Download our SaaS Trend Report 2024

Security & Compliance

We are Stackdeck, and we help companies to save time and money on their SaaS stack while bolstering its security. Sounds relevant?

GDPR Compliance

Stackdeck have conducted a privacy assessment and updated our Privacy Policy to align to the requirements of the GDPR. We refrain from requesting and collecting any data outside of what is absolutely necessary to provide our service. Our subprocessors are documented, audited and the extent to which data is shared is closely monitored. Additionally, we can provide assurances that:

  • Everyone who comes into contact with data at Stackdeck is sworn to confidentiality.
  • Stackdeck uses appropriate technical and organisational measures to protect the security of customer data.
  • Stackdeck will help your company uphold its obligations under the GDPR, particularly concerning data subjects’ rights.
  • Stackdeck will help your company maintain GDPR compliance with regard to Article 32 (security of processing) and Article 36 (consulting with the data protection authority before undertaking high-risk processing).
OK
CCPA Compliance

Stackdeck have conducted a privacy assessment with our Privacy Policy addressing the rights and terms around our use of personal data. We do not collect data from minors. We do not sell data or provide financial incentives for data collection. Our privacy terms and practices align to the requirements of the CCPA.

OK

GDPR Compliance

CCPA Compliance

Legal Documents

Data Processing Agreement

Privacy Statement

Terms and Conditions

Mutual Non-Disclosure Agreement (NDA)

Security Documents

Information Security Policy

Access Control Policy

Risk Management Framework

Acceptable Use Policy

Please send an email to hello@stackdeck.com to request access to this file

OK

Subprocessors

For our data processing needs, we engage with third-party subprocessors, reputable service providers who assist in various functions such as data storage, analytics, and customer support, ensuring compliance with our privacy and security standards.

Digital Ocean
Cloud computing and infrastructure hosting services to store and manage data securely.
NL
Show less
Show more

At Stackdeck we take privacy seriously and for that reason we have selected DigitalOcean to securely store data.

DigitalOcean plays a crucial role in our business and we trust it with our most sensitive data, which is why we made a very conscious choice when selecting this provider.

Our managed database clusters are encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL.

Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades. We use the LUKS default mode aes-xts-plain64:sha256 with a 512-bit key.

Backups are encrypted with a randomly generated key per file. These keys are in turn encrypted with RSA key-encryption key-pair and stored in the header section of each backup segment. The file encryption is performed with AES-256 in CTR mode with HMAC-SHA256 for integrity protection. The RSA key pair is randomly generated for each service. The key lengths are 256-bit for block encryption, 512-bit for integrity protection, and 3072-bits for the RSA key.

Data Processed: All customer data (such as, but not limited to employee information (including names and email addresses), collected bill information, subscription information and more).

Data Location: Amsterdam

Apideck
Provide a unified data-proxy API for integrated accounting and HRIS services.
BE
Show less
Show more

At Stackdeck, we employ Apideck to offer a unified data-proxy API that seamlessly integrates accounting and HRIS (Human Resources Information System) services. This integration facilitates efficient data management and connectivity between our core business functions, enhancing operational efficiency and data coherence.

We prioritize data security, implementing advanced encryption and access controls to protect the information managed through Apideck. Stackdeck is dedicated to upholding transparency, adhering to privacy regulations, and ensuring robust contractual protections in our use of Apideck.

Data Processed: Integration data for accounting and HRIS services, Customer details (including name and email).

Data Location: Belgium

Postmark
Deliver transactional emails to customer's employees on behalf of Provider's platform.
US
Show less
Show more

At Stackdeck, we utilize Postmark for the reliable delivery of transactional emails directly to our customers' employees via our platform. This service ensures timely and secure communication, essential for operational efficiency and customer satisfaction.

We commit to the highest standards of data security, employing advanced encryption and access controls to safeguard email content. Stackdeck ensures transparency, compliance with privacy laws, and stringent contractual safeguards with our use of Postmark.

Data Processed: Transactional email content and recipient details.

Data Location: United States

MongoDB
Secure storage of activity logs.
Frankfurt
Show less
Show more

At Stackdeck, we leverage MongoDB for the secure storage of activity logs, ensuring that operational data is efficiently captured and stored. This use of MongoDB facilitates comprehensive logging of system activities, aiding in monitoring, analysis, and auditing processes.

We prioritize data security, utilizing advanced encryption and stringent access controls to protect the stored logs. Stackdeck is committed to transparency, adhering to privacy laws, and maintaining robust contractual protections with our use of MongoDB.

Data Processed: Activity logs detailing system operations.

Data Location: Frankfurt.

OpenAI
Enhance the accuracy of transaction identification
US
Show less
Show more

At Stackdeck, we use ChatGPT to streamline transaction processing, focusing on the distillation of product and supplier information. By analyzing merchant names and transaction descriptions, we enhance the accuracy of transaction identification without processing transaction amounts, unless specified in the description.

We ensure data security through robust encryption and strict access controls, maintaining transparency and compliance with privacy laws. Stackdeck's use of ChatGPT includes stringent data protection measures.

We have filed a "Do not train on my content request" with OpenAI to not use our data as training data. OpenAI confirmed our request and confirmed that it does not train their model(s) on our data.

Data Processed: Merchant names and transaction descriptions for the purpose of transaction identification and categorisation. Customer names (your business name) is never shared with OpenAI.

Data Location: Northern America

Security Controls

For our data processing needs, we engage with third-party subprocessors, reputable service providers who assist in various functions such as data storage, analytics, and customer support, ensuring compliance with our privacy and security standards.

Organizational Security
  • Security awareness training
  • Asset disposal procedures utilized
  • Confidentiality agreement for employees
  • Confidentiality agreement for contractors
  • Criminal background checks performed
Show more
Show less
Infrastructure Security
  • Database replication
  • Automated security patching
  • Service infrastructure maintenance
  • Production data backups conducted
  • Limited production database access
  • Production database authentication enforced
  • Infrastructure performance monitoring
  • Auto-scaled & load-balanced
  • Infrastructure network firewall
Show more
Show less
Product Security
  • Data encryption at rest
  • Data encryption in transit with SSL
  • Remotely stored audit logging
  • Vulnerability monitoring & reporting
  • Application & infrastructure monitoring
  • Cloud configuration security monitoring
Show more
Show less
Network Security
  • Web application firewall
  • Managed DDoS protection
  • Direct Access Disabled (SSH/RDP)
  • Production Data Backups Conducted
  • SSL encryption enforced
  • Browser integrity check
Show more
Show less

Frequently asked questions

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Can I try Stackdeck for free?

Yes, we offer a free plan with a lot of features. The free plan will give you all the power you need to run a smooth SaaS driven business.

What do I need to get started?

Trust, SSO and wifi. Create an account in no time, connect with our integrations, and get up and running within minutes.

What’s the onboarding like?

Our onboarding process is highly efficient, providing assistance at every step to ensure your seamless experience.

Can Stackdeck help us with procurement?

Stackdeck is fully equipped to support all your procurement needs. Leveraging data from SSO, HRIS, and Accounting integrations, we possess comprehensive insights on app usage, ensuring we are well-prepared for any procurement scenario.

Does Stackdeck make deals with partners to promote their software?

We prioritize transparency and will always be on your side, not theirs. Our commitment is to help you optimize SaaS within your company. We will always provide you with the best deals possible.

Additional Information

For our data processing needs, we engage with third-party subprocessors, reputable service providers who assist in various functions such as data storage, analytics, and customer support, ensuring compliance with our privacy and security standards.

Join our newsletter

We’ll send you a nice letter once per week. No spam.
🥳 Thank you! Your submission has been received!
😅 Oops! Something went wrong while submitting the form.

Get your SaaS together

How we help

Discovery
Insights
Finance
Security
Integrations

Company

About us
Careers We are hiring!
Contact

Resources

Cookies
Terms
Privacy
© 2024 Stackdeck. All Rights Reserved.