1. Introduction

Welcome to Retrospective.fun ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our retrospective collaboration platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and authentication credentials.
• Team and Session Data: Information about teams you create or join, retrospective sessions, notes, and collaboration data.
• Billing Information: Payment details processed securely through our payment provider (Stripe) when you subscribe to paid plans.

2.2 Automatically Collected Information

• Usage Data: Information about how you interact with our service, including session duration, features used, and performance metrics.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies and Local Storage: We use cookies and browser storage (localStorage, sessionStorage) to maintain authentication sessions, remember your preferences (such as theme settings), and improve user experience. We do not use third-party tracking cookies.
• Error and Performance Data: Technical information about errors and application performance to help us identify and fix issues (via Sentry).

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide, maintain, and improve our retrospective collaboration services
• Process transactions and send related information
• Send administrative notifications, updates, security alerts, and retrospective reminders
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns and trends
• Generate AI-powered insights and suggestions to improve your retrospectives (Pro features)
• Detect, prevent, and address technical issues and security vulnerabilities
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Team Members: Information you share within team retrospectives is visible to other team members.
• Service Providers: We work with third-party service providers for hosting (Azure), authentication (Firebase), and payment processing (Stripe).
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit and at rest
• Secure authentication using Firebase
• Regular security assessments and updates
• Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Retention periods vary based on:

• Active account status and subscription level
• Legal and regulatory requirements
• Dispute resolution and enforcement needs

You may request deletion of your account and associated data at any time through your account settings or by contacting us directly.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Export your retrospective data
• Opt-out: Unsubscribe from promotional communications

To exercise these rights, please contact us using the information provided below.

8. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Third-Party Services

Our service integrates with third-party services:

• Firebase (Google): Authentication and real-time database services
• Azure (Microsoft): Cloud hosting, infrastructure, and AI services (Azure OpenAI)
• Neon: PostgreSQL database hosting
• Stripe: Payment processing
• Mailjet: Transactional email delivery (session invites, reminders, notifications)
• Sentry: Error monitoring and application performance tracking

These third parties have their own privacy policies. We encourage you to review their policies to understand how they handle your information.

11. AI-Powered Features

Our service uses artificial intelligence to enhance your retrospective experience. When you use AI-powered features (available on Pro plans), the following applies:

• Data Processing: Content from your retrospective sessions (such as notes and discussion topics) may be processed by Azure OpenAI to generate insights, suggestions, and summaries.
• No Training: Your data is not used to train AI models. Azure OpenAI processes data only to provide the requested service and does not retain it for model improvement.
• Embeddings: We may create numerical representations (embeddings) of your content to enable features like pattern detection and cross-session insights. These embeddings are stored in our database.
• Opt-out: AI features are optional. You can use the core retrospective functionality without enabling AI-powered insights.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending a notification through our service or via email

Your continued use of our service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

14. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making and profiling

To exercise these rights, please contact us using the information above. You also have the right to lodge a complaint with your local data protection authority.

15. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information is collected
• The right to know if personal information is sold or disclosed
• The right to opt-out of the sale of personal information
• The right to deletion of personal information
• The right to non-discrimination for exercising CCPA rights

We do not sell personal information. To exercise your CCPA rights, please contact us using the information above.