Privacy Policy

1. Overview

This policy explains how Prioboard ("Prioboard", "we", "us") collects, uses and protects personal data when you visit prioboard.app or use the Prioboard application (the "Service"). Prioboard is a business-to-business prioritisation tool that connects to a customer's Linear workspace. Questions or requests can be sent to privacy@prioboard.app.

2. Our role: controller and processor

For account and usage data (your profile, login records, and how you interact with the Service and our website), we act as a data controller.

For workspace content (data synced from a customer's Linear workspace, board configurations, votes, scores and comments), we act as a processor on behalf of the customer organisation, which is the controller. If you have questions about how your organisation uses Prioboard, or want to exercise rights over workspace content, contact your organisation's administrator. A data processing addendum is available to customers on request.

3. Data we collect

• Account data: name, email address, profile photo and authentication identifiers, provided directly or via your login provider through Clerk
• Organisation data: organisation name, membership, roles and settings
• Workspace content: initiatives, projects, issues and related metadata synced from the connected Linear workspace, which may include names of people referenced in that content
• Contribution data: votes, scores, comments and reactions you create in the Service
• Usage and device data: log data, IP address, browser type, pages viewed and approximate region, plus aggregated, cookieless analytics
• Communications: messages you send us, such as support requests

4. How we use data and our legal bases

• Providing and operating the Service, including syncing with Linear and delivering notifications: performance of a contract
• Securing the Service, preventing abuse and debugging errors: legitimate interests in keeping the Service safe and reliable
• Understanding aggregate usage to improve the Service: legitimate interests; analytics data is aggregated and not used to profile individuals
• Communicating service updates, security notices and changes to terms: performance of a contract or legal obligation
• Complying with law and legal process: legal obligation

Where we process workspace content as a processor, we do so on the documented instructions of the customer, and the customer is responsible for its own legal basis.

5. AI features

When AI briefs are enabled, the content of the relevant Linear entities is sent to Anthropic to generate a short summary. This processing is governed by API terms under which the data is not used to train models. Generated briefs are stored alongside the item they describe and can be regenerated or ignored.

6. Who we share data with

We do not sell personal data and we do not share it with advertisers. We share data only with service providers that help us run the Service (our subprocessors), with Linear at your organisation's direction, and where required by law or in connection with a corporate transaction, in which case this policy continues to apply to the data transferred.

• Clerk: Authentication and organisation management (United States)
• Convex: Application database and backend hosting (United States)
• Vercel: Web hosting and privacy-friendly analytics (United States / global edge)
• Knock: Email and in-app notification delivery (United States)
• Anthropic: AI brief generation (United States)
• Sentry: Error monitoring and diagnostics (United States / EU)

When a facilitator publishes results, scores, ranks and summary comments are written to your organisation's Linear workspace and are then governed by Linear's terms and your organisation's policies.

7. International transfers

Our subprocessors store data primarily in the United States. Where personal data is transferred out of the UK or EEA, we rely on appropriate safeguards, including the UK Addendum and EU Standard Contractual Clauses, or the provider's certification under the EU-US Data Privacy Framework where applicable.

8. Retention

Account data is retained for as long as your account exists. Workspace content is retained while the customer's organisation is active and is deleted within a reasonable period (normally 30 days) after the organisation is deleted or the customer requests deletion, except where retention is required by law. Logs and diagnostic data are retained for up to 12 months. Residual copies in encrypted backups are removed in the ordinary course of backup rotation.

9. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit and at rest, scoped OAuth access to Linear, per-organisation data isolation, access controls on production systems, and secrets management. No system is perfectly secure; if we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. You can exercise these rights by emailing privacy@prioboard.app. For workspace content controlled by your organisation, we will refer your request to the organisation's administrator. You also have the right to complain to a supervisory authority; in the UK, that is the Information Commissioner's Office (ico.org.uk).

11. Cookies

We use strictly necessary cookies to keep you signed in and to protect the Service against request forgery; these are set by our authentication provider, Clerk. We do not use advertising or cross-site tracking cookies. Our analytics are aggregated and do not use cookies or persistent identifiers.

12. Children

The Service is intended for business use and is not directed at children. We do not knowingly collect personal data from anyone under 16.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or in-app notice before they take effect, and the date at the top of this page will always reflect the latest revision.

14. Contact

Privacy questions and requests: privacy@prioboard.app. Our terms of service are available at prioboard.app/terms.