This Privacy Policy describes how Planning Poker® ("we," "us," or "our") collects, uses, and shares information about you when you use our web-based agile estimation service (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, profile picture (if using OAuth), and password (if using email authentication)
• Team/Workspace Data: Team names, member lists, roles, and permissions
• Session Data: Planning poker sessions, estimation items, votes, comments, and timestamps
• Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
• Integration Data: Linear workspace connections, imported issues, and project synchronization data

1.2 Information Collected Automatically

• Usage Analytics: Session frequency, feature usage, voting patterns, and interaction metrics
• Technical Data: IP address, browser type, device information, and operating system
• Real-time Session Data: WebSocket connection data, presence indicators, and live collaboration metrics
• Performance Data: Page load times, API response times, and error logs

2. How We Use Your Information

We use the collected information to:

• Provide and maintain the Planning Poker® service
• Process your transactions and manage subscriptions
• Enable real-time collaboration features
• Sync data with integrated services (e.g., Linear)
• Send service-related communications
• Improve our Service through analytics
• Comply with legal obligations
• Detect and prevent fraud or abuse

3. Data Processing and Storage

Your data is processed and stored using the following infrastructure:

• Supabase (Database & Authentication): PostgreSQL database hosted in US regions for data storage and user authentication
• Vercel (Application Hosting): Global CDN for application delivery with primary servers in the United States
• Stripe (Payment Processing): PCI-compliant payment processing (credit card information is never stored on our servers)

All data transmissions are encrypted using TLS/SSL protocols. Data at rest is encrypted using industry-standard encryption methods.

4. Data Sharing and Third-Party Services

We share your information only in the following circumstances:

• Service Providers: With Supabase, Vercel, and Stripe for core service functionality
• Linear Integration: When you authorize Linear access, we share necessary data to sync issues and estimates
• Team Members: Session data is shared with authorized team members within your workspace
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your data according to the following policies:

• Active Account Data: Retained while your account remains active
• Session History: Retained based on your subscription plan (30 days for free, unlimited for paid)
• Deleted Sessions: Permanently removed within 30 days of deletion
• Closed Accounts: Personal data deleted within 90 days of account closure
• Anonymized Analytics: May be retained indefinitely for service improvement
• Legal Compliance: Some data may be retained longer if required by law

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access your personal data through your account settings
• Export your session data in CSV or JSON format
• Request a copy of all data we hold about you

6.2 Correction and Deletion

You may:

• Update your account information at any time
• Delete individual sessions or comments
• Request complete account deletion

6.3 Communication Preferences

You can opt out of non-essential communications through your account settings or by clicking unsubscribe links in emails.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: To understand usage patterns and improve the Service
• Preference Cookies: To remember your settings and choices

You can control cookie preferences through your browser settings, though some features may not function properly without cookies.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/SSL) and at rest
• Regular security audits and updates
• Access controls and authentication requirements
• Secure infrastructure provided by Supabase and Vercel

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses approved by regulatory authorities
• Compliance with applicable data protection laws
• Use of service providers that maintain appropriate certifications

10. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), we comply with GDPR requirements:

• Legal Basis: We process data based on consent, contract performance, or legitimate interests
• Data Subject Rights: Access, rectification, erasure, portability, restriction, and objection
• Data Protection Officer: Contact us at hello@planning-poker.app for data protection inquiries
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

11. CCPA Compliance (California Users)

California residents have additional rights under the CCPA:

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate for exercising your rights

To exercise these rights, contact us at hello@planning-poker.app.

12. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 16 in the EEA, you need parental consent to use the Service.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Information

For privacy-related questions, requests, or concerns, please contact us at:

We aim to respond to all privacy requests within 30 days.