Stadian

Privacy Policy

Last updated: March 18, 2026

This Privacy Policy ("Policy") describes how Stadian ("Company", "we", "us", or "our") collects, uses, stores, shares, and protects information in connection with the Stadian platform, website at stadian.app, and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide Directly. We collect information you voluntarily provide when you:

  • Create an account (name, email address, company name, role)
  • Submit a contact or demo request form (name, email, company, message content)
  • Subscribe to a paid plan (billing information, payment method details processed by our payment processor)
  • Communicate with us via email or support channels
  • Upload content to the platform (product data, order information, customer records, COA documents, supplier information)

1.2 Information Collected Automatically. When you access the Service, we may automatically collect:

  • Device and browser information (browser type, operating system, device type)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Usage data (features used, actions taken within the platform, session duration)
  • Performance data (page load times, errors encountered)

1.3 Information from Third Parties. We may receive information from:

  • Payment processors (transaction confirmation, billing status — we do not store full credit card numbers)
  • Identity verification services (for practitioner NPI verification)
  • Analytics providers (aggregated, anonymized usage data)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To operate, maintain, and deliver the features and functionality of the platform, including order processing, inventory management, compliance tracking, and analytics.
  • Account Management: To create and manage your account, authenticate your identity, and process payments.
  • Communication: To respond to your inquiries, send transactional emails (order confirmations, account notifications), and provide customer support.
  • Product Improvement: To analyze usage patterns, diagnose technical issues, and develop new features and improvements to the Service.
  • Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
  • Marketing: With your consent, to send you information about new features, product updates, and promotional offers. You may opt out at any time.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 Service Providers. We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure (Vercel, AWS)
  • Payment processing (Stripe — subject to Stripe's privacy policy)
  • Email delivery (for transactional and support communications)
  • Analytics (aggregated, anonymized data only)
  • Form processing (Formspree — for contact form submissions)

These providers are contractually obligated to use your information only as necessary to provide services to us and are required to maintain the confidentiality of your information.

3.2 Legal Requirements. We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests.

3.3 Business Transfers. If Stadian is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.4 With Your Consent. We may share your information for any other purpose with your explicit consent.

4. Data Storage, Security, and Retention

4.1 Storage. Your data is stored on secure servers provided by our hosting and infrastructure partners. Data may be stored and processed in the United States or other countries where our service providers operate.

4.2 Security Measures. We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee access limited to those with a business need

While we take reasonable precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

4.3 Data Retention. We retain your personal information for as long as your account is active or as needed to provide you with the Service. After account termination, we retain your data for 30 days to allow for data export, after which it is deleted. We may retain certain information as required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

5. Cookies and Tracking Technologies

Our website minimizes the use of cookies and tracking technologies. For full details, please refer to our Cookie Policy.

We do not use third-party advertising cookies or tracking pixels. We may use essential cookies required for the Service to function (e.g., session authentication) and analytics tools that collect anonymized, aggregated data.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability. You have the right to request a copy of the personal information we hold about you in a structured, machine-readable format.

6.2 Correction. You have the right to request that we correct any inaccurate or incomplete personal information.

6.3 Deletion. You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, legitimate business interests).

6.4 Restriction of Processing. You have the right to request that we restrict the processing of your personal information under certain circumstances.

6.5 Objection. You have the right to object to the processing of your personal information for direct marketing purposes.

6.6 Withdrawal of Consent. Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6.7 Data Export. You may export your platform data at any time through the tools provided in the Service.

To exercise any of these rights, contact us at privacy@stadian.app. We will respond to your request within 30 days.

7. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers are located. By using the Service, you consent to the transfer of your information to countries outside of your country of residence, which may have different data protection rules. We take appropriate safeguards to ensure that your information is protected in accordance with this Policy.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.

To exercise your CCPA rights, contact us at privacy@stadian.app.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • All rights described in Section 6 above apply.
  • You have the right to lodge a complaint with your local data protection authority.
  • Our legal bases for processing include: performance of a contract, legitimate interests, compliance with legal obligations, and consent.

For GDPR-related inquiries, contact our data protection contact at privacy@stadian.app.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@stadian.app.

11. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated Policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email or through the Service. Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Stadian
Email: privacy@stadian.app
General: support@stadian.app