Privacy Policy

1. Introduction

Welcome to Jestimate ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to all information collected through our Service and any related services, sales, marketing, or events.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Email address, display name, and password when you create an account
• Profile Information: Optional profile picture and display name preferences
• Payment Information: Billing details processed securely through Stripe (we do not store payment card information)
• Content: Estimation votes, retrospective items, chat messages, and session notes you create
• Communications: Messages you send to us, including feedback and support requests

2.2 Information Collected Automatically

• Usage Data: How you interact with our Service, including pages visited and features used
• Device Information: Browser type, operating system, IP address, and device identifiers
• Log Data: Server logs including timestamps, request details, and error information
• Cookies and Tracking: Session cookies, preference cookies, and analytics data

2.3 Information from Third Parties

• OAuth Providers: Basic profile information from Google, GitHub when you use social login
• Payment Processors: Transaction status and billing information from Stripe

3. How We Use Your Information

We use your information for the following purposes:

3.1 Providing and Improving Our Service

• Creating and managing your account
• Enabling real-time collaboration features
• Processing payments and managing subscriptions
• Storing your estimation and retrospective data
• Providing customer support and responding to inquiries
• Analyzing usage patterns to improve our Service

3.2 Legal Basis for Processing (GDPR)

• Contract Performance: Processing necessary to provide our Service
• Legitimate Interest: Improving our Service and preventing fraud
• Consent: Marketing communications (where applicable)
• Legal Obligation: Compliance with applicable laws and regulations

4. How We Share Your Information

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

4.1 Service Providers

• Supabase: Database hosting and authentication services
• Stripe: Payment processing and billing management
• Hosting Providers: Infrastructure and content delivery

4.2 Legal Requirements

• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• To prevent fraud or security threats
• In connection with business transfers or mergers

4.3 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data encrypted in transit using TLS and at rest
• Access Controls: Strict access controls and authentication requirements
• Security Monitoring: Continuous monitoring for security threats
• Regular Audits: Regular security assessments and penetration testing
• Incident Response: Procedures for handling security incidents

While we use reasonable efforts to protect your information, no method of transmission over the internet or electronic storage is 100% secure.

6. Data Retention

• Active Accounts: We retain your data while your account is active
• Canceled Accounts: Data deleted according to your subscription plan's retention policy
• Legal Requirements: Some data may be retained longer for legal compliance
• Anonymized Data: We may retain anonymized usage statistics indefinitely

7. Your Privacy Rights

7.1 All Users

• Access and update your account information
• Delete your account and associated data
• Opt out of marketing communications
• Contact us with privacy concerns

7.2 GDPR Rights (EU Residents)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to processing for direct marketing
• Right to Restrict: Restrict certain processing activities

7.3 CCPA Rights (California Residents)

• Right to Know: Information about personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (session management, authentication)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our Service

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other appropriate safeguards as required by law

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the updated Privacy Policy on this page
• Sending an email notification for material changes
• Providing notice through our Service

Changes become effective 30 days after posting, unless otherwise specified.

12. Contact Us