Privacy policy
Your privacy is very important to us. Accordingly, we have developed this Privacy Policy to help you understand how we collect and use personal information.
If you do not agree with this policy, please do not access or use our services or interact with any other aspect of our business.
What information we collect?
-
Data you provide to us
-
New Account Registration
When you register for a new account (e.g. myaccount.kanbantool.com), you become a data controller responsible for everything that is stored under that account, as well as for management and lawful processing of personal data, including personal data of any users you invite. Thus it's essential for you to know what data we collect and how we process it.
During registration we collect some personal information which includes your email address, name and IP address of the computer you are connecting from, the website you are coming from and information about the referring search engine phrase or marketing campaign details.
We need this information to provide the service to you.
In particular, your email address helps us verify your identity when you contact us or require assistance with password reset, while referral details help us identify where people find out and learn about our services.
For as long as you are our customer, we may also use your email address to contact you directly regarding the status of performed services, to send automated periodic account reminders or information about special offers applicable to your account.
You can update the data on "My profile" and "Account administration" pages. If you wish for us to stop processing this data, you can terminate the account on the "Account administration > Account details" page. Some data may survive erasure e.g. your account name, payments history or usage statistics.
-
Invitations
When you invite others to join your account on Kanban Tool, we send an invitation email to the email addresses you provided. If you decide to provide them, we also store and use the full name, initials and other details of the invitee.
The information you provide is stored and used to personalize and send the invitation email to the invitee.
Account administrators have access to all information about people invited to their account on the "People" page, where it can be corrected or removed if needed.
-
Invited Users and User Profile Information
We collect information that you provide when you create or modify your profile settings, preferences or sign up for a paid plan through our billing system. This information includes, in particular, your name and email address.
We need this information to provide the service to you, which includes the email delivery of automated messages such as status updates and comment notifications. If marked as optional, information is used mainly to personalize your experience or improve our communication with you, e.g. to personalize an email header (Hi Joe!), or to prominently display your team's name to your account users.
We may also use your email address to reach out to you directly, regarding status of the services performed, special offers applicable to your account or other support cases.
You can access and edit your details or opt-out from unwanted communication where applicable on the "Account administration" and "My Profile" pages.
-
Content that you provide
For obvious reasons we store and process the content you provide and make it accessible to you and other people that you've shared it with.
We advise against storing any personal data in any areas of our systems that are not explicitly designed for this purposes (e.g., as a part of the content you put on the cards, files you upload and comments you make).
We do not pre-screen or claim any rights of ownership to your content, but in return require that it's legal for you to post it. You retain rights to the data you provide, even though this data may be sent and stored using the hardware, software, storage, networking and related technologies that belong to third-party vendors.
Please bear in mind, that account administrators can limit or revoke your access to the content you've provided, and you may not be able to get it back. Also, if the provided content includes personal data of others, as a data controller you or your account owners are solely responsible for the conformance with any applicable privacy laws and regulations.
As long as you have access to it, you can usually update and delete your content through interacting with our service, usually in a manner similar to the one you've originally used to post the content. (e.g. by selecting the "Delete" option from the card's menu, or clicking the trash icon near the comment you've made).
Other users of the account may also be given the option to modify or delete the content you have provided, given they have sufficient access permissions.
Account administrators can always gain access to, modify, and delete content posted on the account.
-
Support enquiries and related information
We store and process any support enquiries you make, as well as any other communication you make with us.
We understand and preserve the privacy of such enquiries, but also reserve the right to publish them after sufficient anonymization on public channels such as QA sites, social feeds or our "Support" pages in order to gather feedback or facilitate resolution of similar issues by other users.
-
Billing information
Payment processing is done through a secure third-party service. Once you decide to activate a subscription or make a payment, you will be redirected to a designated third-party payment processor which will collect data on their behalf.
We receive and process some of the information you provide to the payment processor, e.g. the country of credit card issuance, card's expiration date and the billing address you have entered.
We may use it e.g. for credit card fraud screening, or to assign the payment to an appropriate source country for EU VAT purposes in the event you haven't given us any details about your current country of residence.
On no occasion we store or have access to the full credit card number you have provided.
In order for us to issue tax invoices for the service, we need to store and process your invoicing details, together with an optional billing contact email address. You can access and modify this information when needed on the "Account administration > Plan & Billing details" page.
-
-
Information we collect automatically
-
Log data
When you use the service, we automatically collect technical information about your device, its software and your activity. Such information is stored in log files and may include personal data, if it was part of the activity you made. In particular, we log the IP address of the device making a request.
The main purpose of log data collection is for legal and regulatory reasons, to aim with the identification of the source of any potential security breaches or misuse of the service, for request rate limiting, and for service performance profiling.
-
Cookies and related technologies
Kanban Tool and our third-party partners use cookies and related technologies (e.g. web beacons, pixels and device identifiers) to identify users, analyze trends, track page views and gather demographic information about the user base as a whole.
-
Third-party trackers
We may use third-party web analytics platforms to gather and analyze service usage patterns and statistics.
Our public pages available on the kanbantool.com domain may include third-party social features and buttons, such as the Facebook Like button, which may use cookies and perform request logging on their own.
Some of the resources used on our website may come from Content Delivery Networks, such as Google Fonts or Google Hosted Libraries service. While their usage is a common practice and allows for fast content delivery, through the technical process involved in connecting with them, their providers may be able to gather some limited technical data about your device and browser, including your IP address. This may allow them to track your visits across sites which utilize the same Content Delivery Networks.
-
-
Information that we receive from others
-
Other users of the service
Other users may invite you to their account or refer you to the service by providing your email address and name. Account administrators may provide and manage your personal details on the "People" page. They may also choose to include you in communication with our company thus providing us with your email address and possibly other details. -
User provided content
Another user of the service may give your personal data as part of their content provided to the service (e.g. inside a task description). We do not screen such content for personal details and the user who provided it remains solely responsible for all the rights you may have into it. -
Services linked to your account
By enabling certain service integrations or Power-Ups, we may receive additional information about you from their providers. We may store and process that information, but it's not used outside of the scope you have consented to. For example, while enabling the "Google Drive" integration, you will be asked by Google to consent for us to have access to the file names stored on your Google Drive. We will use that information solely to enable the "Google Drive" Power-Up to work as intended. -
Web scraping and third-party providers
We might have received your contact details from third-party (e.g. reseller) or web scraping activities (e.g. from your blog). These will be used solely for the purpose they were collected for, and you can object to our processing of them at any time.
-
How your information is used?
We use collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, compliance and research. When access to Google Workspace APIs are required, we explicitly confirm that we do not use such access to develop, improve, or train generalized/non-personalized AI and/or ML models.
How we share your information?
The primary purpose of the service is fostering and providing means of collaboration between individuals and teams. We share your information with other people on your account as part of providing the service to you.
We also share information with third-party service providers, such as hosting, payment processing and backup services, but only within the scope which is needed by such provider to provide the service on our behalf, under instructions given by us.
Certain Power-Ups or service integrations (e.g. Google Drive integration), when enabled, may share some of your information with third-parties in order to make the desired Power-Up or service integration work as intended. Account administrators have full control over what Power-Ups or service integrations are enabled on their account. Also, any custom code or scripts enabled on the account, if designed so, may share your or other account user's data.
We may also share your information when we have received your consent to do so, or when required for compliance with applicable law, or to protect our rights.
Lawfulness of processing
We collect and use information about you only when we have a legal basis to do so under the applicable EU law. Legal basis will depend on the type of information concerned and the specific context, but we normally collect the information only: a) when we need it to provide you with or operate the offered service; b) where you have given us an explicit consent for processing, e.g. with a newsletter subscription; c) when it satisfies our legitimate interest such as research and development, compliance, security or marketing; d) when we need to comply with a legal obligation.
Data retention policy
-
Things you can delete
If you are given the "delete" option on the content you or others have provided to the service, the underlying data will usually be only marked as deleted. It may remain accessible to you and others, and subject to recovery e.g. on the "trash" page.
Tasks and boards marked as deleted are erased from our database usually within 21 days. We take care to remove as much information as possible, but there may be certain associated data that survives deletion, for legal, technological or other reasons - e.g. name and some other details of the deleted task will remain visible in the board's changelog even after its deletion.
-
Account Data
Otherwise, we retain your account, associated personal data, and associated content until the account is closed (e.g. the account owner cancels the entire account or the account is closed in accordance with other conditions outlined in the Terms of Service).
You should periodically log in to the account and use the service through it. Lack of payment, activity, and use of the services via the account for at least two years may result in the account being deemed abandoned and closed. Failure to select a service plan after the trial period or prolonged failure to maintain timely payments may also lead us to consider the account inactive, potentially resulting in the account being closed, with or without notification.
Following the closure, the account will be queued for removal from our database, and actual removal will usually happen within 30 days. Please contact us during that time if you want to speed up this process or recover a mistakenly canceled account. We reserve the right to retain some of the information, including information necessary for us to comply with legal obligations, provide business continuity, resolve disputes, maintain security and enforce our rights.
Additionally, if we close the account due to it being abandoned or inactive, and we believe you may not be fully aware of the closure, we may, at our discretion, create and retain an archived copy of the account and some or all of its content for a reasonable period of time. This archive can be used to recover the account upon request for important reasons, provided such a copy is available. You may request the deletion of this archived copy at any time, if it exists.
-
Marketing
If we process your data for marketing purposes, including newsletter opt-ins, it may be processed as long as it's viable for the purpose it was collected, until you revoke your consent or otherwise oppose the processing.
-
Website Analytics
We may store statistical data about your service usage and navigation patterns, including through third-party website analytic platforms. We attempt to store only a minimal amount of information needed, and any personal identifiable information will not be stored for this purpose for more than 26 months since your last activity.
-
Communication and support enquiries
We usually archive and keep any support enquiries you make, as well as other direct communication, including emails you send us, for as long as reasonably needed or until you explicitly ask us to delete them. Even then, we do reserve the right to retain some of the information for legal or other reasons, where allowed by the applicable EU privacy laws.
-
Database Backups
We store encrypted, off-site backups of our database to restore the Service from them in case of any serious incidents. Data stored in such backups is not actively processed or accessed, and we take care to remove backups once they are no longer needed. If at any point we need to recover the Service from such backups, we will re-delete the accidentally recovered data as soon as reasonably possible.
Data portability
Your content remains yours, and account owners can request a takeout of content associated with their account in a machine-readable, portable format.
Some internal statistical, financial or other data may be missing, but otherwise exports are complete and can be used to transfer the online data to the Kanban Tool On-Site installation if needed.
Due to size, external file attachments are not included in the takeout, but can be downloaded at the provided URLs.
Data security
We treat your data security seriously and take reasonably necessary steps to protect your personal information from unauthorized access, alteration, or destruction. To that end, we strive to adhere to generally accepted industry standards and implement physical, administrative, and technical security measures.
International data transfers
We operate globally and primarily store and process your information on a cloud infrastructure physically located in the United States and the European Economic Area (the “EEA”). By using the service, you understand and accept that we may use sub-processors, and that your personal data may be stored and transferred internationally. Furthermore, you explicitly agree to our appointment of new subprocessors or modification of existing subprocessor lists as necessary to provide and optimize our services.
Whenever we appoint international data sub-processor or a third-party service, we take steps to ensure adequate protection of your rights and ensure its conformance to the industry best standards and practices. This includes, where applicable, conformance with the EU-US Data Privacy Framework Program and/or Standard Contractual Clauses.
Appointed sub-processors
We currently use the following third party suppliers (sub-processors) to assist in connection with the services:
Name | Location | Category | Learn more |
---|---|---|---|
Akamai Cloud Computing (formerly Linode) | US, EEA | Hosting services; Content processing and delivery. | https://www.linode.com/compliance https://www.linode.com/security |
Amazon Web Services (AWS) | US, EEA | Hosting services; Content processing and delivery. | https://aws.amazon.com/compliance/data-privacy/ https://aws.amazon.com/security/ |
Google Cloud | US, EEA | Hosting services; Content processing and delivery. | https://cloud.google.com/security/compliance/ https://cloud.google.com/security/ |
Cloudflare Inc. | (4) | Web application security & performance services; Content processing and delivery. | https://www.cloudflare.com/trust-hub/ |
Stripe Payments Europe, Ltd. | IE (EU) | Subscription and payment processing. |
https://stripe.com/privacy https://stripe.com/docs/security/stripe |
Worldpay | UK, (2) | Subscription and payment processing. | https://www.worldpay.com/ |
Google Suite | (3) | Email and support enquiries; CRM; Internal processes. | https://gsuite.google.com/security/ |
Google Analytics | (3) | Website analytics and performance monitoring. | https://privacy.google.com/businesses/compliance |
Kancelaria Podatkowa Kwartet | PL (EU) | Billing and accounting services. | http://www.kwartet.katowice.pl/ |
Hostersi Sp. z o.o. | PL (EU) | IT infrastructure management. | https://www.hostersi.com/ |
Intuition Machines, Inc. | US | hCaptcha anti-bot service. | https://www.hcaptcha.com/privacy |
Plausible Insights OÜ | EE (EU) | Website analytics and performance monitoring. | https://plausible.io/privacy https://plausible.io/dpa |
Twilio Ireland Limited | US, EEA | Telecommunications Infrastructure | https://www.twilio.com/en-us/legal/security-overview |
2 Customer data is generally stored in the country or region where the customer is based, unless there are operational, business or other compelling reasons for processing such data outside of this region. For UK and EAA customers, data will generally be stored on servers based in the UK, Ireland, the Netherlands or other EAA locations, as appropriate.
3 see https://www.google.com/about/datacenters/inside/locations/ and https://privacy.google.com/businesses/compliance/
4 see https://www.cloudflare.com/network/
By enabling or using certain service integrations, Power-Ups, custom scripts or any other custom code, data may be shared with other third-parties, as desired by you, and not listed above.
Our use of web cookies
We use cookies mostly to store session information and perform service usage analytics. By using our service, you agree that we can place cookies on your device. You can set your browser not to accept cookies, but some of our service features may not function as a result. The main cookies we use are:
Name of Cookie | Required | Reason |
---|---|---|
kanbantool.com_session kt-access_token |
Yes | Cookies holding session information. |
cf_clearance | Yes | Website security related cookie. |
auth_token | No | Cookie responsible for the "Remember me" functionality. |
kt_version | No | The version of Kanban Tool SDK your browser is using. |
kt-http-referrer | No | Referral information. |
kt-domain-* | No | Information about associated Kanban Tool accounts |
Certain pages on our site may set other third-party cookies. For example, when we embed content, such as presentations, another site may leave a cookie. Also, some of the preferences and other data may be stored in the form of cookies not listed here, e.g. by the enabled Power-Ups.
Automated decision-making
We do not use your personal data for automated decision-making.
Your rights
Where applicable, you have the right to request access to and rectification or erasure of personal data, to restrict the processing, to object to processing, as well as the right to data portability.
When processing is based on the consent that we received from you, you can withdraw such consent at any time.
Policy towards children
We do not knowingly collect any personal information from individuals under 18. If you become aware that such information is processed, please contact us.
Changes to this Privacy Policy
Whenever this Privacy Policy is subject to a material change, we will notify you in advance via the "what's new" widget, by message displayed on the web page, or by other means.
If Kanban Tool or Shore Labs is acquired by or merged with another company, we will notify you before information about you is transferred.
For minor changes not affecting your rights, we encourage you to monitor this page for updates.
Translations
Translations of this Privacy Policy to languages other than English, where available, are provided for convenience only. In case of any discrepancies between the English version of this Privacy Policy and a version in a different language, the English version shall prevail.
Kanban Tool On-Site
If you are still concerned about your information privacy, you may be interested in our Kanban Tool On-Site offering. Kanban Tool On-Site can be installed on your own infrastructure and offers supreme control over how and where your data is stored.
Responsible party
Our service is primarily designed with teams and organizations in mind. To that end, most activities are performed under specific accounts, e.g. acme.kanbantool.com, which have appointed account administrators and account owners of their own.
Account administrators have full access to personal data related to the account and are the actual data controllers.
If you have been invited to an account, you are subject to the account owner's organization policies, and we are not responsible for such organization's privacy or security practices. Please contact your account administrator with any privacy-related requests.
Contact Us
Your information is controlled by Shore Labs Zbigniew Zemła, Poprzeczna 11, 40-654 Katowice, Poland, EU.
If you have any questions or concerns about the way your data is processed or stored, please contact us on privacy@kanbantool.com
If contacting us does not resolve your dispute, you have a right to lodge compliant with your national data protection authority.