Effective date: April 10, 2026
Halion Technologies, LLC ("we", "us", "our") operates StuffPack ("the Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
When you create an account, we collect your email address and display name. If you sign in with Google, we receive your name, email, and profile photo from Google.
You provide gear items, packs, trips, and related details (weights, categories, notes, images). This is the core data you create and manage in StuffPack.
When you subscribe to a paid plan, payment details (card number, billing address) are collected and processed directly by Stripe, Inc. We do not store your full card number. Stripe provides us with a token, the last four digits of your card, and your billing email. See Stripe's Privacy Policy.
We use PostHog to collect anonymous usage analytics such as pages visited, features used, and device type. This helps us understand how the Service is used and where to improve. See PostHog's Privacy Policy.
PostHog also records sessions on the Service so we can diagnose bugs and understand how users interact with features. A session recording captures page navigation, clicks, scrolls, and the layout of what was on screen.
What is masked in recordings:
What is not masked:
We do not record keystrokes inside form fields, and payment details never reach our servers or recordings — all payment data is handled directly by Stripe on their own pages.
Recordings are stored on PostHog's infrastructure (not on StuffPack servers) and are retained for approximately 30 days under PostHog's standard retention policy. Our lawful basis for processing session recordings under the GDPR is our legitimate interest in diagnosing bugs and improving the Service. You may object to this processing at any time by contacting us as described below.
Opting out: If you would prefer that your sessions not be recorded, contact us through your account settings and we will exclude your account from recordings.
Our servers automatically record information such as your IP address, browser type, and request timestamps. This data is used for security, debugging, and service reliability.
We do not sell your personal information to third parties.
We use the following third-party services that may receive or process your data:
We use cookies and browser local storage for authentication sessions and user preferences. PostHog may set cookies for analytics purposes. You can disable cookies in your browser settings, but this may affect your ability to use the Service.
We retain your account and gear data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or billing purposes.
We use industry-standard security measures including encrypted connections (TLS), Firebase security rules, and Stripe's PCI-compliant payment infrastructure. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
You may:
If you are located in the European Economic Area (EEA), you may have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, sign in to your account and contact us through your account settings. If you don't have an account, you can create one for free.