Stoopkeep← Back to home

Privacy Policy

Last updated: April 18, 2025

DiffBeam Studios (“we,” “us,” or “our”) operates Stoopkeep (“Service”). This Privacy Policy explains how we collect, use, and protect your personal information when you use the Service.

1. Information We Collect

We collect information in the following ways:

  • Account information: Your email address and, optionally, your name, when you register or sign in via magic link.
  • Financial and property data: Expense records, receipt images, vendor names, amounts, dates, expense categories, and property information that you enter or upload.
  • Tenant-submitted data: Issue descriptions and photos submitted by your tenants through your property’s unique maintenance link.
  • Usage data: Log data including IP address, browser type, pages visited, and feature usage, collected automatically when you access the Service.
  • Payment information: Subscription billing is handled entirely by Paddle. We do not store your credit card details on our servers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Send transactional emails such as magic-link sign-ins, receipt confirmations, and monthly expense summaries (Pro plan).
  • Process AI receipt scanning using third-party AI APIs (Google Gemini in production).
  • Generate tax-ready exports (Schedule E CSV) based on your expense data.
  • Respond to your support inquiries.
  • Detect and prevent fraud or abuse.

We do not sell your personal information to third parties.

3. Data Storage and Security

Your data is stored on Supabase, a secure cloud database platform. We enforce the following security practices:

  • AES-256 encryption at rest and TLS encryption in transit for all data.
  • Row-Level Security (RLS) policies ensure that only you can access your own records — our staff cannot read your financial data.
  • Receipt images are stored in private, access-controlled cloud storage buckets.
  • Authentication is handled via Supabase Auth using secure, time-limited magic links.

While we implement industry-standard safeguards, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate the Service:

  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting and deployment.
  • Resend — transactional email delivery (magic links, notifications).
  • Paddle — subscription billing and payment processing.
  • Google Gemini — AI-powered receipt scanning (production environment). Receipt images are sent to the Gemini API for processing and are not retained by Google for training purposes under our API usage terms.

Each third-party service is governed by its own privacy policy. We encourage you to review their policies for details on their data practices.

5. Cookies and Tracking

The Service uses session cookies solely for authentication purposes (to keep you logged in). We do not use third-party advertising cookies or tracking pixels. We may use basic, privacy-preserving analytics to understand aggregate usage patterns.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information and associated data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data in a machine-readable format.

To exercise any of these rights, contact us at stoopkeep@diffbeam.com. We will respond within 30 days.

8. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the Service after changes are posted constitutes your acceptance.

10. Contact

If you have any questions or concerns about this Privacy Policy, please contact us at stoopkeep@diffbeam.com.