Stacktree
By · Founder, Stacktree · Last updated
security

Security at Stacktree.

Stacktree hosts the HTML your agents emit, which often carries real data. So privacy is the default, not a setting, and the controls below are designed for that risk surface. This page states only what is actually true today, and is plain about what we do not claim.

Get started free

Is it safe to host agent-generated HTML on Stacktree?

Stacktree is private by default: every site gets an unguessable URL that is itself the credential, is never listed, and is served with crawler-blocking headers. On top of that you can add a password, restrict viewers to a company email domain, encrypt the page end-to-end so even Stacktree cannot read it, or set it to expire or burn after one view. It runs on Cloudflare (Workers, R2, D1), and the whole stack is source-available so you can self-host it under your own perimeter.

The default: the URL is the credential

A new site is unlisted: it lives at an unguessable token URL (roughly 128 bits of entropy), it is never enumerated or listed anywhere, and it is served with X-Robots-Tag: noai and no sitemap so search engines and AI crawlers leave it alone. There is no public directory of sites. If you do not share the link, no one finds the page.

Gates you can add

  • Password. Require a shared password before the page renders. Stored as a hash, never in plaintext.
  • Email-domain gate. Require viewers to verify an address on a domain you choose (for example @yourco.com) by magic link before the page loads. The gate sits on top of the unguessable URL.

End-to-end encryption

For the most sensitive artifacts, encrypt the page in your browser before it is uploaded (AES-GCM). The decryption key lives only in the URL fragment (the part after #), which browsers never send to the server. Stacktree stores ciphertext and cannot read the content; only someone with the full link, fragment included, can decrypt it.

Content security

Hosted pages are served under a strict Content-Security-Policy by default (default-src 'self'). So your own page's inline scripts still run, Stacktree computes a per-site hash allowlist at upload time, which permits exactly your scripts while still blocking injected ones, rather than opening the policy up with 'unsafe-inline'. Markdown is sanitized on render. The result is that a hosted artifact cannot be turned into a vector against other sites on the domain.

Control over lifetime

Every site can carry an expiry (from minutes to never), be set to burn after a single read, or be removed immediately with delete_site. Expired and deleted sites are purged from both object storage and the database within the hour by a scheduled job.

Infrastructure and data control

Stacktree runs on Cloudflare Workers, R2, and D1. Cloudflare maintains SOC 2 / ISO 27001 compliance for that underlying infrastructure, which your own compliance team can review directly. For teams that need data residency, their own perimeter, or zero third-party dependencies, Stacktree is source-available and self-hostable: run the entire stack on your own Cloudflare account, where Stacktree itself has no access.

What we do not claim

We would rather be precise than impressive. Stacktree itself has not completed a third-party SOC 2 audit or a published external penetration test; the SOC 2 / ISO 27001 coverage above is Cloudflare's, for the infrastructure Stacktree runs on. We do run internal security reviews and ship the fixes (the changelog records security-tagged releases), and the codebase is source-available so you can review it yourself. If third-party attestation is a hard requirement for you, self-hosting puts the data inside your own audited environment.

Reporting a vulnerability

If you find a security issue, email security@stacktr.ee. We read it, we will acknowledge it, and we will not pursue researchers acting in good faith. Machine-readable contact details are at /.well-known/security.txt.

FAQ

Frequent questions

Are Stacktree sites public? +
No, not by default. A new site is unlisted: an unguessable URL that is never listed or indexed, served with crawler-blocking headers. You can opt a site into a public slug if you want one, but the default is private.
Can Stacktree read my hosted pages? +
For normal sites, the content sits in object storage that Stacktree operates, so technically yes (as with any host). For pages you publish with end-to-end encryption, no: the page is encrypted in your browser and the key lives only in the URL fragment, which is never sent to the server, so Stacktree stores ciphertext it cannot read.
Has Stacktree been SOC 2 audited? +
Stacktree itself has not completed a third-party SOC 2 audit. It runs on Cloudflare, which maintains SOC 2 and ISO 27001 for the underlying infrastructure. We run internal security reviews and ship the findings, and the source is available for review. Teams needing their own attestation can self-host inside their own audited Cloudflare account.
How do I report a security issue? +
Email security@stacktr.ee, or see /.well-known/security.txt for machine-readable contact details. We acknowledge reports and do not pursue good-faith researchers.
Keep reading

Related guides

References

Sources and further reading

Private by default. Yours to verify.

Source-available, self-hostable, and honest about what it does. Start free.

Sign up free →