Perstack

Privacy Policy

Last updated: January 19, 2026

This Privacy Policy describes how Wintermute Technologies, Inc. ("Perstack," "we," "us," or "our") collects, uses, and protects your information when you use the Perstack platform, including Studio, Gallery, Runtime, and related services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address: Required for account creation and communication
  • Name: Optional display name
  • Profile image: Optional avatar image URL
  • Organization name: For team and collaborative features
  • Authentication data: Password hashes or OAuth provider identifiers (GitHub, Google)

1.2 User Content

When you use the Service, you may provide:

  • Expert definitions: Instructions, skills, delegates, and configurations you create
  • Workspace files: Files and data you store in application workspaces
  • Environment variables: Configuration values for your applications
  • Secrets: Encrypted sensitive configuration values (stored encrypted)
  • Job queries: Text inputs and files you submit for Expert execution

1.3 Execution Data

When Experts execute, we collect:

  • Checkpoints: Step-by-step execution states including messages, tool calls, and results
  • Token usage: Input, output, reasoning, and cached token counts
  • Execution metadata: Timestamps, status, provider used, model selected
  • Error information: Error messages and retry attempts (no stack traces exposed)

1.4 Usage Information

We automatically collect:

  • API usage: Request timestamps, endpoints accessed, API key usage
  • Credit transactions: Credit grants, purchases, usage, and expirations
  • Session data: Authentication sessions and last activity timestamps

1.5 Payment Information

Payment processing is handled by Stripe. We receive and store:

  • Stripe customer ID and subscription ID
  • Subscription status and billing period
  • Transaction references for credit purchases

We do not store complete credit card numbers, CVVs, or bank account details. This information is processed directly by Stripe according to their Privacy Policy.

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Execute Experts, store your content, and enable platform features
  • Authenticate and secure: Verify your identity and protect your account
  • Process payments: Handle subscriptions, credit purchases, and billing
  • Communicate: Send account-related notifications and respond to inquiries
  • Improve the Service: Analyze usage patterns and optimize performance
  • Ensure compliance: Enforce our Terms of Service and prevent abuse
  • Debug and support: Diagnose issues and provide technical assistance

3. Third-Party Services

3.1 LLM Providers

When you execute Experts, your queries and conversation data are transmitted to your configured LLM provider. Supported providers include:

  • Anthropic (Claude models)
  • OpenAI (GPT models)
  • Google (Gemini models)
  • DeepSeek
  • Azure OpenAI
  • Amazon Bedrock
  • Google Vertex AI

You provide your own API credentials for these services. Your use of LLM providers is subject to their respective privacy policies. We do not control how these providers process your data.

3.2 Infrastructure Providers

We use the following infrastructure services:

  • Fly.io: Application hosting and database services
  • Cloudflare: Content delivery, R2 storage, and edge computing
  • Stripe: Payment processing

3.3 Error Monitoring

We use Sentry for error tracking and monitoring. When errors occur, diagnostic information including user context may be transmitted to Sentry to help us identify and fix issues. Sentry processes data according to their Privacy Policy.

3.4 MCP Services

Experts may integrate with external MCP (Model Context Protocol) services that you configure. Data transmitted to these services is determined by your Expert configurations. You are responsible for understanding the privacy practices of any external services you integrate.

4. Data Storage and Security

4.1 Storage

Your data is stored on:

  • PostgreSQL databases: Account data, Expert definitions, job records, and execution logs
  • Cloudflare R2: Expert content files and checkpoint archives
  • Git repositories: Workspace files with version history

4.2 Security Measures

We implement security measures including:

  • Encryption at rest: Secrets and provider API keys are encrypted before storage
  • Encryption in transit: All communications use HTTPS/TLS
  • API key hashing: API keys are hashed; only prefixes are displayed
  • Sandboxed execution: Experts run in isolated environments
  • Access controls: Organization-level and application-level data isolation
  • Session management: HTTP-only cookies for authentication sessions

While we implement reasonable security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials and API keys.

5. Data Sharing

We do not sell your personal information. We may share data in the following circumstances:

  • With your consent: When you explicitly authorize sharing
  • Service providers: With vendors who assist in providing the Service (subject to confidentiality obligations)
  • Legal requirements: When required by law, legal process, or government request
  • Protection of rights: To protect our rights, safety, or property, or those of our users
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • Published content: Expert definitions you publish to Gallery are publicly visible

6. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active and for a reasonable period after deletion
  • Execution logs: Retained for your reference and debugging purposes
  • Published Experts: Retained indefinitely (versions are immutable); may be marked as from a deactivated account
  • Payment records: Retained as required for accounting and legal compliance
  • Credit transactions: Retained for billing history and audit purposes

Upon account deletion, we will delete or anonymize your personal data, except where retention is required by law or for legitimate business purposes.

7. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal and operational constraints)
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@perstack.ai. We will respond to requests within the timeframes required by applicable law.

8. Cookies and Tracking

We use the following cookies:

  • Authentication cookies: HTTP-only session cookies to maintain your logged-in state
  • Preference cookies: To remember your settings such as theme preference (light/dark mode)

We do not use third-party tracking cookies or advertising cookies. We do not sell your data to advertisers.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We implement appropriate safeguards for international transfers, including standard contractual clauses where required.

10. Children's Privacy

The Service is not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it, the right to request deletion, and the right to opt out of the sale of personal information (we do not sell personal information).

12. European Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent laws. Our legal bases for processing include:

  • Contract performance: To provide the Service you requested
  • Legitimate interests: For security, fraud prevention, and service improvement
  • Consent: Where you have provided explicit consent
  • Legal obligations: To comply with applicable laws

You have the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the modified policy.

14. Contact Us

For questions about this Privacy Policy or our data practices, please contact us at:

Wintermute Technologies, Inc.
Email: privacy@perstack.ai

For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@perstack.ai.