we ensure that appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all service providers that handle personal data
  • Verification that recipient countries provide adequate data protection, or that additional safeguards are in place
  • Encryption of data in transit and at rest, regardless of where it is processed

By using Stackr, you acknowledge that your information may be transferred to and processed in jurisdictions outside your country of residence. We will always ensure that your data receives the same level of protection regardless of where it is processed.

Changes to This Policy

How we notify you of updates

TL;DR

We will notify you of any changes via email and an in-app banner. Material changes require your re-consent before taking effect.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make changes, we will:

  1. Update the "Last updated" date at the top of this page
  2. Notify you via email to the address associated with your account
  3. Display a prominent notice on the Platform (in-app banner) for at least 14 days
  4. For material changes — such as new categories of data collection, new third-party sharing, or changes to your rights — require your explicit re-consent before the changes take effect

If you disagree with any changes, you may delete your account before the updated policy takes effect. Continued use of Stackr after the effective date constitutes acceptance of the updated Privacy Policy.

We encourage you to review this page periodically. Previous versions of this policy are available upon request by emailing legal@stackr.gg.

Contact

Reach us with questions or requests

TL;DR

Privacy questions go to privacy@stackr.gg. Legal matters go to legal@stackr.gg. We respond within 30 days.

If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, contact us using the channels below:

Privacy Inquiries & Data Requests

privacy@stackr.gg

Data access, correction, deletion, export, and general privacy questions.

Legal Department

legal@stackr.gg

Legal notices, law enforcement requests, and regulatory matters.

Data Protection Officer (DPO)

dpo@stackr.gg

GDPR-specific inquiries, data protection impact assessments, and supervisory authority correspondence.

We aim to respond to all privacy-related inquiries within 30 calendar days. If your request is particularly complex or we receive a high volume of requests, we may extend this period by an additional 60 days — in which case we will notify you of the extension and the reason for it within the initial 30-day window.

If you are in the EEA and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Questions?

Reach out to our team for clarification or concerns.

Contact UsBack to Home