Privacy Policy

1. Introduction

StackMeter (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and command-line interface (collectively, the “Service”).

2. Information We Collect

Account Information

When you sign up via GitHub OAuth (powered by Clerk), we receive your GitHub username, email address, and profile avatar. We use this information solely to create and manage your StackMeter account.

Usage Metadata

When you connect an AI tool (e.g., OpenClaw) via the StackMeter CLI, the following metadata is sent to our servers:

• AI provider name (e.g., Anthropic, OpenAI)
• Model name (e.g., Claude Sonnet, GPT-4o)
• Token counts (input, output, cache read, cache write)
• Estimated cost
• Session identifiers
• Timestamps

What We Do NOT Collect

We do not collect, store, or transmit:

• Prompts or prompt content
• AI model responses or outputs
• Tool call content or results
• File contents from your machine
• Your AI provider API keys

The StackMeter CLI runs locally on your machine and only sends aggregated usage metadata as described above.

Subscription Information

If you manually add SaaS or AI subscriptions to track (e.g., ChatGPT Plus, Claude Pro), we store the subscription name, cost, and billing cycle you provide. We do not connect to or access your billing accounts at these providers.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Display your AI usage dashboards and analytics
• Authenticate your identity and secure your account
• Deduplicate usage events to ensure data accuracy
• Improve and develop the Service

4. Data Storage and Security

Your data is stored in a Supabase-hosted PostgreSQL database. We use industry-standard security measures including:

• Encrypted connections (HTTPS) for all data in transit
• SHA-256 hashed tracking tokens (we never store raw tokens)
• Rate limiting on API endpoints to prevent abuse
• Deduplication via unique keys to prevent duplicate data

The CLI stores your tracking token locally at ~/.stackmeter/config.json with restricted file permissions (0600).

5. Third-Party Services

We use the following third-party services:

• Clerk — Authentication (GitHub OAuth). Subject to Clerk's Privacy Policy.
• Supabase — Database hosting. Subject to Supabase's Privacy Policy.
• Vercel — Application hosting. Subject to Vercel's Privacy Policy.

6. Data Retention

We retain your usage data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise any of these rights, please contact us through the feedback widget in the application.

8. Cookies

The Service uses essential cookies for authentication and session management (via Clerk). We do not use advertising or third-party tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

11. Contact

If you have questions or concerns about this Privacy Policy, please contact us through the feedback widget in the application or by visiting stackmeter.app.