Privacy Policy

Last updated: May 2026

This policy explains how SecondStack collects and processes data when operating as a self-hosted, multi-model LLM platform for teams and enterprises. SecondStack is operated by Dark Lake, LLC.

1. Data We Collect

We process account details, configuration metadata, usage metrics, and security-relevant logs needed to deliver and support the SecondStack platform.

We also process names, email addresses, and organization metadata needed for account administration and customer communication.

We may obtain information about You from third party sources, including resellers, distributors, business partners, event sponsors, security and fraud detection services, social media platforms, and publicly available sources. Examples of information that we receive from third parties include marketing and sales information (such as name, email address, phone number and similar contact information), and other information about your interactions with our Websites. We may combine such information with the information we receive and collect from You.

2. How We Use Data

Data is used to operate the service, support customer deployments, route alerts, and respond to support requests.

SecondStack runs entirely on customer-controlled infrastructure. Conversation history, attached documents, and usage data generated inside a SecondStack deployment stay on the customer's infrastructure and are not transmitted to Dark Lake, LLC.

Secure authentication and session management on our marketing and support surfaces.
Product reliability and performance analytics in aggregate.
Abuse detection and prevention.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: where you have given us explicit consent to process your data.
Contractual Necessity: where processing is necessary for the performance of a contract with you.
Legal Obligation: where we need to comply with a legal obligation.
Legitimate Interests: where processing is necessary for our legitimate interests or those of a third party, including promoting SecondStack's services to relevant business audiences.

4. Sharing and Retention

We share data only with processors and partners needed to run the service and only under contractual or legal obligations.

Data is retained only as long as needed for service delivery, legal compliance, and legitimate audit obligations.

5. Security and Your Rights

We use encryption in transit, role-based access, audit trails, and least-privilege operations for production environments.

You can request corrections, export records, and account-level data actions consistent with your service contract.

Right to Object

Where we process your personal data based on legitimate interest, including for outreach to business contacts, you have the right to object to such processing at any time by contacting [email protected]. Upon receiving your objection, we will cease processing your data for outreach purposes and remove your contact information from our outreach systems.

6. Website Analytics and Cookies

Our marketing website (secondstack.ai) uses Google Analytics 4 to understand how visitors interact with our pages — which pages are visited, how users arrive, and where they navigate. This helps us improve the site experience.

Google Analytics uses cookies (small text files stored in your browser) to distinguish unique visitors. We load analytics in cookieless mode by default using Google Consent Mode v2. Cookies are only set after you explicitly accept them via the consent banner.

If you decline cookies, Google Analytics continues to operate in a limited, cookieless mode that does not identify or track you individually. You can change your preference at any time using the "Cookie Settings" link in the page footer.

We do not use analytics data to identify individual visitors, build advertising profiles, or sell data to third parties. Analytics data is retained for 14 months and then automatically deleted.

This section applies only to the secondstack.ai marketing website. The SecondStack platform itself is self-hosted on customer infrastructure and does not communicate analytics data back to secondstack.ai or Dark Lake, LLC.

7. Contact, Requests, and Complaints

Dark Lake, LLC is responsible for handling privacy and security communications for SecondStack.

Use the contact aliases below for rights requests, legal notices, and security disclosures.

Privacy requests and rights submissions: [email protected]
Security disclosures: [email protected]
Legal questions and contractual matters: [email protected]
Formal notice copies: [email protected]
General support: [email protected]
Data protection contact (if appointed): [email protected]