Features Comparison Pricing FAQ Login / Sign Up Book a demo
Legal

Privacy Policy

How we collect, use, and protect your data. Written to be readable, not to hide behind 14,000 words of legalese.

Effective January 1, 2026 This document is written in plain language. If anything is unclear, email legal@boardhasa.name.

Introduction

This Privacy Policy explains how BoardHasA.name ("we", "us", "BoardHasA") handles personal information when you use our project management service, marketing site, and supporting products. By using the service you agree to the practices described here.

We collect only what we need to operate the product, never sell personal data, and let you export or delete your information at any time.

Information we collect

Account information

When you create an account we collect your name, work email address, organization name, and a hashed password. Single sign-on customers provide only what their identity provider releases (typically email and display name).

Content you create

Boards, tasks, comments, attachments, and any other content you store on the service. This is your data — we treat it as confidential and only access it to deliver, secure, or support the product.

Usage data

Standard application logs: IP address, browser type, pages visited, and timestamps. We use this to debug issues, prevent abuse, and improve performance.

Billing information

Handled by our PCI-DSS compliant payment processor. We store only the last four digits of your card and the billing address on file.

How we use information

  • To operate, secure, and support the service.
  • To bill your account and prevent fraud.
  • To send service-related notices (password resets, security alerts, billing).
  • To send product updates and marketing — you can unsubscribe from these at any time.
  • To comply with legal obligations and respond to lawful requests.

We do not use your content to train AI models. We do not sell, rent, or trade personal data to third parties.

Who we share with

We share information only with vetted service providers ("subprocessors") that need it to help us run the service — for example, cloud hosting, email delivery, and customer support tooling. A current list of subprocessors is available at our compliance page.

We may disclose information when required by law, to enforce our terms, or to protect the rights, property, or safety of our users or others. Where permitted, we notify the affected account before disclosure.

Data retention

We retain your account data for as long as your subscription is active. After cancellation, content is retained in cold storage for 30 days to allow recovery, then permanently deleted. Backups are purged within 90 days.

Audit logs and billing records are retained for up to 7 years to meet tax and compliance obligations, even after account deletion.

Your rights

Regardless of where you live, BoardHasA.name customers can:

  • Access — request a copy of the personal data we hold about you.
  • Correct — update inaccurate or incomplete information.
  • Delete — request permanent deletion of your account and content.
  • Export — download your boards, tasks, and comments in JSON or CSV format at any time from account settings.
  • Object — opt out of marketing communications and certain processing activities.

To exercise any of these rights, email privacy@boardhasa.name. We respond within 30 days.

Cookies and tracking

We use a minimal set of cookies: a session cookie to keep you signed in, a CSRF token to protect form submissions, and a preference cookie for theme and locale. No third-party advertising cookies are set on the application.

The marketing site uses privacy-friendly analytics that do not track individual users or persist identifiers across sites. You can opt out via the cookie banner.

Security

We use industry-standard safeguards — encryption in transit and at rest, scoped access controls, continuous monitoring, and regular third-party penetration testing. For full detail see our Security page.

No system is perfectly secure. If you believe an account has been compromised, contact security@boardhasa.name immediately.

International transfers

BoardHasA.name is operated from data centers in the United States and the European Union. If you are located outside these regions, your data may be transferred internationally. We rely on Standard Contractual Clauses and equivalent safeguards for cross-border transfers as required under GDPR and similar frameworks.

Children

BoardHasA.name is a business tool and is not intended for use by anyone under 16. We do not knowingly collect data from children. If you believe a child has provided personal information, contact us and we will delete it.

Changes to this policy

We update this policy when we add features or change practices. We will post the new version here with a revised effective date. Material changes are communicated by email at least 30 days before they take effect.

Contact

Privacy questions, requests, and complaints can be sent to:

BoardHasA, Inc.
Attn: Privacy Office
1 Market Street, Suite 200
San Francisco, CA 94105, USA
privacy@boardhasa.name

EU residents may also lodge a complaint with their local supervisory authority.

Questions about this policy?

Our team is happy to walk through any of these terms with you — particularly for procurement or security reviews.

Contact us