Data posture

Privacy Policy

What Doric Stack collects, why it is used, where processors fit, and how privacy requests are handled.

Doric Stack LLC (“Doric Stack,” “we,” “us,” or “our”) operates doricstack.com and related Doric Stack web pages. Doric Stack LLC is based in St. Petersburg, Florida, United States, and is the controller of the personal data described here. This policy explains the data boundary for the website, Field Notes, product links, checkout paths, contact paths, and support requests.

Doric Stack is built as a static-first public site. Doric Stack does not create first-party user accounts. Doric Stack does not collect or store full payment card numbers. Payment, app-store, booking, and product portal flows are handled by third-party platforms where those platforms are used.

Collection map

CategoryWhat may be collectedWhy it is used
Contact informationName, email address, company, message content, support notes, and booking details you send to us.To respond to contact, consulting, support, security, and privacy requests.
Usage informationAnonymous visitor id, session id, page path, referring page, browser type, device type, approximate region, performance data, duration, engaged time, and abuse signals.To operate the site, understand aggregate traffic, and protect the site from abuse.
Field Notes reactionsArticle slug, reaction type, timestamp, aggregate reaction count, and a salted-hash dedupe value computed at the edge (no raw IP address stored).To reduce duplicate reactions and measure whether an article helped readers.
Product and purchase recordsProduct name, transaction identifier, invoice identifier, subscription state, license support context, and related emails where provided by a processor.To provide support, manage licenses, respond to refund requests, and keep required business records.
Security dataIP address, request metadata, anti-abuse results, and related logs where needed.To protect Doric Stack, prevent spam, investigate misuse, and troubleshoot incidents.

Processors and linked services

Doric Stack delegates payment, booking, hosting, analytics, marketplace, and product flows where practical. These services may process information under their own terms and privacy policies:

  • Paddle for checkout, tax, invoices, buyer support, subscription administration, and refund processing where used. Paddle acts as Merchant of Record for product sales, which makes Paddle the controller for much of the related purchase and tax data.
  • Cal.com for consulting booking where used.
  • Apple App Store for App Store installs, purchases, ratings, refunds, subscriptions, and in-app purchase flows.
  • GitHub, LinkedIn, and external product sites when you follow links from Doric Stack.
  • Cloudflare for hosting, security, analytics, Turnstile, edge infrastructure, and serverless endpoints.
  • A contact-form provider if Doric Stack uses one instead of a direct email link or Cloudflare Function.

We do not sell personal information. We do not build first-party advertising profiles.

Where data protection law such as the EU or UK GDPR applies, we rely on these legal bases: performance of a contract for purchases, license activation, and support you request; legitimate interests for site analytics, abuse prevention, and Field Notes reaction metrics; legal obligation for tax, accounting, and records we must keep; and consent where we ask for it, which you can withdraw at any time.

Cookies and local browser storage

The site avoids non-essential tracking by default. Doric Stack may store an anonymous browser value in local storage or a first-party cookie so article reactions and site metrics can reduce duplicate browser actions. Third-party services may use cookies or similar technologies for security, checkout, booking, analytics, fraud prevention, marketplace purchases, or buyer support.

If Doric Stack adds advertising pixels or non-essential tracking, this policy and any required notice will be updated before that tracking is used.

Site metrics heartbeat

Doric Stack uses a first-party site metrics heartbeat to understand whether pages are loading, whether humans are using them, and which public pages need improvement. The heartbeat can send an anonymous visitor id, session id, page path, referring page, device type, duration, engaged time, and request metadata to Doric Stack infrastructure.

The heartbeat does not create a Doric Stack account, does not store full payment card numbers, and does not identify a named visitor by itself. Doric Stack may combine this data with security metadata such as IP address and user-agent information where needed for abuse prevention, operational debugging, or incident review.

Field Notes reactions

Field Notes reactions are anonymous reader signals. They are not account data, entitlement data, payment data, or proof that a named person liked or disliked an article.

If reactions are enabled, Doric Stack may store aggregate reaction counts and a salted-hash dedupe value tied to the article slug and reaction type, computed at the edge with bot protection (Cloudflare Turnstile). No raw IP address is stored for reactions. Optional private feedback on a dislike, if offered, is used to improve the article and is not displayed publicly.

Retention

We keep information only as long as needed for the reason it was collected, unless a longer period is needed for legal, tax, accounting, security, support, abuse-prevention, dispute, or processor-record reasons.

Examples:

  • Contact messages are kept while needed to respond and maintain business context.
  • Payment, invoice, subscription, and refund records are retained by the relevant platform under its own policy and by Doric Stack for about seven years where needed for tax and accounting obligations.
  • License keys and entitlement records are kept until the license is revoked or no longer needed for support.
  • Field Notes reaction dedupe data is kept in aggregate while article reaction metrics are published or needed for abuse prevention.
  • Security logs may be kept for abuse prevention, troubleshooting, and incident review.

Security

Doric Stack uses reasonable safeguards for the size and nature of the site. We limit first-party collection, avoid storing full card data, use hosted processors for payment flows, and keep sensitive business records outside this public repository.

No method of transmission or storage is perfectly secure. If you need to report a security or privacy issue, email [email protected].

Your choices and requests

You can contact us to request access, correction, deletion, or help with a privacy question. Where the EU or UK GDPR applies, you also have the rights to restrict or object to processing, to data portability, to withdraw consent, and to lodge a complaint with your local supervisory authority or the UK Information Commissioner’s Office. We respond within 30 days, and may extend that where the law allows for complex requests. We may need to verify the request before acting on it, and we may retain limited information where law, tax, security, accounting, dispute, or legitimate business needs require it. If you are in the EU or UK, you can contact us directly at the addresses below about our processing of your data.

Contact: [email protected]

Support and privacy requests: [email protected]

Children

Doric Stack is not directed to children under 13. We do not knowingly collect personal information from children under 13.

International visitors

Doric Stack is operated from the United States. If you access the site from outside the United States, your information may be processed in the United States or in other locations where Doric Stack service providers operate. Where data is transferred out of the EEA or the UK, we and our processors rely on appropriate safeguards such as the Standard Contractual Clauses.

Source stack

SourceWhy it is cited
FTC, Protecting Personal Information: A Guide for BusinessData minimization, retention, security, and incident planning principles.
California Attorney General, CCPAExamples of privacy rights, notices, request methods, and exceptions that may apply by jurisdiction.
FTC, Children’s Privacy and COPPAChild-directed site and under-13 collection boundary.

Changes

We may update this Privacy Policy as the site, products, processors, or services change. The updated date above shows when this page was last revised.