Stoke is built by operators, for operators. We take data seriously because your business data is your business.
We collect information you provide when using Stoke: your business name, contact details, customer inquiry data you paste or import, calendar events, invoice data, and social content you generate. We also collect standard usage logs (page views, API calls) to keep the platform running.
Your data is used to operate the Stoke platform — to parse leads, generate content, create invoices, and sync with connected services (QuickBooks, Stripe). We do not sell your data. We do not use your data to train AI models without your consent.
When you connect your Gmail account, Stoke requests two OAuth scopes from Google: gmail.readonly (to read incoming emails for lead detection) and gmail.send (to send approved reply messages on your behalf from your own Gmail address).
What Stoke reads: Stoke uses gmail.readonly to scan your inbox for new messages and classify which ones are customer inquiries (versus personal mail, newsletters, shipping notifications, etc). For messages identified as customer inquiries, Stoke reads the message body to extract the customer's name, email, phone number, requested service, preferred dates or times, and the nature of the inquiry. Messages that are not customer inquiries are not processed further and their content is not retained.
What Stoke sends: Stoke uses gmail.send ONLY to send reply messages that you have explicitly approved or composed. Every outbound message requires your review and approval in the Stoke interface before it is sent. Stoke never sends email without your explicit action. Sent messages come from your own Gmail address and appear in your Gmail "Sent" folder as if you had sent them directly.
What Stoke does NOT do: Stoke does not modify your emails, does not mark them as read on your behalf, does not move them to folders, does not delete them, does not access attachments beyond what appears in the message body as text, and does not access your contacts, drafts, or any Gmail data outside the inbox message stream. Stoke does not request gmail.modify, gmail.labels, gmail.compose, or any other Gmail scopes beyond the two listed above.
What we retain: For messages identified as customer inquiries, Stoke retains the sender's email address, the message subject, a structured summary of the inquiry (extracted fields: name, phone, requested service, preferred date), and a classification label. Stoke does not retain the full original message body after processing it through the AI extraction pipeline. Metadata (sender, subject, received timestamp, classification) is retained for as long as your Stoke account is active to maintain conversation history on your jobs.
Disconnecting Gmail: You can disconnect Gmail at any time from your Stoke Settings page. Upon disconnect, Stoke immediately revokes the OAuth tokens and stops all Gmail API access. Within 30 days of disconnection, all stored metadata extracted from your Gmail (inquiry summaries, sender records, classification labels) is permanently deleted from Stoke's databases.
Third-party sharing: Email content is processed through Anthropic's Claude API for AI extraction and reply generation. Anthropic does not retain this data for model training. Stoke does not share your email content with any other third party, does not sell it, and does not use it for advertising. Aggregated, anonymized usage metrics (e.g. "number of leads processed this week") may be retained for product improvement, but no identifying content from your emails is included in those metrics.
Google API Services User Data Policy: Stoke's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Stoke does not use Google user data for serving advertisements, Stoke does not allow humans to read Google user data unless (a) we have obtained your explicit consent for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized.
When you connect your Facebook account to Stoke through Facebook Login for Business, Stoke requests the following permissions: pages_show_list, pages_manage_posts, pages_read_engagement, instagram_business_basic, instagram_business_content_publish, business_management, and the default public_profile.
What Stoke reads: Stoke uses pages_show_list and public_profile to retrieve the list of Facebook Pages you administer and your Facebook display name, so you can choose which Page to publish content on behalf of and confirm the connected identity in your Settings. Stoke uses instagram_business_basic to identify which of your selected Pages have a linked Instagram Business or Creator account. Stoke does not read posts, comments, direct messages, follower lists, insights, or any other content from your Facebook Page or Instagram account.
What Stoke writes: Stoke uses pages_manage_posts to publish text and link posts to your selected Facebook Page, and instagram_business_content_publish to publish image posts and Reels to your linked Instagram Business account. Every post is generated as a draft by Stoke's AI, displayed for your review in our Content Queue, and only published after you click an explicit "Post to Facebook" or "Post to Instagram" button. Stoke never publishes content without your direct, per-post approval. Stoke does not auto-schedule posts to Meta platforms unless you explicitly schedule a draft, and even then publishing requires the schedule you set.
Why pages_read_engagement: Meta requires this permission to be granted alongside pages_manage_posts for posting to function. Stoke does not currently surface Page engagement data (likes, comments, reach) to users. We hold the permission solely because Meta's API requires it for publishing. If we add post-performance reporting in the future, we will update this policy and request additional review.
Why business_management: This permission is part of Meta's Login for Business consent flow and scopes the connection against your Business Portfolio. Stoke does not modify your business settings, business users, ad accounts, or business assets.
What Stoke does NOT do: Stoke does not run ads, does not access ad accounts, does not modify Page settings or metadata, does not manage comments or messages on your Page or Instagram account, does not access Page or Instagram insights/analytics, does not access Threads, does not access Facebook Marketplace, does not access Live Video, does not download media from your Facebook Page or Instagram account, and does not request any Meta permissions beyond those listed above.
How tokens are stored: Access tokens issued by Meta during the OAuth flow are encrypted at rest using AES-256-GCM before being written to Stoke's database. Tokens are decrypted only at the moment of an API call to Meta, in memory, and are never logged, exported, or transmitted outside Stoke's infrastructure. Long-lived Page tokens (issued for approximately 60 days by Meta) are refreshed automatically; if a token expires, the Settings page surfaces the disconnect and prompts you to reconnect.
Disconnecting Meta: You can disconnect Facebook and Instagram at any time from your Stoke Settings page. Upon disconnect, Stoke immediately marks the connection as inactive and stops all Meta API access. Within 30 days of disconnection, the encrypted access tokens, stored Page list, and Instagram account ID are permanently deleted from Stoke's databases. Posts that were already published to your Page or Instagram account before disconnect are not affected — they remain on Meta's platforms under your control.
Third-party sharing: Stoke does not share your Facebook or Instagram data with any third party. Caption text generated by Stoke's AI is processed through Anthropic's Claude API; Anthropic does not retain this data for model training. The image and video files attached to posts are stored in Stoke's own Cloudflare R2 storage and served to Meta's API only at publish time. We do not sell, rent, or transfer Meta-derived data to advertisers, data brokers, or any other party.
Compliance: Stoke's use of Meta APIs adheres to the Meta Platform Terms and the Meta Developer Policies, including the data use restrictions on Platform Data. We retain Meta-derived data only for as long as needed to operate the publishing features you have enabled, and we provide deletion on disconnect as described above.
If you accept payments through Stoke, payment card data is collected and processed directly by Stripe through their PCI-DSS Level 1 certified infrastructure. Stoke never sees, stores, or transmits raw credit card numbers, CVV codes, or bank account numbers. Stoke stores only the Stripe customer ID, payment intent IDs, last four digits of cards (returned to us for display), and invoice/payment status. For full details, see Stripe's Privacy Policy.
When you connect QuickBooks Online to Stoke, we request OAuth scopes that allow Stoke to create and read invoices, customers, and items in your QuickBooks company file. Stoke uses this to mirror invoices created in Stoke into your QuickBooks ledger so your books stay in sync. Stoke does not access payroll data, bank feeds, or accounting reports beyond what is required to confirm an invoice has been created. You can disconnect QuickBooks at any time from your Stoke Settings page; on disconnect, the OAuth tokens are revoked and deleted within 30 days. Stoke's use of Intuit APIs adheres to the Intuit Developer Data Use Guidelines.
Stoke integrates with Anthropic (AI), Cloudflare (hosting and storage), Stripe (payments), Google (Gmail sync), Meta (Facebook + Instagram publishing), QuickBooks (accounting), and SendGrid (transactional email) when you connect them or trigger an action that uses them. Each service has its own privacy policy. We only transmit data to these services when you trigger an action that requires it.
Data is stored on Cloudflare's infrastructure in the United States. We use D1 (SQLite) for structured data and R2 for media. We retain your data for as long as your account is active, plus 90 days after cancellation.
You can export your data, request deletion, or close your account at any time by emailing privacy@withstoke.com or calling (252) 725-8130. Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with applicable privacy laws have additional rights to know, correct, delete, and opt out of certain data processing; we honor all such requests as required by law and do not discriminate against users who exercise these rights.
Stoke is a business-to-business platform intended for adults operating service businesses. Stoke is not directed at children, does not knowingly collect personal information from anyone under 18, and is not intended for use by minors. If we learn we have collected personal information from a child under 18, we will delete that information promptly. Parents or guardians who believe their child has provided information to Stoke should contact privacy@withstoke.com.
We may update this Privacy Policy from time to time to reflect changes to our practices, our integrations, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email or through an in-app notice before the changes take effect. Continued use of Stoke after changes take effect constitutes acceptance of the updated policy.
Questions? Email us at privacy@withstoke.com or call (252) 725-8130. Our mailing address is available on request for formal legal notices.