Stokik

Privacy Policy

Last updated: April 2026

1. Information we collect

We collect information you provide directly to us, including:

  • Account information — email address, name, and password when you register.
  • Profile information — optional details gathered during onboarding such as your role, how you heard about us, intended use (personal or team), and areas of interest. This is used solely to personalise your experience.
  • Planning content — projects, canvas nodes, edges, sticky notes, documents, and folder structures you create within Stokik.
  • Organisation and team data — organisation names, member email addresses, roles, and invite records when you create or join a team workspace.

We also automatically collect certain technical information when you use the service, including your IP address, browser type, operating system, referring URLs, and pages visited.

2. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the service.
  • Send transactional emails — account verification, password reset, team invitations, and other service notifications.
  • Personalise your onboarding and in-app experience based on the profile information you provide.
  • Monitor and analyse usage patterns to understand how the product is used and where it can be improved.
  • Detect and prevent fraudulent or abusive activity.
  • Send product updates and occasional announcements if you have opted in.

We do not sell your personal information to third parties.

3. Data storage and security

Your data is stored on servers located in the European Union. We use industry-standard encryption in transit (TLS) and at rest. We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction.

4. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it by law or for legitimate business purposes such as fraud prevention.

Content you have shared with organisation members (projects, documents) may remain visible to those members until the organisation or workspace is also deleted.

5. Cookies

We use two categories of cookies:

  • Strictly necessary cookies — session cookies required for authentication and CSRF protection. These cannot be disabled without breaking the service.
  • Analytics cookies — we use Google Analytics 4 to understand aggregate usage patterns (pages visited, session duration, geographic region). Google Analytics sets its own cookies. No personally identifiable information is shared with Google Analytics beyond what it collects automatically. You can opt out using the Google Analytics opt-out browser add-on.

We do not use advertising cookies or sell data derived from cookies to third parties.

6. Third-party services

We use the following third-party services:

  • Google OAuth — optional sign-in via Google. If you use this, Google's privacy policy governs the information shared during authentication. We only receive your email address and name from Google.
  • Google Analytics 4 — aggregate usage analytics. See section 5 for details.
  • Transactional email provider — we send emails (verification, invites, password reset) via a third-party provider. Your email address is shared with this provider solely to deliver these messages.

7. Sharing within organisations

When you create or join an organisation workspace in Stokik, other members of that workspace can see your name, email address, and role within the organisation. Projects and documents shared within an organisation are visible to members according to the permission settings the project owner or admin configures.

We do not share your information across separate, unrelated organisations.

8. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal information. To exercise these rights, contact us at privacy@stokik.com. We will respond within 30 days. For deletion requests, note that content shared with organisation members may need to be handled separately by the organisation admin.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by email or via a notice in the application at least 14 days before they take effect. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this privacy policy? Email privacy@stokik.com.