Privacy Policy

Last updated: January 1, 2025

1. Introduction

Welcome to RetroStack ("we", "our", "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collaborative board application and related services (the "Service").

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

We collect information in several ways:

Personal Information You Provide:

  • Email address (when you sign up with email)
  • Display name (optional)
  • Profile information from third-party providers (Google, Apple)
  • Board titles and descriptions you create
  • Sticky notes and comments you add to boards
  • Votes and reactions you provide
  • Support requests and correspondence

Information Collected Automatically:

  • Device information (device type, operating system, browser type)
  • IP address and general location information
  • App usage patterns and feature interactions
  • Session duration and frequency of use
  • Error logs and performance data
  • Device fingerprints for security purposes
  • Authentication tokens and session data

3. How We Use Your Information

We use your information to:

Core Service Functions:

  • Provide and maintain our collaborative board service
  • Create and manage your user account
  • Enable real-time collaboration with other users
  • Process and store your board content and notes
  • Facilitate board sharing and access management
  • Provide voting and interaction features

Service Improvement:

  • Analyze usage patterns to improve our service
  • Develop new features and functionality
  • Optimize app performance and user experience
  • Conduct research and analytics on user behavior
  • Test new features and improvements

AI-Powered Features:

  • Process your board content to provide sentiment analysis
  • Generate action items and meeting summaries
  • Provide content suggestions and insights
  • Store analysis results for your future reference
  • Track AI usage for rate limiting and cost management

Note: Your content may be processed by third-party AI services (OpenAI) to provide these features. We do not use your content to train AI models.

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

We may share your information in the following circumstances:

With Other Users:

  • Board content you choose to share is visible to other board participants
  • Your display name and contributions are visible to other users on shared boards
  • Voting data is aggregated and anonymized when displayed to other users

With Service Providers:

  • Firebase/Google Cloud for data storage and authentication
  • OpenAI for AI analysis features (content only, not personal data)
  • Analytics providers for service improvement
  • Security services for fraud prevention

For Legal Compliance:

  • When required by law, regulation, or legal process
  • To protect our rights, property, or safety
  • To enforce our Terms of Service
  • In connection with investigations of fraud or security incidents

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity

5. Data Storage and Security

Your data is stored on Firebase/Google Cloud servers with industry-standard security measures:

Security Measures:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Monitoring for security incidents and anomalies
  • Employee training on data protection practices

Data Retention:

  • Active board data is retained while your account is active
  • Deleted boards are permanently removed within 30 days
  • Security logs are retained for 90 days
  • Account data is deleted within 30 days of account deletion

Security Limitations:

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Rights and Choices

You have the right to:

Access and Control:

  • Access your personal information we hold
  • Update or correct your account information
  • Export your board data in JSON format
  • Delete your boards and associated content
  • Request deletion of your account and personal data

Data Portability:

You can export your data at any time through our export feature, which provides:

  • All your board content in JSON format
  • Board metadata and settings
  • Note content and voting data
  • Timestamps and user associations

Account Deletion:

To delete your account:

  • Contact us with your deletion request
  • We will delete your personal information within 30 days
  • Board content you created will be permanently removed
  • Some data may be retained for legal compliance requirements

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know:

  • Categories of personal information we collect
  • Sources of personal information
  • Business purposes for collecting information
  • Categories of third parties we share information with

Right to Delete:

  • Request deletion of your personal information
  • We will delete your information unless retention is necessary for legal compliance

Right to Opt-Out:

  • We do not sell personal information to third parties
  • You can opt out of certain data processing activities

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your privacy rights

8. European Privacy Rights (GDPR)

If you are a resident of the European Economic Area, you have additional rights under the General Data Protection Regulation:

Legal Basis for Processing:

  • Consent: For optional features and analytics
  • Contract Performance: For providing our service
  • Legitimate Interests: For security, fraud prevention, and service improvement

Additional Rights:

  • Right to rectification of inaccurate data
  • Right to restrict processing in certain circumstances
  • Right to object to processing based on legitimate interests
  • Right to data portability
  • Right to lodge a complaint with supervisory authorities

9. Cookies and Tracking Technologies

We use cookies and similar technologies:

Essential Cookies:

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality and service operation

Analytics Cookies:

  • Usage analytics and performance monitoring
  • Feature usage tracking
  • Error logging and debugging

Preference Cookies:

  • User interface settings and preferences
  • Language and accessibility options

Cookie Management:

You can control cookies through browser settings, opt-out tools provided by analytics services, and account settings for optional tracking.

10. Third-Party Services

Our Service integrates with third-party services:

Authentication Providers:

  • Google Sign-In (subject to Google's Privacy Policy)
  • Apple Sign-In (subject to Apple's Privacy Policy)
  • We only receive basic profile information you authorize

Cloud Services:

  • Firebase/Google Cloud for data storage and processing
  • Subject to Google Cloud Privacy Policy
  • Provides infrastructure security and compliance

AI Services:

  • OpenAI Services for AI analysis and content processing
  • Subject to OpenAI's privacy policies
  • Content is processed but not used for training

11. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy. Our primary operations are based in Tennessee, United States.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "last updated" date
  • Sending a notification for material changes
  • Displaying a notice in the application

Your continued use of the Service after changes indicates your acceptance of the updated Privacy Policy.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what information was involved
  • Explain steps being taken to address the breach
  • Offer guidance on protecting yourself
  • Comply with applicable legal notification requirements

15. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: support@retrostack.app
  • Website: https://retrostack.app

For privacy-related requests, please include:

  • Your full name and email address
  • Description of your request
  • Account information for verification

Effective Date

This Privacy Policy is effective as of January 1, 2025, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

← Back to RetroStack