Privacy
How stacktower.ai handles visitor data, cookies, third-party services, and your rights as a reader.
Summary
StackTower AI is an independent AI education publication. We try to keep data collection minimal and to be honest about what is and is not running on the site today. This page describes the categories of data the site processes when you visit, the third parties involved, the exact cookies it sets, and how to exercise your rights. If you have a question that is not answered here, write to hello@stacktower.ai.
Last updated: 2026.
Edge and hosting (Cloudflare)
The site is served through Cloudflare. As an edge provider, Cloudflare necessarily processes some information about every request in order to deliver pages and to protect the origin from abuse. This includes:
- Your request IP address, used to route traffic and to apply rate limits and bot protection.
- Standard request headers such as the User-Agent string, referrer, and the path you requested.
- Security challenge state when Cloudflare presents a CAPTCHA or managed challenge to a request that looks automated.
- Edge access logs retained for a short window to support debugging and incident response.
Cloudflare processes this data as our infrastructure provider. Their privacy practices are documented at cloudflare.com/privacypolicy.
Analytics
If we enable a site-wide analytics product (Google Analytics, Plausible, or similar) the analytics script runs only after you grant the Aggregate analytics toggle on the cookie banner. Until you grant analytics consent, no analytics events are emitted from your browser. You can revoke consent at any time by clearing the sba_analytics cookie in your browser and reloading the page; the banner will reappear.
Advertising
We are not currently displaying paid advertising on stacktower.ai. When advertising is wired in the future via Google AdSense or another network, that network will set cookies and may use a mobile advertising identifier to personalise ads, frequency-cap impressions, and measure clicks. The categories of data typically collected by display-ad networks include:
- Ad cookies and similar local-storage keys placed in your browser.
- Your truncated IP address and approximate geographic region.
- Page URL, referrer, viewport size, and basic device information.
- For users who have opted in elsewhere, an advertising identifier or pseudonymous user ID.
When advertising is enabled, this section will name the network, link to its policy, and describe the opt-out controls available to you. Until then, no advertising scripts are loaded on the page.
Cookie inventory
The table below names every cookie this site can set, the purpose it serves, how long it lives, and whether a third party can read it. We split cookies into two purposes — push notifications and analytics — so you can grant one without the other.
| Cookie name | Purpose | Retention | Third-party? |
|---|---|---|---|
sba_push | Records whether you have granted permission for the service worker to register and subscribe your browser to push notifications. Values: granted or denied. | 365 days from your last choice | No (first-party only) |
sba_analytics | Records whether you have granted permission for analytics scripts to run and for the edge to log campaign-attribution data (utm_* parameters, referrer). Values: granted or denied. | 365 days from your last choice | No (first-party only) |
sba_consent | Legacy single-cookie consent token used before we split push and analytics consent. Migrated automatically on your first visit after the split and then cleared. Will not be re-set. | Cleared on first visit after migration | No (first-party only) |
sba_utm | Stores the campaign parameters (utm_source, utm_medium, etc.) and referrer for the visit that originally brought you to the site, so we can attribute newsletter signups to the source link without analytics. Only written when sba_analytics=granted for visitors from the EEA/UK, and unconditionally for visitors elsewhere. | 30 days | No (first-party only) |
Cloudflare __cf_bm, cf_clearance | Strictly necessary for bot mitigation and security challenges; required to access the site under managed challenge. | 30 minutes (__cf_bm); 30 days (cf_clearance) | Cloudflare (infrastructure provider) |
How to delete your data
You have two paths to delete data we hold about you, depending on what you signed up for.
Newsletter subscribers
If you subscribed to the newsletter, the confirmation email we sent when you signed up contains a "Manage your subscription" link. That link carries a signed proof-of-ownership token bound to your email address; clicking it opens a one-click delete form that removes your address from our mailing-list provider (Beehiiv) and suppresses any future sends to the same address.
If you have lost the confirmation email, write to hello@stacktower.ai from the email address you subscribed with and we will action the deletion within 30 days.
Visitors who never subscribed
If you never gave us an email address, we hold no personal data tied to your identity — only the request logs Cloudflare retains for security and the optional sba_utm first-party cookie described above, neither of which is keyed to a real-world identity. Clearing your browser cookies for this domain removes the sba_* values; Cloudflare's edge logs expire on their own retention schedule.
Your rights
You can ask us what data we hold about you, request deletion of any data tied to a contact you have made with us, opt out of future communications, or raise a concern about how the site handles your information. Send your request to hello@stacktower.ai and we will respond within 30 days.
Contact
For any privacy question, including data-deletion requests, email us at hello@stacktower.ai. We treat each request individually and acknowledge receipt within two business days.
Changes to this policy
When this page changes — for example, when advertising or analytics is wired — we update the "Last updated" date above and describe what changed. Material changes are reflected on this page before the corresponding code ships to stacktower.ai.