Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you provide directly to us when you register for an account, subscribe to our service, or communicate with us.

• Account Information: Name, email address, password (stored as a secure hash — we never store plaintext passwords).
• Project Data: Information stored within your Gantt charts and project files.
• Billing Data: Processed securely via our Merchant of Record, Paddle. We do not store credit card details directly.
• IP Address & Location: When you log in, we record your IP address and resolve an approximate country code using a local geolocation database (no data is sent to third-party services). This is used for security monitoring and account protection.
• Email Verification: We send a verification email to confirm your email address upon registration. We store a time-limited verification token until the process is complete.

2. How We Use Information

We use the information we collect to provide, maintain, and improve our services, to process transactions, and to communicate directly with you regarding updates or support.

• Authentication & Security: Your email and password hash are used to authenticate your account. IP addresses and country codes are used to detect unauthorized access.
• Communications: We may send transactional emails (account verification, password resets, collaboration invitations) via our SMTP service.
• Service Improvement: Bug reports you submit may include technical details to help us diagnose and fix issues.

3. Information Sharing

We do not share your personal information with third parties except as necessary to provide our services (e.g., payment processing via Paddle) or to comply with the law.

We do not send your IP address or personal data to third-party analytics, tracking, or geolocation services. All geolocation lookups are performed locally on our servers.

4. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information against unauthorized access, deletion, or modification. This includes:

• Industry-standard password hashing (bcrypt with high cost factor)
• HTTPS/TLS encryption for all data in transit
• HTTP security headers (HSTS, CSP, X-Frame-Options)
• Rate limiting on authentication endpoints to prevent brute-force attacks
• Account lockout after repeated failed login attempts
• Server-side session invalidation on logout

5. Data Retention

We retain your account data for as long as your account is active. Project data is stored until you delete it or delete your account. IP addresses and country codes are retained for security monitoring purposes. Temporary tokens (password reset, email verification) expire automatically and are purged regularly.

6. Your Rights

You may update or delete your account information at any time within your user settings. For data export or deletion requests, please contact our support team. Upon account deletion, all associated data (projects, settings, bug reports) is permanently removed from our systems.