Privacy Policy

Last updated: 2026 · Draft

⚠ Draft for legal review. This template reflects how Stalex actually handles data; the operating legal entity name and governing details are to be confirmed with counsel before public launch.

This policy explains what information Stalex ("Stalex," "we," "us") collects, how we use it, and the choices you have. Stalex is an AI-powered CRM with built-in business-lead generation.

The data we work with is about businesses, not individuals

The leads in Stalex come from public-record, business-entity sources — company filings, licenses, and company-level contact information tied to a business or entity. Stalex does not build profiles of, sell, or solicit individual consumers, and we do not deal in consumer personal data. Our lead data is business information for legitimate business-to-business outreach.

Information we collect

Account information you give us: your name, work email, company name and EIN, and a password (stored only as a salted, peppered hash — we never store it in readable form).
Business-lead data (the product): public business-entity records you draw into your private workspace.
Payment information: handled entirely by our payment processor, Stripe. Stalex never sees or stores your full card number — only a Stripe reference token and your card's brand and last four digits.
Usage and technical data: a session token to keep you logged in, plus standard server logs (timestamps, IP, request paths) used for security and reliability. We do not use third-party advertising or tracking cookies.

How we use it

To provide the service — your account, workspace, lead delivery, pipeline, and billing.
To process payments and send transactional email (sign-up verification, password resets, team invites, receipts).
To secure the service (rate limiting, fraud and abuse prevention) and to comply with law.

We do not sell your account information, and we do not share it except with the service providers below or where required by law.

Service providers

Stripe — payment processing (PCI-compliant; the card data is handled by Stripe, not Stalex).
Amazon Web Services (SES) — transactional email delivery.
Amazon Web Services — secure hosting and database (encrypted in transit; access-controlled).

Data security

All traffic is encrypted in transit (HTTPS). Passwords are hashed; payment card numbers never touch our servers. Access is restricted and audit-logged. No system is perfectly secure, but we apply standard, current safeguards.

Your choices & removal requests

If you believe a business record in our pool should be corrected or removed, email privacy@stalex.ai with the business name and details. We honor verified removal requests across the service — a removed record is suppressed everywhere and is no longer delivered. You can also close your account at any time by contacting us; we delete or de-identify account data we no longer need to keep.

Changes

We may update this policy as the product evolves; material changes will be posted here with a new date.

Contact

Questions about privacy: privacy@stalex.ai.