Skip to main content
Privacy documentation

Privacy policy status

Policy release checkpoint. The prior draft is under review against current product behavior and is not presented here as a final privacy policy.

Privacy language must match the product

A privacy policy is not a collection of ideal statements. It is the plain record of which data the current service handles, why it handles it, where it goes, and what a person can do about it.

Stemma is reconciling the public policy with the shipping product, security boundary, vendor list, retention behavior, and legal obligations before publishing a final version.

What the final policy needs to answer

Data categories

The final policy must identify the information the service collects, the information users provide, and any operational data required to run the service.

Purpose and access

It must explain why each category is processed, who can access it, and how the privacy boundary described in the security documentation applies.

Retention and deletion

It must state retention periods, deletion behavior, export scope, and the practical steps a customer can take when their relationship with the service changes.

Before publication

  • Product and engineering confirm actual data flows, support tooling, and export or deletion behavior.
  • Operations confirm subprocessors, notifications, retention, and incident procedures.
  • Legal approves jurisdictional language, contact information, and the version that will govern customer use.

Privacy question

Ask the team about the current public documentation. Do not send passwords, recovery material, or personal documents by email.

Contact Stemma