SYSTEM ONLINE
AI CORE: ACTIVE
JIRA SYNC: READY
VERSION: 1.0 BETA

PRIVACY POLICY

// Effective: 2026-05-01 · Version 1.0

// SRS LEG-001 · TODO: Replace with legally reviewed content before launch

1. DATA WE COLLECT

We collect the following data when you use ScrumPilot:

  • Account data: name, email, organisation name (via Clerk)
  • Meeting data: audio recordings (temporarily), transcripts, action items, decisions
  • Usage data: product analytics events (only with your consent via PostHog)
  • Payment data: billing details handled securely by Stripe — we never see card numbers
  • Technical data: IP address hash (never raw), browser type, device type

2. HOW WE STORE YOUR DATA

Meeting audio is stored in Cloudflare R2 with a 90-day automatic deletion policy. All other data is stored in PostgreSQL hosted on Neon/Supabase with row-level security enforced — your data is never accessible across organisations.

All data is encrypted at rest and in transit (TLS 1.3). Encryption keys are managed by the cloud provider.

3. THIRD-PARTY SERVICES

ScrumPilot uses the following third-party services that may process your data:

  • Clerk — authentication and user management
  • Stripe — payment processing and subscription management
  • AssemblyAI — meeting transcription (audio processed, not retained)
  • PostHog — product analytics (only if analytics consent granted)
  • Anthropic / OpenAI — AI extraction from transcripts (content not retained by provider)
  • Resend — transactional email delivery
  • Sentry — error monitoring (no PII in error reports)

4. YOUR RIGHTS (GDPR)

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Correction — ask us to correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a portable format
  • Objection — object to processing based on legitimate interest

To exercise any right, email us at daschiranjibee03@gmail.com. We will respond within 30 days.

5. DATA RETENTION

We retain your data for as long as your account is active. Upon cancellation, data is retained for 90 days to allow reactivation, then permanently deleted. Meeting audio is automatically deleted after 90 days.

6. COOKIES

We use essential cookies to keep you signed in, and optional analytics cookies (PostHog) to understand product usage. You control analytics cookies via the cookie consent banner.

7. CONTACT

For privacy questions or data requests, contact: daschiranjibee03@gmail.com