Privacy Policy

Effective date: May 8, 2026

Overview

DetectZeStack provides a technology detection API and a free Chrome extension. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Chrome Extension

The DetectZeStack Chrome extension reads only the URL of your current tab when you click the extension icon. This URL is sent to the DetectZeStack API to detect the website's technology stack.

• No personal data is collected, stored, or transmitted.
• We do not track your browsing history, keystrokes, or form inputs.
• We do not read or modify any page content.
• Results are cached locally in your browser for one hour to reduce API calls.
• Your data is not sold, shared, or transferred to third parties.
• The extension only activates when you click it — it does not run in the background.

API Service

When you use the DetectZeStack API (directly or through the extension), we receive the domain name you submit for analysis. We log:

• The domain analyzed
• Your IP address (for rate limiting only; not stored long-term)
• Timestamp of the request

We do not collect names, email addresses, or any personally identifiable information through the API.

Website Analytics

The DetectZeStack website uses Google Analytics 4 to understand traffic patterns. This is standard web analytics and does not apply to the Chrome extension or API.

Data Retention

Technology detection results are cached on our servers to improve response times. IP addresses used for rate limiting are not stored beyond the current session.

Account Data

If you create an account on detectzestack.com, we store your email address, hashed API keys (we never store the plaintext), session metadata, and your subscription status. We do not store passwords because we use email magic-link authentication.

Emails sent for account verification, sign-in, and welcome messages are dispatched through Apple iCloud's SMTP service. The email content does not include any data beyond the link and a brief explanatory message.

Subprocessors

We use the following third-party subprocessors to operate the Service:

• Stripe, Inc. (USA / EU) — processes subscription payments and stores billing information. We never see your full card number; Stripe handles all PCI-DSS compliance. Stripe privacy policy.
• Apple iCloud SMTP (Apple Inc., USA) — delivers transactional emails (sign-in links, claim links, billing notifications). Apple privacy policy.
• Cloudflare, Inc. (USA, global edge) — provides DNS, CDN, and edge caching for detectzestack.com. Cloudflare may process your IP address as part of edge routing and DDoS protection. Cloudflare privacy policy.
• Fly.io (USA, global regions) — hosts the application servers and SQLite database. Fly.io privacy policy.
• Google Analytics 4 (Google LLC, USA) — aggregated marketing analytics on the website only. Cookies are subject to your browser settings; you can opt out by enabling Do Not Track or installing the Google Analytics opt-out browser add-on.
• RapidAPI (Nordic APIs, Inc., USA) — alternative billing and authentication channel for users who choose the marketplace path. RapidAPI's privacy policy applies to that signup flow.

If we add a new subprocessor, we will update this list at least thirty (30) days in advance for paid customers, except where doing so would compromise security.

GDPR — Lawful Basis and Your Rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") applies. Our lawful bases for processing are:

• Contractual necessity (Article 6(1)(b)) for processing your email, API keys, sessions, and subscription state — we cannot deliver the Service without these.
• Legitimate interest (Article 6(1)(f)) for rate-limit IP logging, fraud prevention, and aggregated analytics. Our interest is operating a stable, abuse-resistant service; this is balanced against minimal data retention and pseudonymization where possible.
• Legal obligation (Article 6(1)(c)) for retaining transaction records as required by tax and accounting law (typically 7 years).

You have the right to access, correct, delete, or export your personal data, and to object to processing. To exercise any of these rights, email [email protected] from the email address on your account. We will respond within 30 days. If you are unsatisfied with our response you may lodge a complaint with your local data protection authority.

We do not currently offer a Data Processing Addendum (DPA). If you require one for enterprise procurement, contact [email protected].

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

If you have questions about this privacy policy, contact us at [email protected].