Projoint
Log in Start free

Privacy Policy

Last updated: 2026-05-22

Summary in plain English

  • We collect the minimum personal data needed to run a project-management service: your email, your name, what your team has created in Projoint.
  • We don't sell your data. We don't share it with third parties beyond the processors we depend on to run the service (listed below).
  • You can export or delete everything you uploaded, from settings, at any time.
  • We don't use your content to train AI models.
  • If you're an EU resident, you have GDPR rights — see §7.

1. Who is the data controller

Projoint is operated by the team at hello@projoint.tech. Privacy questions go to privacy@projoint.tech.

2. What we collect

Account data

  • Email address (required) — for login + transactional emails.
  • Display name (required) — shown to teammates.
  • Avatar (optional) — if you upload one.
  • Password (hashed with argon2 — we never see the plaintext).

Service data

  • Workspaces, teams, projects, tasks, comments, files, docs, time entries — everything you create.
  • Logs of your sessions (login time, IP, user agent) — kept 30 days for security.
  • Activity audit log (who did what in your team) — for the team's own security review.

Optional / opted-in

  • Email delivery preferences (which notifications you want via email).
  • Push notification subscriptions (per-device tokens).
  • Calendar export tokens (when you enable iCal feed).
  • Personal access tokens (when you create one via settings).

3. How we use it

  • Provide the service: render the app, deliver notifications, sync integrations you opted into.
  • Operate the service: error tracking (Sentry), uptime monitoring, basic analytics (pages visited, no personal tracking).
  • Support: respond to your emails, debug issues with your express permission.
  • Legal: meet record-keeping obligations (e.g. billing invoices for 6+ years per local law).

We do not use your content to train AI models. When AI features ship (Phase v1.1), they'll be opt-in per team, with clear consent and a per-team data-handling agreement.

4. Who we share data with (processors)

We use the following processors to run the service. Each is contractually bound to handle your data only on our instructions and per their own security commitments.

  • Timeweb Cloud — VPS hosting + S3-compatible object storage (file attachments, backups). Data residency: Russia / EU as per Timeweb's region.
  • Resend — transactional email delivery.
  • Sentry — error tracking. We scrub sensitive fields before sending.
  • Better Stack — uptime monitoring + logs.
  • Stripe (when paid plans launch) — payment processing. Card details live with Stripe, never on our servers.

5. How long we keep it

  • Active accounts: as long as you use the service.
  • Deleted accounts: 30-day soft-delete restore window, then permanent deletion.
  • Backups: 30 days daily, 12 months monthly, 7 years yearly (legal retention).
  • Logs: 30 days.
  • Billing records: 6+ years where required by tax law.

6. How we protect it

  • HTTPS everywhere (TLS 1.3 + HSTS).
  • Argon2 password hashing.
  • Two-factor authentication available — strongly recommended.
  • Row-level security in the database (your team's data is hard-isolated from other tenants at the SQL layer, not just the app).
  • Encrypted backups.
  • Operator-access audit log visible in your account settings — every time a Projoint operator (us) reads your data, you see it.

7. Your rights (GDPR / similar)

If you're in the EU, EEA, UK, or another jurisdiction with GDPR-like rights, you have the right to:

  • Access: export all data we hold about you (from settings → Export account).
  • Rectify: edit your profile / fix wrong data.
  • Delete: delete your account + all your data.
  • Portability: machine-readable export (JSON / CSV).
  • Object: opt out of any non-essential processing (notification emails, analytics).
  • Complain: contact your local data protection authority.

To exercise these rights, email privacy@projoint.tech. We respond within 30 days.

8. Cookies

See our Cookies Policy for what we store on your device and why.

9. Children

Projoint isn't designed for users under 16. We don't knowingly collect data from children — if you believe a child has signed up, email privacy@projoint.tech and we'll delete the account.

10. Changes

Material changes are announced via email at least 30 days before they take effect.

11. Contact

Privacy questions: privacy@projoint.tech
General: hello@projoint.tech