Privacy Policy

Effective date: 18 May 2025

1. Who We Are

Reportedly, Oslo, Norway. Contact: info@reportedly.ai

2. Data We Collect

• Account Data – name, email, organization name
• Integration Data – Azure DevOps PAT ID (stored encrypted), work-item metadata.
• Usage Data – log files, PostHog analytics, IP address, cookies.
• Payment Data – handled by Paddle.com; we never see full card details.

3. Legal Bases

• Contractual necessity – to deliver the Service.
• Legitimate interest – to improve the product and prevent fraud.

4. How We Use Information

Operate, maintain, and improve the Service; communicate with you; provide customer support; comply with legal obligations.

5. Sharing & International Transfers

Data is hosted on AWS EU-West (Ireland). We share data only with:

• Paddle.com Market Ltd – payment processing (UK).
• PostHog Inc – product analytics (USA, EU SCCs in place).

6. Data Retention

We keep account data for as long as your account is active and 90 days after cancellation, unless legal obligations require longer retention.

7. Your Rights (GDPR)

• Access, rectification, or deletion of personal data.
• Data portability.
• Object to processing or withdraw consent.
• Lodge a complaint with Datatilsynet (Norwegian DPA).

8. Security Measures

TLS 1.2+, encryption-at-rest, least-privilege PAT storage, routine penetration testing.

9. Children

The Service is not directed to children under 16. We do not knowingly collect their data.

10. Changes

We will notify you by email or in-app banner 14 days before material changes take effect.

11. Contact

Email: info@reportedly.ai