Privacy
Privacy Policy
Last updated: 2 May 2026
In one paragraph
We collect the minimum data needed to run the product (your name, email, the workspaces and rounds you create, and your team's votes). We don't sell it. We don't use it to train AI. We share it only with the third parties listed below, and only to operate the service. You can delete your account and your data at any time by emailing us.
Who we are
Plan Apart is operated by an individual sole proprietor. Contact: hello@planapart.app.
What we collect
- Account data: name, email address, hashed password (managed by AWS Cognito).
- Workspace + team data: workspace and team names, members, roles, invitations.
- Round content: round titles, ticket titles and descriptions, votes, comments, deadlines. Tickets imported from Linear or Jira include the source issue's title and description.
- Integration credentials: when you connect Linear or Jira, we store OAuth access and refresh tokens (encrypted at rest) and your account identifier with that provider.
- Operational logs: HTTP request metadata (timestamp, route, status, response time) retained 14 days for debugging.
We do not collect or store: your password (Cognito handles that), payment details (no billing yet), browsing activity outside the app, or device fingerprints.
Why we collect it
- To run the service: authenticate you, show your team's rounds, accept your votes, route invitations.
- To integrate with Linear / Jira (when you connect them): import issues, write back estimates.
- To improve quality (when your team enables AI ticket scoring): we send ticket title and description to Anthropic to compute a clarity rating. Anthropic does not train on it under their default API terms.
- To debug and operate: short-term logs to investigate errors.
We do not use your data to advertise, profile you, or train AI models.
Subprocessors
We use the following providers to operate the service. Each handles data only as needed for their specific role.
| Provider | Role | Data location |
|---|---|---|
| Amazon Web Services (AWS) | Authentication, database, compute, event bus, email delivery, logs | EU (Ireland), eu-west-1 |
| Cloudflare | DNS, CDN, web hosting (Pages) | Global edge |
| Anthropic | AI ticket-quality scoring (only when your team enables it) | US |
| Linear | Issue import + estimate write-back (only when your workspace connects it) | Per Linear's terms |
| Atlassian (Jira) | Issue import + story-points write-back (only when your workspace connects it) | Per Atlassian's terms |
| Namecheap (Private Email) | Inbound email at our support address | US |
How long we keep it
- Account data: until you delete your account.
- Round and voting data: until you or your workspace owner deletes the workspace.
- Inactive workspaces: workspaces whose subscription expires enter a 90-day read-only window. At the end of that window we email the workspace owner a CSV export of all rounds, tickets, votes, comments, and members (signed download URL, 30-day expiry), then permanently delete the workspace data from our database. This is GDPR data-minimisation: we don't keep dormant workspaces indefinitely.
- Operational logs: 14 days, then automatically purged.
- Outbox event records: 7 days (used internally for reliable event delivery, then auto-expired).
Your rights
Wherever you live, you can:
- Ask us what we have on you (we'll send it within 30 days).
- Ask us to delete it (we'll do it within 30 days; nothing currently requires us to retain it).
- Ask us to correct it.
- Ask us to send it to you in a portable format (JSON export).
Email hello@planapart.app for any of the above.
Under UK GDPR / EU GDPR you also have the right to lodge a complaint with your local supervisory authority.
Security
HTTPS everywhere, encrypted-at-rest database (AWS DynamoDB), short-lived JWT authentication (AWS Cognito), MFA available on every account (TOTP). Integration tokens are stored encrypted. Source review and least-privilege IAM are part of our deploy process.
No system is perfectly secure. If you discover a vulnerability, please email hello@planapart.app.
Children
Plan Apart is not intended for users under 16. We don't knowingly collect data from anyone under that age.
Changes to this policy
We'll update this page when our practices change and email signed-in account owners about material changes. Previous versions are available on request.
Contact
Email hello@planapart.app.