Security

Staark takes privacy and security seriously and uses reasonable technical, administrative, and organizational safeguards to protect user information.

We continue to improve our security practices as the platform grows and as parent and caregiver needs evolve.

Staark users sign in through authentication workflows, including Google sign-in supported by Auth.js.

Account sessions are designed to help keep users signed in while protecting access to account-specific areas of the platform.

Staark does not expose authentication secrets, OAuth tokens, or server API keys in public pages or user-facing exports.

Authenticated account actions are designed to access only the current user’s data.

Sensitive actions such as account deletion and data export are tied to the authenticated session, not a user_id submitted from the browser.

Server-side routes resolve the signed-in account before reading, exporting, updating, or deleting account-owned records.

Payments, subscriptions, invoices, and billing management are handled by Stripe.

Staark does not store full payment card numbers.

Subscription management and cancellation use Stripe-hosted billing workflows, including checkout and customer portal flows where available.

Staark uses reasonable safeguards to protect information against unauthorized access, loss, misuse, or alteration.

Parent and child-related information is stored in account-linked database records and accessed through authenticated server-side workflows.

No system can be guaranteed completely secure, but Staark is designed to limit access to user information and reduce avoidable exposure.

Staark uses AI to generate personalized recommendations and daily plans based on information provided by parents or caregivers.

Staark does not use parent or child personal information to train public AI models.

AI-generated recommendations should be reviewed by parents or caregivers before implementation.

Users can download their data from account settings.

Users can request deletion or delete their account through account settings.

When an account is deleted, active subscriptions are canceled as part of the deletion workflow when a subscription is found.

No system can be guaranteed completely secure. We continue to improve Staark’s security practices as the platform grows.

Users should keep their Google account secure, protect their devices, and contact Staark if they notice unusual account activity.

If you believe you have found a security issue or vulnerability, please contact us at support@staarkai.com.

Effective Date: June 10, 2026.