REBEL/STACK

Privacy Policy

Last Updated: January 24, 2026

1. Introduction

Welcome to RebelStack. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, subscribe to our newsletter, or download our resources.

This policy applies to all services offered by RebelStack, including our website at rebelstack.com, newsletter subscriptions, and downloadable resources. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information:

We collect the following personal information:

  • Email Address: Required for newsletter subscription and resource downloads
  • First Name and Last Name: Optional, collected when downloading resources to personalize communications
  • Subscription Source: Whether you subscribed from the homepage or a resource download page
  • Resource Download History: Which resources you have downloaded

2.2 Automatically Collected Information:

  • IP Address: Collected automatically when you visit our website
  • Browser Type and Version: To ensure compatibility
  • Device Information: Device type, operating system
  • Usage Data: Pages visited, time spent, links clicked
  • Cookies and Tracking Technologies: See Section 6 below

2.3 Technical Data:

  • Email verification status and timestamps
  • Download token generation and expiry times
  • Email delivery status (via Resend)

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Primary Purposes:

  • Newsletter Delivery: Sending you our AI tools and deals newsletter
  • Resource Access: Providing download links for resources you've requested
  • Email Verification: Confirming your email address through our double opt-in process
  • Account Management: Managing your subscription preferences and download history

3.2 Secondary Purposes:

  • Service Improvement: Analyzing usage patterns to enhance our content and user experience
  • Marketing Communications: Sending relevant information about new resources and tools
  • Analytics: Understanding how users interact with our website and content
  • Security: Detecting and preventing fraud, abuse, or security issues
  • Legal Compliance: Complying with applicable laws and regulations

4. Email Marketing and Resend

4.1 Email Service Provider: We use Resend (resend.com) as our email delivery service provider. Resend processes your email address to deliver our newsletters and verification emails on our behalf.

4.2 Double Opt-In: We use a double opt-in process for newsletter subscriptions. When you subscribe, we send a verification email. Your subscription is not active until you click the confirmation link in that email.

4.3 Email Content: Our emails include:

  • Verification emails to confirm your subscription
  • Resource download links (when you request a download)
  • Regular newsletters with AI tools, deals, and content
  • Occasional updates about new resources or features

4.4 Unsubscribe: Every marketing email includes an unsubscribe link. You can opt out at any time. Unsubscribing will stop newsletter emails but may not stop transactional emails (like download confirmations).

5. Data Storage and Security

5.1 Database: Your personal information is stored in a PostgreSQL database hosted on secure cloud infrastructure (Vercel Postgres, Neon, or similar providers).

5.2 Security Measures:

  • Encrypted database connections (SSL/TLS)
  • Secure password hashing for admin accounts (bcrypt)
  • Token-based authentication for downloads with expiry times
  • Environment variable protection for sensitive credentials
  • Regular security updates and patches

5.3 Data Retention: We retain your personal information for as long as you remain subscribed or as required for legal purposes. If you unsubscribe, we may retain minimal information for compliance and fraud prevention purposes.

5.4 Data Breach: In the event of a data breach affecting your personal information, we will notify you promptly via email and take immediate steps to mitigate any harm.

6. Cookies and Analytics

6.1 Google Analytics (GA4): We use Google Analytics 4 to analyze website traffic and user behavior. GA4 collects anonymized data about your visit, including pages viewed, session duration, and referral sources. This data helps us improve our website and content.

6.2 Mixpanel: We may use Mixpanel for product analytics and event tracking. Mixpanel collects data about how you interact with specific features (like resource downloads, button clicks). Data is anonymized and does not include personally identifiable information.

6.3 Cookie Types:

  • Essential Cookies: Required for website functionality (session management)
  • Analytics Cookies: Google Analytics and Mixpanel tracking cookies
  • Functional Cookies: Remember your preferences and settings

6.4 Cookie Control: You can control cookies through your browser settings. Blocking cookies may affect website functionality and analytics. Most browsers allow you to refuse or delete cookies.

7. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following data protection rights under GDPR:

  • Right to Access: You can request a copy of all personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data
  • Right to Restrict Processing: You can request limitation of how we process your data
  • Right to Data Portability: You can request your data in a structured, machine-readable format
  • Right to Object: You can object to processing of your personal data for marketing purposes
  • Right to Withdraw Consent: You can withdraw consent at any time (e.g., unsubscribe)

To exercise any of these rights, please contact us at rajan@rebelstack.in. We will respond to your request within 30 days.

8. Third-Party Services

We use the following third-party services that may collect or process your data:

  • Resend: Email delivery service - processes email addresses for sending emails. See Resend's privacy policy at resend.com/privacy
  • Google Analytics: Website analytics - collects anonymized usage data. See Google's privacy policy at policies.google.com/privacy
  • Mixpanel: Product analytics - tracks anonymized user interactions. See Mixpanel's privacy policy at mixpanel.com/legal/privacy-policy
  • Vercel/Neon/Database Provider: Hosting and database services - stores encrypted data. See their respective privacy policies

We carefully select third-party providers that comply with data protection regulations and maintain adequate security standards.

9. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us at rajan@rebelstack.in.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with third-party providers
  • Adequate security measures and encryption

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

For significant changes, we will notify you via email or by posting a prominent notice on our website. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: rajan@rebelstack.in
Data Protection Officer: rajan@rebelstack.in
Website: https://rebelstack.ai

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.

13. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you subscribe to our newsletter or download resources, you provide explicit consent
  • Legitimate Interests: For analytics, security, and service improvement (balanced against your rights)
  • Legal Obligation: When required by law to retain or process certain information
  • Contract Performance: To provide the services you've requested (newsletter delivery, resource access)

For additional terms governing your use of our services, please see our Terms and Conditions.