Effective Date: May 10, 2026 | Last Updated: May 27, 2026
Stash Management, LLC (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to describing our practices transparently. This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and otherwise process personal information and other data when you access or use the Stash Management platform, including all associated websites, applications, and services (collectively, the “Service”).
This Policy applies to all users of the Service, including visitors, registered account holders, and any individuals whose information we receive in connection with the Service. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree to this Policy, you must discontinue use of the Service.
We collect information in the following categories:
When you use the Service, we store the following types of collection data on your behalf:
To provide automated market price estimates for collectibles in your inventory, our Service periodically collects publicly available transaction and pricing data from third-party online marketplaces and pricing guides. This data consists solely of publicly accessible listing prices and historical sale prices — we do not collect, retain, or process any personal information about buyers, sellers, or other individuals from these sources.
All collected pricing data is aggregated and used only to compute estimated market values displayed within the Service. Our automated collection is limited to data that is publicly accessible without authentication. We comply with robots.txt directives published by source websites, rate-limit all automated requests to avoid imposing undue load on third-party systems, and identify our automated collector with a descriptive user-agent string. Pricing information displayed within the Service is for informational purposes only and does not constitute financial advice or a guarantee of value.
We use the information we collect for the following purposes:
We may disclose, transfer, license, or otherwise make available your personal information and other data to third parties in the following circumstances:
We engage third-party vendors and service providers that perform functions on our behalf, such as payment processing, data hosting, analytics, customer support, security services, and email delivery. These providers are granted access to information only as necessary to perform their functions and are subject to appropriate confidentiality obligations.
We may share, license, or transfer your information — including personal information, usage data, and behavioral data — with third-party business partners, data brokers, advertisers, analytics providers, and other commercial entities for purposes including but not limited to market research, targeted advertising, product development, and other lawful commercial activities. Such transfers may involve monetary or other consideration. Where required by applicable law, we will provide you with notice and, where applicable, an opportunity to opt out of such transfers.
In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or a portion of our assets, your information may be transferred to the acquiring or successor entity as part of such transaction. We will provide notice of any such transaction to the extent required by applicable law.
We may disclose your information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of the Company, our users, or the public; or (d) detect, prevent, or address fraud, security vulnerabilities, or technical issues.
We may disclose your information to any third party with your express consent.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying applicable legal, accounting, or reporting requirements, and as otherwise permitted or required by law. We also retain de-identified, aggregated, or anonymized data indefinitely for analytical and business purposes. When determining the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process the data.
We use cookies, web beacons, pixels, local storage objects, and similar tracking technologies to collect information about your use of the Service, to maintain session state, to personalize your experience, and to support our analytics and marketing activities. We may also permit third-party analytics partners to set cookies through the Service.
We apply different consent defaults based on your location:
Strictly necessary cookies are always active regardless of your location or consent choices, as they are required for the Service to function.
The Service supports connections to AI assistants (including Claude, ChatGPT, and other compatible AI tools) via the Model Context Protocol (MCP) standard and OAuth 2.0 authorization. This section describes how those connections work and what data they can access.
When you connect an AI assistant to your Stash account, you will be directed to an authorization screen that identifies the requesting application, lists the permissions being requested, and asks for your explicit approval. No data is shared with the AI assistant until you click “Allow.” You may decline the connection at any time without affecting your Stash account.
Once authorized, a connected AI assistant can access the following data from your account, limited to the permissions you approved:
If you authorize write permissions, a connected AI assistant may also add, update, or mark items as sold in your inventory. Write actions are always described to you before they are executed (dry-run preview), and you must confirm them explicitly.
Authorization tokens are stored securely in your Stash account and are associated with the specific AI application that requested them. Tokens are encrypted at rest. The AI assistant stores its own copy of the token locally on your device (managed by the AI application, not by Stash). Stash does not share your token with any party other than the AI assistant that initiated the authorization.
You may revoke any AI integration at any time by visiting Settings → Connections in the Stash web application. Revoking a connection immediately invalidates the token — any subsequent API calls from that AI assistant will return an authorization error. Previously accessed data that the AI assistant has stored locally is outside of Stash’s control; refer to your AI assistant’s own privacy policy for how it handles cached data.
When you use an AI assistant with the Stash integration, queries you make and inventory data returned by the Stash MCP server may be processed by the AI provider (e.g., Anthropic for Claude, OpenAI for ChatGPT). This processing is governed by the AI provider’s own privacy policy, not by this Policy. We recommend reviewing the privacy policy of any AI assistant you connect to your Stash account.
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and destruction. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information. We are not liable for any breach of security that occurs despite our reasonable precautions. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
Depending on your jurisdiction, you may have certain rights with respect to your personal information, including:
To exercise any of these rights, please submit a request to us using the contact information provided in Section 12. We will respond to verifiable requests within the timeframes required by applicable law. We may need to verify your identity before processing your request, and we reserve the right to deny requests that we cannot verify or that are not required under applicable law.
The Service is not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information promptly. If you believe we may have inadvertently collected information from a child under 13, please contact us immediately.
We are based in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to countries outside your country of residence, including the United States.
We reserve the right to update or modify this Policy at any time and in our sole discretion. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where required by applicable law, provide additional notice. Your continued use of the Service after the effective date of any modified Policy constitutes your acceptance of the modified Policy. We encourage you to review this Policy periodically.
If you have questions or concerns about this Policy, wish to exercise your privacy rights, or have a complaint regarding our data practices, please contact us at:
Stash Management, LLC
Attn: Privacy
Email: privacy@stashmanagement.com
California residents may also contact us to exercise their rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), by submitting a request to the email address above with the subject line “California Privacy Request.”
To revoke access for a connected AI assistant, visit Settings → Connections in the Stash web application rather than contacting us — revocation takes effect immediately without requiring our intervention.