Privacy & Security

Heystack keeps your data safe and secure

Data protection

Best-in-class security
and data partners

Logical tenant separation

Encryption in transit

Encryption at-rest


We are not in the business of selling user's data

Own your data

You decide what to share

GDPR compliant

Restricted access

Read-only access through
Google Official APIs

Google Official API

Metadata read-only

No passwords required

Server hosting on Amazon Web Services

Amazon Web Services's (AWS) physical infrastructure is hosted and managed within their secure data centers. Stacked leverages all of the platform’s built-in security, privacy and redundancy features.

AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. AWSs data center operations have been accredited under: ISO 27001, SOC 1 (Audit), SOC 2 (Security, Availability, & Confidentiality), and SOC 3 (General).

SOC 2 (Security, Availability, & Confidentiality)

SOC 1 (Audit)

SOC 3 (General).

ISO 27001

Data Storage on Amazon Web Services

We use whole volume (disk) encryption for any data at rest, including cluster data and backups.

Data that passes through Stacked is encrypted, both in transit and at rest. All connections from the browser to the Stacked platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Stacked requires HTTPS for all services.

Logical tenant separation

Encryption in transit (TLS 1.2+)

Encryption at-rest (AES-256)

Google Suite Integration

When you connect your Google account with Stacked, we will have access to certain information such as the email meta headers (sender, recipient, and date) (“Google Data”) but we will not have access to the email message body or subject line.

We only process Google Data you make available to us through this integration in order to provide the service to you and to improve the services, consistent with Google’s Limited Use Requirements. We do not independently access the Google Data ourselves unless we first obtain your consent to view the Google Data (e.g., to provide you with tech support), we need to do so for internal security purposes, to comply with applicable law, or where the data is fully aggregated and anonymized for internal use purposes and cannot be used to identify you or your email recipients.

We do not use Google Data for advertising purposes.

At any time, you can disconnect your Google account and delete this data in your Google Account Settings.

Login credentials protection

For Gmail and Google Calendar connections, Stacked never collects passwords.

Using a secure OAuth connection to sync these platforms only grants Stacked access to your account through a secure token from Google. This also enables you to set additional security precautions with that provider including 2-factor authentication (2FA). For organizations with enhanced security requirements, Stacked supports SAML-based Single sign-on (SSO) with the following identity providers: Okta, and Auth0.

Google Official API

Only email & calendar metadata (email addresses) used

oAuth integration: no passwords required

2-factor authentication