Chartstone is a desktop application that runs on your own computer. We designed it so that your NetSuite data stays on your machine. This Privacy Policy explains what data the desktop application and the chartstone.io website collect, store, and share — and (just as importantly) what they do not.
Chartstone keeps a small amount of state in your operating system's per-user app data directory:
You can wipe everything by uninstalling the app and removing the per-user app data directory. Email tim@suitestep.com if you'd like exact paths for your operating system.
The desktop app contacts chartstone.io in two places, both of them deliberately narrow:
When you click Verify in the Subscription panel,
Chartstone POSTs your license key (the
cs_live_… string we emailed you after checkout) to
chartstone.io/verify/. The endpoint looks the key
up in our subscription database and returns
{ "active": true | false, "email": "<your-email>" }.
We store, on chartstone.io, a small record per active subscription: your license key, your Stripe customer ID, your email (the one you used at Stripe checkout), the subscription status, the issue timestamp, and the timestamp of the last verify call. We use this only to:
The Stripe webhook that creates this record runs at
chartstone.io/webhook/stripe.php — Stripe signs
every webhook delivery with HMAC, and the endpoint rejects any
unsigned payload. The database is a SQLite file on the
chartstone.io host, accessible only to the web server process,
and not exposed over HTTP.
We do not log NetSuite data, the contents of your control-panel preferences, or any data passing through your local Chartstone server. The only PII we hold is the email + Stripe IDs above.
On launch (after you've accepted the Terms), Chartstone GETs a small
JSON document from chartstone.io/announcements/ so it
can show release notes or important notices in a modal. The request
is anonymous — we do not include your email, your account ID, or
any NetSuite data.
We receive: standard request metadata (IP address, User-Agent, timestamp) via web server logs.
Pro subscriptions are processed by Stripe. When you subscribe at
chartstone.io/subscribe Stripe collects your email,
billing address (where required for tax), and payment method.
We never see your card number, expiration, or CVC —
those are entered directly into Stripe's hosted forms. Stripe's own
privacy policy applies to that data:
stripe.com/privacy.
If you email tim@suitestep.com for support, we keep the message and your reply address as long as we need them to help you and (where relevant) for our own records. We do not enroll you in marketing lists.
The chartstone.io marketing pages do not set tracking cookies and do not include third-party analytics, advertising, or social-media widgets. The only network requests our pages make are to a public CDN for Bootstrap CSS and icons.
Chartstone is a developer tool for adults; it is not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children.
You have control over your data:
Chartstone is operated from the United States. If you use the Service from outside the US, you understand that the limited data we receive (described above) is processed in the US.
We may update this Privacy Policy from time to time. Material changes are surfaced through the in-app announcements feed and published here with a new effective date. Continued use of the Service after a change constitutes acceptance of the updated Policy.
Questions about this Policy or about your data? Email tim@suitestep.com.