Privacy Policy

Data we collect

SprintDeck collects the minimum data needed to operate planning poker rooms, authenticate users, process subscriptions, secure the service, and support customers.

• Account data, such as name, email address, authentication provider, locale, and workspace-related profile details.
• Room and estimation data, such as room codes, participant display names, voting rounds, selected cards, issue titles, reveal results, and facilitation settings.
• Billing data, such as plan, subscription status, checkout session identifiers, and payment processor references. SprintDeck does not store full card numbers.
• Usage and security data, such as device type, browser, IP-derived security signals, request metadata, audit events, error logs, and abuse-prevention telemetry.
• Support data, such as messages, attachments, and diagnostic context voluntarily sent to SprintDeck for help or account administration.

How we use data

SprintDeck uses data to deliver the service, keep estimation sessions reliable, improve product quality, prevent abuse, communicate with users, and comply with legal obligations.

• Create, join, synchronize, reveal, and retain planning poker room activity according to product settings and plan limits.
• Authenticate users, maintain sessions, manage account preferences, and protect accounts against unauthorized access.
• Operate subscriptions, trials, invoices, cancellations, entitlements, and billing support through payment providers.
• Monitor performance, debug errors, detect abuse, enforce limits, and improve accessibility, reliability, and user experience.
• Send transactional emails, security notices, policy updates, and service communications.

Legal bases for processing

Where privacy laws require a legal basis, SprintDeck processes data to perform contracts, pursue legitimate interests in operating and securing the service, comply with law, and honor consent where consent is required.

Sharing and subprocessors

SprintDeck shares data only with providers needed to operate the service, such as hosting, database, authentication, email delivery, analytics, monitoring, and payment processing providers. Providers must process data under contractual confidentiality and security obligations.

SprintDeck does not sell personal data and does not use private planning poker room content to train third-party advertising models.

Retention and deletion

SprintDeck retains data for as long as needed to provide the service, meet billing and audit obligations, resolve disputes, secure the platform, and comply with law. Users may request deletion of personal data, subject to lawful retention requirements and backup lifecycle constraints.

Your privacy rights

Depending on where you live, you may request access, correction, deletion, portability, restriction, objection, or withdrawal of consent. SprintDeck will verify requests before acting to protect accounts and team data.

Workspace administrators may control certain room, member, billing, and retention settings for organization-managed accounts.

Security measures

SprintDeck uses encrypted transport, managed authentication, access controls, audit-friendly operational patterns, provider-managed payment handling, and monitoring to reduce security risk. No internet service can guarantee perfect security, but SprintDeck treats security issues as operationally urgent.

International data transfers

SprintDeck and its providers may process data in countries different from the user's location. When required, SprintDeck relies on appropriate contractual, technical, and organizational safeguards for cross-border processing.

Children's privacy

SprintDeck is designed for professional teams and is not directed to children. Users must not create accounts or submit personal data if they are not legally allowed to use workplace productivity services in their jurisdiction.

Policy changes

SprintDeck may update this Privacy Policy as the product, providers, or legal requirements change. Material updates will be reflected on this page and, when appropriate, communicated through the service or email.