Effective date: February 3, 2026 Version: 1.0
This Privacy Policy explains how Kanbanify collects, uses, shares, and protects personal data when you use Kanbanify.org and related services.
Kanbanify is a project management and collaboration tool that supports boards, tasks, chat, meetings, documents, file attachments, and reporting.
1. Who we are and how to contact us
For the purpose of data protection laws, Kanbanify is the controller for personal data described in this policy, except where your organisation is the controller as explained below.
Contact for all privacy requests: support@kanbanify.org
2. Scope and roles
This policy applies to:
- Website visitors
- Account holders
- Users inside a workspace
Individual use
If you create and use your own workspace, Kanbanify generally acts as controller for your account and workspace data.
Organisation use
If you use Kanbanify through an organisation, the organisation typically controls workspace content and permissions, and Kanbanify processes that content to provide the service. Admins and team leads may have access to workspace content depending on permissions configured by the organisation.
3. Personal data we collect
We collect the minimum data needed to run Kanbanify and support your use.
3.1 Data you provide
Account data
- Email address
- Username or display name
- Password
- Optional profile fields you choose to add
Workspace content
- Boards, tasks, comments, statuses, and task metadata
- Chat messages and chat room membership
- Meeting information and meeting participation details
- Meeting summaries and notes created by users
- Documents and wiki style pages created by users
- Files and attachments uploaded by users
Reporting data
- Manual time entries related to tasks and work items
- Links created between tasks and related collaboration items, for example chats, meetings, summaries, and documents
- Reports generated from selected tasks and linked items
Reports can be exported in .xls and .xlsx. PDF export may be available depending on configuration.
Support communications
- Messages you send to support
- Attachments you include with support requests
3.2 Data we collect automatically
Connection and device data
- IP address
- Browser and device identifiers, such as user agent
- Date and time of access
Security and operational logs
- Authentication events
- Basic logs used to maintain reliability, debug issues, and prevent abuse
5. How we use personal data and legal bases
We process personal data for these purposes:
5.1 Provide the service
- Create and manage accounts
- Provide boards, tasks, chat, meetings, documents, file attachments
- Generate reports that connect tasks with related collaboration items
Legal basis: contract performance, legitimate interests.
5.2 Security and service integrity
- Protect accounts and prevent unauthorised access
- Detect and prevent abuse or fraud
- Maintain operational stability
Legal basis: legitimate interests, and legal obligations where applicable.
5.3 Support and service communications
- Respond to support requests
- Send service emails such as password resets, account notices, and important service updates
Kanbanify does not send marketing emails at this phase.
Legal basis: contract performance, legitimate interests.
5.4 Compliance and enforcement
- Comply with lawful requests
- Enforce terms and protect rights, safety, and integrity
Legal basis: legal obligations, legitimate interests.
6. Chat, meetings, encryption, and admin visibility
Kanbanify includes chat and meeting functionality.
Encryption and visibility depend on workspace configuration. Some configurations may support end to end encrypted rooms or calls, where message content is stored and transmitted in encrypted form and is not accessible to the service in readable form. In encrypted rooms, shared data remains encrypted within that room context. (Element)
If encryption is not enabled for a room or meeting context, authorised users in your workspace, including admins and team leads, may be able to access content according to permissions and audit controls set by the organisation.
Kanbanify can support administrative audit and export capabilities for compliance needs when enabled by the organisation, including browsing room history and exporting room contents. (Element)
7. Error reports and diagnostics
If you submit an error report or support logs, the report may include information needed to diagnose the issue, which can include IP address and identifiers you provide. Similar systems commonly retain error reports for a limited period to support troubleshooting. (Element)
Kanbanify aims to collect only what is necessary for support.
8. Sharing and disclosures
Kanbanify does not sell personal data.
We share personal data only in these cases:
8.1 Within your workspace
Content is shared with other users in your workspace according to permissions and roles configured by the organisation. Reports are accessible to admins and team leads.
8.2 Service providers
We may use third party providers for infrastructure, storage, email delivery, and security operations. We limit access to what is necessary, and require providers to protect data and process it only to deliver services to Kanbanify.
We do not list providers publicly at this time to preserve operational anonymity. If your organisation requires a subprocessor list for due diligence, it can be provided through a private support request.
8.3 Legal and safety disclosures
We may disclose information if we believe disclosure is reasonably necessary to:
- Comply with applicable law or lawful request
- Protect the security or integrity of the service
- Prevent harm, fraud, or illegal activity
- Respond to emergencies involving serious risk to a person
We aim to disclose only the minimum necessary.
9. Data retention
We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law.
Retention is influenced by:
- Whether an account or workspace remains active
- Workspace settings for retention and deletion
- Admin configured retention controls where available (Element)
- Security and operational requirements
Deletion behavior can vary by configuration and by content type, for example messages, files, and workspace exports. Where deletion is available, content may be removed immediately or may be retained for a limited period in backups for operational continuity, then removed according to routine backup cycles.
10. International transfers
Kanbanify may process data in multiple regions depending on hosting configuration. Where cross border transfers occur, we apply appropriate safeguards required by applicable law.
11. Security
We use technical and organisational measures designed to protect personal data, including access controls and encryption in transit.
You are responsible for safeguarding your credentials and using strong passwords.
12. Children
Kanbanify is not intended for individuals under 18. We do not knowingly collect personal data from children under 18.
13. Your privacy rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete personal data
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent where processing is based on consent
- Rights related to automated decision making, where applicable
To exercise your rights, email support@kanbanify.org. We may request information to verify your identity.
If you use Kanbanify through an organisation, requests related to workspace content may need to be handled through your organisation’s admin, depending on how the workspace is controlled.
14. Updates to this policy
We may update this policy from time to time. If changes are material, we will provide notice through the service or by email. The effective date at the top shows the current version date.