Privacy Policy | EasyRetro

Last updated: May 1, 2022

EasyRetro (“we” or “us”) highly value and respect your privacy and your rights to your personal information. This privacy policy (“Policy”) outlines the way EasyRetro collects and process your Data. We want to make sure that you are aware of the way we operate and the options available to you when accessing or using our website and the Services we provide.

References to “you” in these Terms of Service, as well as in our Terms of Service, means you or any entity you may represent in connection with your use of our Services.

Please take a moment to read our Policy, as well as our Terms of Service. If you have any questions or concerns, feel free to email us at If you do not agree with this Policy do not access or use our Services.

If we make any major changes in this Policy, we will send you an e-mail with the new version, but we insist, come visit us from time to time to keep yourself updated about it.

1. Definitions

As used in this Policy:

“Services” means the services we provide through our Software, providing online boards for agile retrospective, individually or in teams;

“Website” means this platform, or “”, adopted to operate our Services;

“Data” means any information collected from individuals, generally, apply to any information;

“Personal Data” means any personal information collected from an individual that identifies a natural person concerning an identified or identifiable natural person (i.e. e-mail, date of birth, name).

“Processing” means any operation or set of operations that uses personal data autonomously or not;

“Profiling” means a type of processing that uses personal data to analyze some aspects related to a natural person´s life;

“Controller” means any natural or legal person, whether public or private, in charge of decisions on the processing of personal data;

“Processor” means any natural or legal person, whether public or private, who processes personal data on behalf of the controller;

“Recipient” means any natural or legal person, whether public or private, for whom the personal data collected are reported to;

“Third Party” means any natural or legal person, whether public or private, under the control of the controller or the processor, is authorized to perform the processing of personal data.

“GDPR” refers to the Regulation (EU) 2016/679 (General Data Protection Regulation).

“CCPA” refers to the California Consumer Privacy Act.

2. What Data do we collect and through which technical means?

All the information required and processed by us, as the controllers, are adequate, limited and necessary for our Services. We collect Data in different ways and use different technical means. To explain in a more transparent/easy way we divided the aspect of Data in two ways such as appointed on definitions topic above:

Personal Data: Personal Data: We only collect Personal Data directly from you. When you register and use our Website, you voluntarily give us:

  • E-mail address
  • Name
  • Team Name

All the information above can be changed and/or updated by you any time.

Once you registered and started using our services, you will be givingus permission to treat your personal data.

Data: Indirectly and/or automatically generated or collected information that does not contain any personal information. We use those Data to improve your user experience. For example, your IP address and User Agent, as well as:

  • User ID - our Backend software automatically generate your User ID. Therefore, we use it to identify you in our system. You cannot modify your ID through our system.
  • Cookies - consist of files with small amount of data that contain no personal information, commonly used as an anonymous unique identifier. When you simply visit our Website, we set them in your browser automatically. We use them to provide basic features of our Services. However, you can set your browser to refuse cookies. Nevertheless, certain features of our Services may not function properly without them.

Indirectly and/or automatically generated or collected information that does not contain any personal information. We use those Data to improve your user experience. For example, your IP address and User Agent, as well as:

We emphasize all the content created, in reference to retrospectives, on your logged area are stored with encrypted technology and cannot be accessed with legal ways by a non-authorized User ID. In other words, any person that does not have the URL sharable to the board or a member of the Team, in case of Team boards, cannot have access to the content created and/or registered.

3. Third parties we share your Data with

To provide our services we need to share some of your Data with third parties. However, we only share the information if compliant to the following conditions:

(i) with a legitimate purpose;

(ii) for specified reason;

(iii) only to those who are compliant to GDPR, having appropriate privacy and security procedures.

As said before, transparency is one of our biggest value, so we assure you we only share directly your information to the following platforms and exclusively for the reasons appointed.

Some third parties also collect information which we don’t provide directly, some information may include IP addresses and User Agents. Nevertheless, they only collect Data from our users to provide their services. As said before, all third parties have great concern and protocols for protecting all the Data collected from you.

Name Reason to use Data location Data shared Privacy policy URL DPA
Firebase We use Firebase as our backend, database, hosting and authentication service. Firebase only collects data that is necessary to provide its services. US
  • Your e-mail address
  • Your password
Firebase link Firebase DPA
Paddle We use Paddle as our reseller and merchant of record for all our orders. We only share information from users that become subscribers. UK
  • Your e-mail address
Paddle privacy Paddle GDPR
Intercom We use Intercom as our gateway for customer support, transactional emails and support articles. We only share information from users that interact with our support chat tool. US
  • Your e-mail address
  • Your name
Intercom link Intercom DPA
EmailOctopus We use EmailOctopus to send emails newsletter as our marketing tool. You can cancel your subscription in our list anytime (link on the email). UK
  • Your e-mail address
  • Your name
EmailOctopus link EmailOctopus DPA
Sendgrid We use Sendgrid as our transactional email tool to send emails to our users. US
  • Your e-mail address
  • Your name
  • Your team name
Sendgrid link Sendgrid DPA

Once you registered and started use our services, you will be giving us permission to share your data with the third party nominated above.

We assure you that we will provide our best efforts to assure that our services will be delivered in a manner that ensures appropriate security and confidentiality of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Because of that, we will only share the data that you informed to us with the third party nominated above. If we eventually need share your personal data with an entity that were not listed above, we will inform and ask your permission.

Despite the sharing of your personal data with the third party nominated above, we do not authorize them to use it to any other purpose than they were hired for.

We clarify that we can not be responsible for the attacks of hackers or any other abnormality related to the reach of the international standards of performance and security of the internet.

4. Children Privacy

If you are under eighteen (18) years of age, then please do not use or access our Services. We do not knowingly collect or maintain Personal Information from persons under eighteen (18) years. If we learn that a person under eighteen (18) years has registered in our Website, her Personal Data provided to us without her parents or guardian communication we will cancel that user’s account and delete their Data.

If it comes to our attention through reliable means that a registered user is a child under 18 years of age, we will cancel that user's account and/or access to the Services.

5. How do we protect and where we host your Data?

We use the best procedures of security to your Personal Data collected and processed by us to guarantee your rights of protection and confidentiality. The Data collected by us is stored on external servers of Firebase (Google Cloud Platform) located in US Central. Such Data is processed and dealt in a restricted and careful manner with appropriate technical and organizational measures required by the GDPR to safeguard the rights and freedoms of our users. Our goal is to keep your privacy and personal information and to avoid any breach. You can read more about our security and hosting procedures information here. At

6. How to verify, modify or delete your Data

You have full control over your Data and personal information in our platform. In other words, you can personally modify, correct, view, export or delete it. However, if you want to verify which Personal Data is stored on your behalf, have it modified, corrected or deleted by us, please contact our e-mail, giving a clear description of your request. We will gladly attend your demand.

7. Your rights and our procedures

As highlighted above, you have rights related to Personal Data, as described:

  • Access to your Personal Data at any time;
  • Edit your account details, making sure your Personal Data is updated;
  • Access updated information about your Personal Data held by us and the adopted technical means;
  • Request restrictions to your Personal Data processing or deletion;
  • Report any infringements to our policy and procedures.

You can demand your rights at any time by our email and we will guarantee them.

In compliance with the CCPA, we will not incur the following conducts: Selling personal information; retaining, using, or disclosing personal information for purposes other than as required for the services we provide to you; and Retaining, using, or disclosing the personal information outside of the direct relationship that we have with you; all as set forth and described in the CCPA, as applicable.

Please note that any breach or leak of Data will be reported by email and at our Website on a timely manner.

8. How long do we keep your Data?

For the purpose of you wanting to renew your subscription and have back all the content created through our Services, the Data will be kept for two (2) years following the end of your subscription. After that period, we will notify you by email and after thirty (30) days of inertia we will permanently delete all your Data from our Database, as compliant to the storage limitation imposed by GDPR. The Data deleted from our Database will be strictly in case of an inactive user, not affecting users with a free account.

We will archive public boards from free accounts after a period of (1.5) years. Archived boards will still be accessible by the original account that created them, but they won't be accessible by other people with the board URL. The board owner can still unarchive the boards at anytime.

9. Contact Information

If you have questions regarding our Services, or concerns about any information processed in the context of our Services, or on your rights, feel free to contact us by our email