Stance.

Privacy Policy

Last updated: February 10, 2026

Stance LLC ("Stance," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Stance application, website at stance.today, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Username, password (stored in hashed form), and optionally your email address.
  • Profile Information: Profile picture (optional), display name, and selected interest categories (e.g., lifestyle, society, technology, culture, politics, philosophy).
  • User Content: Opinions, replies, and likes you submit through the Service.
  • Communications: Information you provide when you contact us for support or feedback.

1.2 Information Collected Automatically

  • Usage Data: Activity metrics such as streak counts, total opinions posted, and last activity dates.
  • Device Information: Device type, operating system, browser type, and unique device identifiers.
  • Log Data: IP address, access times, pages viewed, and referring URLs.
  • Cookies and Local Storage: Session tokens and user preferences stored via cookies and browser local storage. See our Cookie Policy for details.
  • Push Notification Tokens: If you enable push notifications, we collect device tokens to deliver notifications about activity on your content.

1.3 Information from Third-Party Sources

If you choose to sign in using a third-party provider (such as Google or Apple), we may receive your name, email address, and profile picture as permitted by that provider and your privacy settings. We do not receive or store your third-party account password.

2. How We Use Your Information

We use the information we collect to:

  • Provide and Maintain the Service: Create and manage your account, display your opinions, calculate streaks and leaderboard rankings, and deliver the core experience.
  • Personalize Your Experience: Show content relevant to your selected interest categories and display topics tailored to your preferences.
  • Safety and Content Moderation: Analyze uploaded images using automated moderation technology to detect and prevent prohibited content. Monitor for violations of our Terms of Service.
  • Communications: Send push notifications about activity on your content (likes, replies) when you have opted in. Respond to your inquiries and support requests.
  • Improve the Service: Analyze usage patterns to improve features, fix issues, and develop new functionality.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, or governmental requests.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract Performance: Processing necessary to provide you with the Service as described in our Terms of Service (e.g., account creation, content display, notifications).
  • Consent: Where you have given explicit consent, such as opting in to push notifications or uploading a profile picture. You may withdraw consent at any time.
  • Legitimate Interests: Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and content moderation, provided these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with legal obligations to which we are subject.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party companies to perform services on our behalf, subject to contractual obligations to protect your data:

  • Cloud infrastructure and storage providers: Hosting, file storage (e.g., profile images), and automated image content moderation.
  • Push notification services: Delivery of notifications about activity on your content (likes, replies).
  • AI service providers: Generation of daily discussion topics. No personal user data is shared with AI providers for topic generation.
  • Database hosting providers: Secure storage and management of application data.

4.2 Other Users

Your username, profile picture, opinions, replies, streak count, total opinions count, and leaderboard rankings are visible to other users of the Service. Do not share information in your opinions or profile that you do not wish to be publicly accessible.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, ensure the safety of our users, or cooperate with law enforcement.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via the Service or email of any change in ownership or uses of your personal information.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from the laws of your country.

If you are located in the EEA or UK, we ensure that transfers of personal data are made subject to appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

  • Account Data: Retained for the duration of your account. Deleted upon account deletion request, subject to a reasonable processing period of up to thirty (30) days.
  • User Content: Retained for the duration of your account. You may request deletion of specific content by contacting us.
  • Session Data: Authentication sessions expire after thirty (30) days of inactivity and are then deleted.
  • Push Notification Tokens: Retained while notifications are enabled. Removed when you disable notifications or delete your account.
  • Log Data: Retained for up to ninety (90) days for security and debugging purposes.

We may retain anonymized or aggregated data that cannot identify you for analytical purposes indefinitely.

7. Your Rights and Choices

7.1 All Users

  • Access and Update: You can access and update your account information through the Service settings.
  • Account Deletion: You may request deletion of your account and associated personal data by contacting us at privacy@stance.today.
  • Push Notifications: You can enable or disable push notifications through your device settings at any time.
  • Cookies: You can manage cookie preferences through your browser settings. See our Cookie Policy.

7.2 EEA and UK Users (GDPR)

Under the GDPR, you have the following additional rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: Request restriction of processing of your personal data in certain circumstances.
  • Right to Data Portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties with whom we share it.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, contact us at privacy@stance.today. We will respond to verifiable requests within forty-five (45) days.

8. Children's Privacy

The Service is not intended for children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child under 13 has provided us with personal information, please contact us at privacy@stance.today, and we will take steps to delete such information.

For users between the ages of 13 and 18, we encourage parents and guardians to monitor their children's online activities and to consider using parental control tools. Minors may only use the Service with the consent of a parent or legal guardian.

9. Artificial Intelligence and Automated Processing

We use artificial intelligence and automated systems in the following ways:

  • Topic Generation: Daily discussion topics are generated using AI. No personal user data is used as input for topic generation.
  • Image Moderation: Profile images you upload are analyzed by automated content moderation systems to detect potentially inappropriate content. If an image is flagged, it is rejected and deleted. No human review of flagged images occurs unless required for an appeal.

These automated processes do not produce legal or similarly significant effects on you. If you believe an automated decision was made in error, you may contact us to request a review.

10. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Industry-standard password hashing
  • Secure, HTTP-only session cookies
  • Encrypted credential storage on mobile devices
  • Measures to detect and prevent automated abuse
  • Input validation and sanitization
  • Security headers on all server responses
  • Regular security assessments and monitoring

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. For significant changes, we may also provide notice through the Service or via email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us:

Stance LLC

Privacy Contact: privacy@stance.today

Website: stance.today

For EEA and UK residents: While we do not currently have a formal Data Protection Officer (DPO), you may direct all data protection inquiries to the email address above. We will respond to all legitimate requests within one (1) month, or within any shorter period required by applicable law.