Privacy Policy

Last updated: January 29, 2025

1. Introduction & Data Controller

This Privacy Policy explains how Collabry UG (haftungsbeschränkt) i.G. ("Collabry," "we," "us," or "our") collects, uses, and protects your personal data when you use our website (collabry.de) and our SaaS application (app.collabry.de).

Collabry is a project management synchronization platform that connects tools like Jira, Linear, Asana, and Azure DevOps, enabling seamless collaboration across different systems.

Data Controller:

Collabry UG (haftungsbeschränkt) i.G.
Schölerpad 235
45355 Essen, Germany
Email: privacy@collabry.de

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored in hashed form)
  • Company name

2.2 OAuth Authentication Data

If you sign in using Google, GitHub, or Microsoft, we receive your profile information (name, email, profile picture) from these providers to authenticate your account.

2.3 Integration Data

To provide our core synchronization service, we access and process data from the project management tools you connect:

  • Jira: Projects, issues, comments, attachments, user information
  • Linear: Teams, issues, comments, labels, user information
  • Asana: Workspaces, projects, tasks, comments, user information
  • Azure DevOps: Projects, work items, comments, attachments, user information

This data is necessary to synchronize your tasks across platforms.

2.4 Usage Data

We collect information about how you use our services:

  • Activity logs (sync operations, feature usage)
  • Device information (browser type, operating system)
  • Page views and clicks on our website

2.5 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe may collect billing information such as your name, address, and payment method details. Please refer to Stripe's Privacy Policy for more information.

2.6 Website Analytics

On our landing page (collabry.de), we use:

  • PostHog: Collects page views, clicks, and device information for analytics purposes. Data is processed in the EU.
  • Google Fonts: Typography is loaded from Google servers, which may collect your IP address.
  • Cal.com: If you book a demo, your booking details are processed by Cal.com.
  • UnicornStudio: Used for animations, which may collect usage metrics.

3. How We Use Your Data

We use your personal data to:

  • Provide and maintain our synchronization service
  • Authenticate your account and manage your subscription
  • Synchronize data between your connected project management tools
  • Send service-related communications (e.g., sync errors, account updates)
  • Improve our services based on usage patterns
  • Respond to support requests
  • Process payments through Stripe
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our synchronization service and fulfill our contractual obligations to you.
  • Legitimate Interests (Art. 6(1)(f)): Processing for analytics, service improvement, and fraud prevention, where our interests do not override your rights.
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications.
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws.

5. Data Sharing & Third Parties

We share your data with the following categories of recipients:

5.1 Service Providers

  • fly.io: Our hosting provider. Servers are located in Frankfurt, Germany (EU). All data remains within the EU.
  • Stripe: Payment processing for subscription management.
  • PostHog: Analytics provider with EU data processing.

5.2 Authentication Providers

If you use OAuth sign-in, data is exchanged with Google, GitHub, or Microsoft as necessary for authentication.

5.3 Connected Project Management Tools

By design, Collabry synchronizes data between the tools you connect. Data flows between these platforms as directed by your synchronization configuration.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data as follows:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Integration data: Synchronized data is processed in real-time and not permanently stored beyond what is necessary for the sync operation.
  • Usage logs: Retained for up to 12 months for service improvement purposes.
  • Payment records: Retained as required by tax and accounting laws (typically 10 years in Germany).

When you request account deletion, we will delete your personal data immediately, except where retention is required by law.

7. Your Rights (GDPR Articles 15-22)

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Request correction of inaccurate data.
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to Restriction (Art. 18): Request limitation of processing.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@collabry.de. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf, Germany
www.ldi.nrw.de

8. Cookies & Tracking

Our website uses cookies and similar technologies:

  • Essential cookies: Required for the website to function properly (e.g., session management).
  • Analytics cookies: Used by PostHog to understand how visitors interact with our website.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication
  • EU-based infrastructure (fly.io Frankfurt)

10. International Data Transfers

Your data is processed and stored within the European Union (EU). Our servers are hosted by fly.io in Frankfurt, Germany.

Some third-party services (such as OAuth providers) may transfer data outside the EU. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@collabry.de.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we may also notify you via email.

We encourage you to review this Privacy Policy periodically.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Collabry UG (haftungsbeschränkt) i.G.
Schölerpad 235
45355 Essen, Germany
Email: privacy@collabry.de