Skip to main content
← Back to Stacko

Privacy Policy

Last updated: June 2026

Beta notice

Stacko is currently in a closed beta. During this period your data is processed on infrastructure located outside the Republic of South Africa (see section 5). We intend to migrate to South African-hosted infrastructure before public launch.

1. Who we are

Stacko is a personal financial planning tool operated by [LEGAL ENTITY NAME — AWAITING REGISTRATION](“Stacko”, “we”, “us”). We are the responsible party in terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”).

Contact for data queries: hello@stacko.money

2. What we collect and why

DataPurposeLegal basis
Email address (stored as a one-way hash)Account identification and loginConsent
Password (bcrypt hash, not plaintext)AuthenticationConsent
First name, date of birth, provincePersonalised projections and tax estimatesConsent
Financial data (assets, liabilities, income, expenses)Core service — net worth and retirement modellingConsent
Usage logs (actions, timestamps)Security auditing and fraud preventionLegitimate interest

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not build advertising profiles.

3. How we store and protect your data

4. Data retention

We retain your personal information for as long as your account is active. If you request deletion, your data will be permanently and irreversibly purged within 30 days. After deletion, anonymised audit log entries (with your user ID replaced by a cryptographic hash) may be retained for security purposes.

5. Cross-border data transfers

During the beta period, Stacko uses cloud infrastructure providers that process your data outside the Republic of South Africa. We have entered into data processing agreements (DPAs) with each provider:

All providers operate under industry-standard security controls. We intend to migrate primary data storage and processing to South African-hosted infrastructure (Google Cloud, Johannesburg region) before public launch, which will address POPIA’s cross-border transfer requirements for most personal data. By registering during the beta you consent to this interim cross-border processing.

6a. Automated processing and AI-generated insights

Stacko uses artificial intelligence (Anthropic Claude) to generate personalised financial flags, scenario suggestions, and report summaries. Before your data is sent to Anthropic, it is anonymised: your name, email address, and all account identifiers are removed and financial figures are rounded. Anthropic does not receive data that could identify you as an individual.

AI-generated content is clearly labelled within the app and is supplementary only. Nothing generated by AI constitutes financial advice as defined under the Financial Advisory and Intermediary Services Act (FAIS). You may opt out of AI-generated insights at any time via your account settings.

7. Your rights under POPIA

You have the right to:

To exercise any of these rights, email us at hello@stacko.money or use the account settings page to export or delete your data directly.

8. Cookies and tracking

Stacko uses a single session cookie to keep you logged in. We do not use tracking cookies, analytics cookies, or any third-party advertising technology. No data is shared with Google Analytics, Meta Pixel, or similar services.

9. Changes to this policy

We will notify registered users of material changes to this policy by email (where you have opted in to communications) and by updating the “Last updated” date above. Continued use of Stacko after changes take effect constitutes acceptance of the revised policy.

Questions about this policy? hello@stacko.money