Last updated: April 10, 2026
STOA ("we", "us", "our") is a government procurement intelligence platform operated by StackCensus, based in Surrey, British Columbia, Canada. Our website is stoago.com. For privacy inquiries, contact us at support@stoago.com.
When you create an account, we collect your email address, name (optional), company name (optional), and a hashed version of your password. We never store your password in plain text.
When you use our service, we collect search queries, filters applied, timestamps, IP addresses, and usage frequency. This data is used for rate limiting, service improvement, and delivering search alerts you have configured.
When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We store your Stripe customer ID and subscription ID but never see or store your credit card number, bank details, or other payment credentials.
We use your information to provide and maintain the STOA service, enforce rate limits and plan entitlements, send search alerts you have opted into, process payments through Stripe, respond to support requests, and improve our platform. We do not sell, rent, or share your personal information with third parties for marketing purposes.
STOA indexes publicly available government procurement records from official sources in the United States, United Kingdom, Australia, Canada, Ireland, New Zealand, and the European Union. This data is published by governments under open data licenses and contains information about government contracts, tenders, and awards. We do not add personal data to these records beyond what is publicly published by the issuing government.
We use essential cookies to maintain your login session. We do not use advertising cookies or third-party tracking pixels. See our Cookie Policy for details.
Your account data is stored on servers located in the European Union (Hetzner, Helsinki, Finland). Data is encrypted in transit using TLS. Passwords are hashed using argon2id. API keys are stored as SHA-256 hashes. We perform daily encrypted backups. Access to production systems is restricted to authorized personnel only.
Account data is retained for as long as your account is active. Usage logs are retained for 12 months for service improvement and then deleted. If you delete your account, your personal data will be removed within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely.
Under PIPEDA (Canada) and GDPR (European Union), you have the right to access the personal information we hold about you, request correction of inaccurate data, request deletion of your data, export your data in a portable format, withdraw consent for optional data processing, and lodge a complaint with a supervisory authority. To exercise these rights, email support@stoago.com. We will respond within 30 days.
As a Canadian organization, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect personal information only for purposes a reasonable person would consider appropriate. We obtain consent before or at the time of collection. We retain personal information only as long as necessary. We protect personal information with appropriate security safeguards.
For users in the European Economic Area, our lawful basis for processing is contractual necessity (providing the service you signed up for) and legitimate interest (improving our platform and preventing abuse). You may exercise your GDPR rights as described in Section 8.
We use Stripe (payments, based in the US — see stripe.com/privacy), Cloudflare (CDN and DNS, based in the US — see cloudflare.com/privacypolicy), and Hetzner (server hosting, based in Germany/Finland). Each operates under their own privacy policies.
STOA is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from children.
We may update this policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.
For any privacy-related questions or requests, contact us at support@stoago.com or write to: StackCensus, Surrey, BC, Canada.