Privacy Policy

Under the GDPR, we process your personal data on the following legal bases:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide our services to you, manage your account, and fulfil our contractual obligations
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, where these interests are not overridden by your rights
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax reporting and regulatory requirements
• Consent (Article 6(1)(a)): Where you have given specific consent, such as for marketing communications or GPS location tracking. You may withdraw consent at any time

We use the information we collect for various business purposes, including but not limited to:

• Providing, operating, maintaining, and improving our services and platform
• Processing transactions, managing accounts, and billing services
• Communicating with you, including sending technical notices, updates, security alerts, and support messages
• Responding to inquiries, comments, and customer service requests
• Developing new products, features, and services based on usage patterns
• Analyzing usage data, trends, and user behavior to optimize performance
• Conducting research, analytics, and generating aggregated insights
• Personalizing and customizing your experience on our platform
• Sending marketing communications, promotional materials, and product updates (you may opt out at any time)
• Detecting, preventing, and addressing fraud, security threats, and technical issues
• Enforcing our Terms of Service and other legal agreements
• Complying with legal obligations and responding to lawful requests
• Protecting our rights, property, and the safety of our users
• Any other purpose disclosed to you at the time of collection or with your consent

We may share, disclose, or transfer your information in the following circumstances:

• Team Members and Collaborators: Project data and information is shared with team members, collaborators, and other users within your organization or projects as determined by your account settings
• Service Providers and Business Partners: We share information with third-party vendors, service providers, contractors, and business partners who perform services on our behalf, including hosting, cloud storage, analytics, payment processing, customer support, marketing, and other business operations
• Analytics and Advertising Partners: We share data with analytics providers (such as PostHog) and advertising partners to analyze usage, improve our services, and deliver relevant marketing
• Business Transfers: If we are involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction
• Legal Requirements and Protection: We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to government requests
• Aggregated or Anonymized Data: We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for any business purpose
• With Your Consent: We may share your information for any other purpose disclosed to you with your consent

While we do not currently sell personal information for monetary consideration, we may share information with third parties for business purposes as described above, which may constitute a "sale" under certain privacy laws.

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure data storage and backup procedures
• Employee training on data protection practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your use of our platform. These technologies help us:

• Authenticate users and remember your login sessions
• Remember your preferences, settings, and customizations
• Understand how you use our platform and which features you access
• Analyze usage patterns, trends, and user behavior
• Improve platform performance, functionality, and user experience
• Provide personalized content, features, and recommendations
• Deliver targeted advertising and marketing communications
• Measure the effectiveness of our marketing campaigns
• Detect and prevent fraud and security threats

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted). Third-party analytics and advertising partners may also place cookies on your device.

You can control cookies through your browser settings. However, disabling cookies may significantly limit your ability to use our platform and access certain features. By continuing to use our services, you consent to our use of cookies and tracking technologies as described in this policy.

Under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access (Article 15 GDPR): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16 GDPR): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Article 17 GDPR): Request deletion of your personal data, subject to legal retention obligations
• Right to Data Portability (Article 20 GDPR): Receive your personal data in a structured, commonly used, and machine-readable format
• Right to Object (Article 21 GDPR): Object to processing based on legitimate interests or for direct marketing purposes
• Right to Restrict Processing (Article 18 GDPR): Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing
• Right to Lodge a Complaint: Lodge a complaint with the Irish Data Protection Commission (see details below)

To exercise these rights, contact us at [email protected]. We will respond within 30 days as required by the GDPR. We may request verification of your identity before processing requests.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC), the Irish supervisory authority:

We retain your personal information for as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, enforce our agreements, and support our business operations. Retention periods are determined at our discretion based on various factors, including:

• The nature and sensitivity of the information
• The purposes for which we collected the information
• Our legitimate business interests and operational needs
• Legal, regulatory, tax, accounting, or reporting requirements
• The need to prevent fraud and enhance security
• The need to resolve disputes or enforce our rights

Even after you close your account or request deletion, we may retain certain information as required by law, for legitimate business purposes, or in backup systems. When information is no longer needed, we will securely delete or anonymize it, subject to technical and operational constraints.

Our platform is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Your information may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including where our service providers and infrastructure partners operate.

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place as required by the GDPR, including:

• Transfers to countries with an EU adequacy decision (Article 45 GDPR)
• Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46 GDPR)
• Other approved transfer mechanisms where applicable

You may request details of the safeguards we use for international transfers by contacting us at [email protected].

We reserve the right to update, modify, or replace this Privacy Policy at any time at our sole discretion. Changes will be effective immediately upon posting the updated Privacy Policy on our website with a new "Last updated" date. We may, but are not obligated to, notify you of material changes via email or through the platform.

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated Privacy Policy, you must stop using our services immediately. It is your responsibility to review this Privacy Policy periodically to stay informed of any changes.

If you have any questions or concerns about this privacy policy or our data practices, please contact us:

If you have a concern about how we handle your data that we have not resolved to your satisfaction, you may contact the Irish Data Protection Commission at www.dataprotection.ie.