MakoStackMakoStack

Privacy Policy

Last updated: March 2026

Introduction

MakoStack ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at makostack.app ("the Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Optional information you add to your profile
  • App Content: Text, images, and configurations you create for your apps
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
  • Communications: Messages you send us for support or feedback

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs, user agent
  • Cookies: Session cookies for authentication (see Cookies section below)
  • Security Data: Cloudflare Turnstile tokens for bot protection, identity verification hashes

Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your email address and profile name
  • Website Import: When you import from a website, we fetch publicly available content from that URL

Content Scanning

We automatically scan app content for prohibited material (phishing, scams, malware, etc.) to protect our platform and your visitors. This scanning is performed on our servers and no content is shared with third parties for this purpose.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your account
  • Generate and host your apps
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or illegal activities
  • Personalize and improve your experience

How We Share Your Information

We may share your information with:

Service Providers

  • Supabase (US) — Database, authentication, and file storage
  • Stripe (US) — Payment processing. We never store your credit card number.
  • Anthropic (US) — AI services. Your app descriptions are sent to generate site content. Anthropic does not use this data for training.
  • Vercel (US) — Hosting and deployment of the platform and published sites
  • Cloudflare (US) — DNS, CDN, SSL, bot protection (Turnstile), and DDoS mitigation
  • Resend (US) — Transactional email delivery (verification codes, notifications)
  • Google (US) — OAuth sign-in. If app owners add Google Analytics to their published sites, Google may collect visitor data under the app owner's responsibility.

Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. We may also retain certain information as required by law or for legitimate business purposes.

You can deactivate your account at any time from your Dashboard. Deactivation immediately takes your published sites offline and begins a 30-day grace period. During this period, you can reactivate your account by simply logging back in. After 30 days, all personal data, apps, submissions, and payment history are permanently deleted from our systems.

Audit logs related to security events (e.g., abuse reports, content moderation actions) may be retained for up to 12 months after account deletion for legal and safety purposes.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure password hashing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Rights and Choices

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Delete your account and all associated data directly from your Dashboard, or request deletion by contacting us
  • Export: Download your app data and configurations via the Export feature
  • Opt-out: Unsubscribe from marketing communications. You may also decline analytics cookies via our cookie consent banner.

To exercise these rights, you can use the self-serve tools in your Dashboard or contact us at makostackapp@gmail.com.

Cookies and Tracking

We use the following types of cookies:

Essential Cookies (always active)

  • sb-*-auth-token: Supabase authentication session (keeps you signed in)
  • cookie-consent: Stores your cookie preference choice

Analytics Cookies (opt-in)

  • Google Analytics (_ga, _gid): Only loaded on published sites where the app owner has added a Google Analytics ID, and only if you have accepted analytics cookies

When you first visit makostack.app, a cookie consent banner lets you choose between "Accept all" (essential + analytics) or "Essential only". You can change your preference at any time by clearing the cookie-consent value from your browser's localStorage.

Published sites: If you create a site on MakoStack and add Google Analytics, you are responsible for providing appropriate cookie consent to your own visitors under GDPR/ePrivacy regulations.

Published Sites and Visitor Data

When you create and publish a site on MakoStack, visitors to your site may submit personal data through contact forms, booking forms, order forms, or email capture forms. In this relationship:

  • You (the site owner) are the data controller — you determine what data is collected and how it is used
  • MakoStack is the data processor — we store and process visitor submissions on your behalf

As a site owner, you are responsible for your own site's compliance with applicable data protection laws, including providing your visitors with appropriate privacy notices and obtaining necessary consents.

Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether your personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell personal information)
  • Right to equal service and price

GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

Our legal basis for processing your data includes: consent, performance of a contract, and legitimate business interests.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: makostackapp@gmail.com

← Back to Home