Privacy Policy

Effective Date: February 21, 2026
‍
NOCOStack (“Company,” “we,” “our,” or “us”) operates the NOCOStack website and application (the “Service”). NOCOStack provides premium integrations and add-on services for Quickbase applications.

This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service.
‍
By using the Service, you agree to the practices described in this Privacy Policy.
‍
1. Information We Collect
‍
A. Account Information
When you create an account, we may collect your name, email address, phone number, billing address, and business name.
‍
B. Payment Information
Payments are processed by Stripe. We do not store or process full credit card numbers on our servers. Stripe securely handles all payment information in accordance with PCI-DSS requirements. We retain only necessary billing records such as customer IDs and transaction identifiers.
‍
C. Quickbase Data
NOCOStack integrates with Quickbase to process data at your direction.
We may temporarily process Quickbase data for purposes such as generating PDFs, sending emails, and performing API-driven automations. We do not store Quickbase data long term as it's only used to generate the intended result of each plugin (i.e. generate a pdf utilizing your QuickBase data for example).
‍
D. Google and Microsoft Account Access
If you choose to connect your Google or Microsoft account, we request authorization solely to send emails on your behalf.
For Google integrations, we request send-only Gmail permissions along with basic account details in order to send transactional notifications as part of each plugin. We do not read inbox content, access Gmail message data, monitor mailbox activity, or store email bodies.
‍
NOCOStack’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not use or disclose Google user and personal data to third-parties or utilize for advertising, profiling, resale, or unrelated purposes. We're committed to protecting the confidentiality of your data. We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. You may request for any personal or account information to be deleted at any time. OAuth tokens are encrypted in transit and at rest and are only stored for the duration of an active account.
‍
E. Log Data
When you access the Service, we may collect information such as IP address, browser type, device information, pages visited, timestamps, and usage metrics. This information is used to maintain security, improve reliability, and optimize performance.
‍
F. Cookies
We may use cookies and similar technologies to maintain sessions, improve user experience, and analyze performance. You may disable cookies through your browser settings, though some features of the Service may not function properly.
‍
2. How We Use Information
We use collected information to provide and operate the Service, process payments, generate PDFs and automated outputs, send emails at your direction, maintain system security, measure API usage for billing and performance, and communicate important service updates.
We do not sell personal information.
We do not use customer data for targeted advertising.
‍
3. Data Sharing and Disclosure
We may share information with trusted service providers strictly for operational purposes, including cloud infrastructure providers such as Amazon Web Services, payment processors such as Stripe, and email delivery infrastructure used to send authorized communications.
These providers are contractually obligated to safeguard information and use it only to provide services to us.
We do not sell or rent personal information to third parties.
We may disclose information if required by law or to protect the rights, safety, and integrity of the Service.
‍
4. Data Retention
We retain personal information only as long as necessary to provide the Service, comply with legal obligations, maintain billing records, and track API usage metrics.
OAuth tokens are deleted immediately upon account disconnection or revocation.
We do not retain sent email content or logs of email bodies.
‍
5. Security
We use commercially reasonable administrative, technical, and physical safeguards to protect information. Data is encrypted in transit using HTTPS, and sensitive credentials and tokens are encrypted at rest. The Service is hosted on secure cloud infrastructure.
No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
‍
6. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites.
‍
7. Children’s Privacy
The Service is intended for business users and is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
‍
8. Your Rights
You may request access to your personal information, request correction of inaccurate information, request deletion of your account, and revoke Google or Microsoft access at any time.
Google account permissions can also be revoked at https://myaccount.google.com/permissions.
‍
9. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised Effective Date.