Skip to main content
Back to home Privacy

What Greekstack collects, why, and how we protect it.

This Privacy Policy describes how Greekstack (“Greekstack,” “we,” “us”) — the white-label platform that powers fraternity and sorority chapter sites — handles data when a chapter, council, or organization (“you”) signs up for and uses the platform. It covers the data Greekstack itself collects from chapters and their administrators. It does not describe how an individual chapter handles its own rushees' data — each chapter publishes its own privacy notice for that on its own chapter site.

Controller vs. processor

For the data a chapter puts into the platform about its members, rushees, and alumni, the chapter is the data controller and Greekstack is the data processor — we process that data only on the chapter's instructions, to provide and support the service. For the data described on this page — the account and usage data Greekstack collects to run its business — Greekstack is the controller.

What we collect from chapters & admins

  • Account & identity: the name, email address, and (optionally) phone number of the administrators and officers who create or are granted access to a chapter console, plus their hashed login credentials.
  • Chapter & organization details: the chapter name, Greek letters, institution, and the branding/configuration you enter during setup.
  • Billing & payment metadata: your plan, subscription status, billing contact, and payment metadata (such as amounts, dates, and status) for subscriptions and — where a chapter enables dues or donations — for those transactions. Card details are collected and stored by Stripe; we never see or store full card numbers, and dues payouts settle to the chapter's own connected account via Stripe Connect.
  • Usage & logs: sign-in events, audit records of admin actions, IP address, browser/user-agent, and error/diagnostic logs used to keep the platform secure and reliable.
  • Support communications: messages you send us and our replies.

We use only first-party functional cookies needed to keep administrators signed in and the service working. We do not run third-party advertising or cross-site tracking cookies.

How we use it

We use the data above to:

  • provide, maintain, and secure the platform and each chapter's isolated tenant;
  • authenticate administrators and prevent unauthorized or cross-tenant access;
  • bill subscriptions, process trials, and handle renewals and receipts;
  • provide support and send essential service notices (billing, security, and material changes);
  • diagnose problems, monitor performance, and improve the product.

We do not sell your data, and we do not use a chapter's member/rushee data for our own marketing or to train advertising models.

Sub-processors

We share data only with the service providers we rely on to operate the platform, each acting under its own security and privacy commitments and processing data only as needed to provide its service to us:

  • NeonManaged Postgres database hosting (system of record).
  • VercelApplication hosting, edge delivery, and image (Blob) storage.
  • StripeSubscription billing and, where a chapter enables it, dues and donation payments — including payouts to a chapter's own connected account via Stripe Connect. Stripe collects and stores payment-card data; Greekstack never sees or stores full card numbers.
  • ResendTransactional and platform email delivery.
  • TwilioSMS delivery for chapter recruitment and notifications, and A2P 10DLC carrier registration at the platform level.
  • CloudinaryImage storage, optimization, and delivery for chapter photos and headshots (used where a chapter enables it).
  • StreamReal-time chapter chat and announcement messaging (used where a chapter enables it).

We may also disclose data if required by law, to protect our rights or the safety of users, or in connection with a merger or acquisition (with notice as required). This list is kept current as our sub-processors change.

Multi-tenant data isolation

Greekstack is multi-tenant, but each chapter's data is isolated in its own dedicated database schema. One chapter cannot read, query, or address another chapter's roster, recruitment, dues, or member data, and every request is resolved to a single tenant before any data is read. Within a chapter, officer access is further scoped by role-based permissions, and where optional services (chat, SMS, image delivery) are used, channels, identifiers, and assets are namespaced per chapter so they never cross tenants.

Payments & card data (Stripe)

Subscription billing — and, where a chapter enables it, member dues and alumni donations — is processed by Stripe. Payment-card details are collected and stored by Stripe under its own PCI-compliant systems; Greekstack never sees or stores full card numbers. When a chapter collects dues or donations, funds are paid out to the chapter's own connected account through Stripe Connect — Greekstack only stores payment metadata (such as amount, status, and the associated member or invoice), not card data.

SMS consent, TCPA & A2P 10DLC

Where a chapter sends text messages through the platform, those messages are delivered via Twilio and are subject to U.S. SMS rules. Recipients must provide the consent required by the TCPA, and every message stream honors STOP / HELP / START keywords and a recipient quiet-hours window. A2P 10DLC brand and campaign registration is handled by Greekstack at the platform level with the carriers, so individual chapters do not each register separately. A chapter is responsible for obtaining and honoring the consent of the people it texts; the consent receipts a chapter captures are retained as described in that chapter's own privacy notice.

Where data lives & security

Data is stored in a Postgres database hosted on Neon and an application layer hosted on Vercel, primarily in the United States; optional images may be delivered via Cloudinary and optional chat via Stream. We maintain tenant isolation so one chapter cannot access another's data, and we rely on industry-standard encryption in transit and at rest through our providers, scoped access controls, hashed administrator credentials, and audit logging. No method of transmission or storage is perfectly secure, but we work to protect your data using reasonable safeguards.

Retention, export & deletion

We retain account, chapter, and billing data for as long as your subscription is active and as needed to provide the service. You can export your data (such as your roster, recruitment records, and dues history) to CSV at any time, and you may request a copy or deletion of your data by contacting us. After an account is closed or a subscription ends, Customer Data is made available for export for 30 days, after which it is deleted from active systems; residual copies in routine backups age out on our normal backup cycle. We retain billing records and certain logs longer where required for legal, accounting, tax, or security purposes.

Your rights — GDPR & CCPA/CPRA

Depending on where you are located, you may have the right to access, correct, delete, or receive a portable copy of the personal data we hold about you, to object to or restrict certain processing, and to withdraw consent. California residents (CCPA/CPRA) have the right to know, access, correct, delete, and to opt out of the sale or sharing of personal information — Greekstack does not sell or share personal information. EU/UK residents (GDPR) have the rights described above and may lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at the address below. We will respond within the time required by applicable law (generally within 30–45 days). Where Greekstack processes a chapter's member/rushee data as a processor, requests from those individuals should go to the chapter (the controller); we will assist the chapter in responding.

International transfers

If you access the platform from outside the United States, your data will be transferred to and processed in the United States and other countries where we or our sub-processors operate. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for such transfers.

Children

The platform is intended for use by chapter administrators, who are adults. It is not directed to children, and we do not knowingly collect personal information from children through the administrator-facing platform. Any age-related handling of a chapter's rushees is governed by that chapter's own privacy notice.

Data Processing Agreement (DPA)

Because Greekstack processes member and rushee data on a chapter's behalf, we make a Data Processing Agreement available to subscribing chapters. To request a DPA, or to ask any data-protection question, email workbenjaminsachwitz@gmail.com.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes we will give reasonable notice (by email or in-app) before they take effect, and we will update the “last updated” date below.

Contact

General questions and privacy-specific requests (access, export, correction, or deletion): workbenjaminsachwitz@gmail.com. See also our Terms of Service.

Last updated: June 2026 · Greekstack — the white-label Greek-life platform · Contact: workbenjaminsachwitz@gmail.com