Privacy Policy
Last updated July 11, 2026
This policy describes what personal data Basestash (operated by Andreas Karampatsos, United Kingdom — the data controller) collects, why, and how it is handled. The short version: we collect the minimum needed to run an Airtable backup service, we sell nothing, and we run no advertising or cross-site tracking.
1. Data we collect
Account data: your email address and, if you sign in with Google, your Google account’s basic profile (name, email). Used to authenticate you and send transactional email (sign-in links, backup alerts).
Airtable access tokens: the personal access tokens you provide are stored encrypted with AES-256-GCM and used only to back up the bases you connect and to perform restores you explicitly request. They are never shown back to you or shared.
Backup data: the contents of the Airtable bases you connect (records, schema, comments) are stored so we can provide backups. This data is processed on your instructions only — we do not mine, analyze, or share it, and each customer’s data is isolated from every other customer’s.
Billing data: payments are processed by Stripe. We never see or store your card number; we store the Stripe customer and subscription identifiers needed to manage your plan.
Technical logs: standard server logs (IP address, request path, timestamps) kept briefly for security, rate limiting, and debugging.
2. Cookies
We set only the session cookies required to keep you signed in. There are no advertising or analytics cookies and no third-party trackers.
3. Processors
We use a small set of service providers to run Basestash: Stripe (payments), Google (optional sign-in), Resend (transactional email), Cloudflare (DNS and email routing), and Oracle Cloud (hosting). Each receives only what its role requires.
4. Retention and deletion
Backup snapshots are kept for your plan’s retention window and then deleted automatically. If you disconnect a base or close your account, its backup data is deleted within 30 days. Account records needed for tax and accounting are kept as the law requires.
5. Your rights
Under the UK GDPR (and the EU GDPR where it applies to you) you can request access to, correction of, export of, or deletion of your personal data, and you can object to or restrict processing. Email support@basestash.net and we will respond within 30 days. You may also lodge a complaint with your local supervisory authority; ours is the UK Information Commissioner’s Office (ICO).
6. Security
All traffic is encrypted in transit (TLS). Airtable tokens are encrypted at rest, tenant data is strictly isolated, and completed snapshots are immutable. If we become aware of a breach affecting your data we will notify you without undue delay.
7. Changes and contact
Material changes to this policy will be announced by email or in-app notice before they take effect. Data controller: Andreas Karampatsos, United Kingdom, trading as Basestash. Contact: support@basestash.net.