Legal
Privacy Policy
Last updated: 2026-07-08
Placeholder. Replace with vetted copy before external launch. The headings below describe data the app actually handles today so reviewers can map the placeholder to reality.
What we collect
- Account data: email, name, timezone, locale, optional avatar URL, and (when signing in with email) an argon2id hash of your password.
- Content: organizations, projects, tasks, comments, attachments, time entries, reminders, and activity logs you create.
- Session metadata: a hashed session token, user agent string, and IP address per session, kept for revocation + audit.
- Notifications: in-app + email + (optional) push notifications.
- Operational telemetry: error reports sent to Sentry (with PII scrubbing) and structured request logs.
Cookies
We use first-party cookies for: session authentication, UI preferences (theme, density, sidebar collapse), the user's last-visited organization slug, and a consent flag for optional telemetry. No third-party advertising cookies are set.
Sharing
We don't sell your data. Sub-processors used to operate the service:
- Hosting (Render / Neon Postgres).
- Transactional email (Resend).
- Error tracking (Sentry).
Your rights (GDPR)
- Access / portability: Download your data from Your data.
- Erasure: Delete your account from the same page. Data is purged after a 30-day grace period.
- Correction: Edit your profile from Account.
Retention
Active account data is kept while your account is open. Soft-deleted accounts are purged after 30 days. Notifications older than 90 days may be archived.
Contact
Reach the operator of this Organise360 deployment with any privacy questions.
See also our Terms of Service.