Privacy Policy

Last updated: February 24, 2026

1. Introduction

BacklogHygiene ("we", "us", or "our") operates the website backlog-hygiene.com and the BacklogHygiene platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing the Service you agree to this policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile picture. We do not receive or store your Google password.

2.2 Project-Tracker Data (Linear & Jira)

You connect your Linear or Jira workspace through OAuth 2.0. We request only the scopes necessary to read and update issues, labels, and project metadata. Specifically:

  • Linear: read and write access to issues, projects, and labels within your authorized workspace.
  • Jira: read and write access to issues, projects, boards, and labels via Atlassian Connect scopes.

We fetch issue titles, descriptions, statuses, assignees, dates, labels, and comments. We do not access your email, calendar, files, or any data outside the authorized workspace.

2.3 Usage & Analytics Data

We collect anonymized usage data via Vercel Analytics, including page views, referral sources, browser type, and device type. We do not use third-party ad trackers.

2.4 Billing Information

Payments are processed by Paddle. We do not store credit card numbers. Paddle may collect your payment card details, billing address, and transaction history in accordance with their own privacy policy.

3. How We Use Your Information

  • Provide the Service: analyze backlog issues, detect duplicates, generate hygiene reports, and deliver AI-powered recommendations.
  • AI Processing: we send issue metadata (titles, descriptions, labels) to Google Gemini API for analysis. Data is processed in transit and is not used by Google to train foundation models per our API agreement.
  • Improve the Service: understand usage patterns and fix bugs.
  • Billing: process subscriptions and invoices through Paddle.
  • Communications: send transactional emails (account, billing, security alerts). We do not send marketing emails without explicit opt-in.

4. AI Data Processing

BacklogHygiene uses Google's Gemini AI models to analyze your backlog data. When processing occurs:

  • Issue titles, descriptions, and metadata are sent to Google Gemini API over encrypted connections (TLS 1.2+).
  • Data is processed in real-time and is not persisted by Google beyond the API request lifecycle.
  • Your data is not used by Google to improve or train their general AI models under our API Terms of Service.
  • AI-generated outputs (recommendations, duplicate detection, reports) are stored in our database (Supabase) and associated with your account.

5. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) hosted in the EU (Frankfurt, eu-central-1). We implement the following security measures:

  • All data in transit is encrypted with TLS 1.2+.
  • Database encryption at rest (AES-256).
  • OAuth tokens are encrypted before storage and rotated periodically.
  • Row-Level Security (RLS) policies ensure users can only access their own data.
  • Regular security audits and dependency vulnerability scanning.

6. Data Sharing & Third Parties

We do not sell, trade, or rent your personal data. We share data only with the following service providers who are necessary to operate the Service:

  • Google (Gemini API) — AI analysis of backlog data.
  • Supabase — database hosting and authentication.
  • Paddle — payment processing.
  • Vercel — application hosting and analytics.
  • Linear / Atlassian (Jira) — project tracker integrations.

We may disclose your information if required to do so by law or in response to valid legal process (e.g., a subpoena or court order).

7. Cookies

We use the following types of cookies:

  • Essential cookies: session tokens and authentication state. These are required for the Service to function and cannot be disabled.
  • Analytics cookies: Vercel Analytics collects anonymized page-view data. No personally identifiable information is tracked.

We do not use advertising cookies or any third-party tracking pixels.

8. Your Rights (GDPR & Global)

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to data processing based on legitimate interest.
  • Withdraw consent: revoke OAuth permissions at any time via your Linear, Jira, or Google account settings.

To exercise any of these rights, email us at support@backlog-hygiene.com. We will respond within 30 days.

9. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove all personal data and backlog data within 30 days, except where retention is required by law (e.g., billing records may be retained for up to 7 years for tax compliance).

Cached AI analysis results are automatically purged 90 days after generation.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@backlog-hygiene.com.