Privacy Policy

Last updated: April 2026

1. Introduction

ScrumDesk ("we", "us", "our") operates FlowAnalyzer. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our service and the choices you have associated with that data.

2. Data We Collect

Account Information

When you create an account, we collect:

  • Email address
  • First and last name
  • Organization/company name
  • Password (encrypted)

Jira Data

When you connect your Jira instance via OAuth, we read (but never write to):

  • Issue history and changelog
  • Issue metadata (summaries, descriptions, status, assignees)
  • Custom field values
  • Workflow transitions and timing
  • Worklog entries and time tracking

We do not store original issue content permanently. We analyze it in real-time (webhook mode) or cache briefly (24 hours in API mode) with encryption.

Usage Data

We may collect technical information:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Clicks and interactions
  • Error logs and diagnostics

3. How We Use Your Data

  • To provide and improve the FlowAnalyzer service
  • To analyze your Jira data and generate findings
  • To send service updates and support communications
  • To prevent fraud and ensure security
  • To comply with legal obligations

4. Data Retention

  • Account information: Retained while your account is active. Deleted upon request within 30 days.
  • Jira analysis metadata (findings, timestamps): 90 days
  • Usage logs and diagnostics: 30 days
  • Backups: 90 days (encrypted, automatic purge)

5. Third-Party Services

We use:

  • AWS - Cloud infrastructure and data storage
  • Hubspot - CRM for sales inquiries (contact form data only)
  • Calendly - Demo scheduling
  • Google Analytics - Website usage analytics (optional, user can opt-out)

6. Data Residency

By default, data is stored in the US (AWS us-east-1). Enterprise customers can request EU data residency (AWS eu-west-1) at no additional cost.

7. GDPR Rights

If you are in the EU, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Deletion: Request deletion of your data (right to be forgotten)
  • Portability: Export your data in a structured format
  • Object: Opt-out of certain processing

To exercise these rights, contact: privacy@scrumdesk.com

8. Data Processing Agreement (DPA)

Enterprise customers receive a fully executed DPA covering GDPR Article 28 processor obligations. Contact security@scrumdesk.com.

9. Security

Your data is protected by TLS encryption in transit and AES-256 encryption at rest. Passwords are hashed with bcrypt. Jira credentials are never stored on our servers.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any significant changes by email or by posting the new policy on this page.

11. Contact

For privacy questions, contact: privacy@scrumdesk.com