AKRetro

Privacy Policy

Last updated: May 2025

1. Who we are

AKRetro is a collaborative sprint retrospective tool. When we say "we", "our", or "AKRetro" we mean the service at this domain. If you have questions, email us at hello@akretro.app.

2. What data we collect

  • Account data — email address and optional display name when you sign up.
  • Board content — retrospective cards, comments, votes, and action items you create or are assigned to.
  • Usage data — board access timestamps stored automatically by the database.
  • Authentication data — an encrypted session token stored in a browser cookie to keep you signed in. No tracking cookies are used.

3. How we use your data

  • To operate the retrospective boards and action item features.
  • To send you email notifications when you are assigned an action item.
  • To authenticate your account and keep your session secure.

We do not sell your data. We do not use your data for advertising.

4. Cookies and local storage

We use one session cookie set by Supabase to keep you authenticated. This is strictly necessary and does not require consent under GDPR. We also use browser localStorage to store:

  • An anonymous voter ID (so your votes persist without an account).
  • A list of recently visited boards for quick access on the dashboard.
  • Your cookie-notice dismissal preference.

No third-party analytics, advertising, or tracking scripts are loaded.

5. Data storage and security

Your data is stored in a Supabase-managed PostgreSQL database. All data is encrypted in transit (TLS) and at rest. Row-level security policies ensure users can only access boards they are authorised to view.

6. Data retention

Your account data is retained until you delete your account. Board content is retained as long as the board exists. If you delete a board, all cards, comments, votes, and action items associated with it are permanently deleted.

7. Your rights (GDPR)

If you are in the European Economic Area you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict processing.
  • Data portability.

To exercise any of these rights, email hello@akretro.app.

8. Third-party services

  • Supabase — database, authentication, and real-time infrastructure. See Supabase Privacy Policy.
  • Resend (optional) — transactional email for action-item notifications. Only your email address and notification content are shared. See Resend Privacy Policy.

9. Changes to this policy

We may update this policy. Material changes will be notified by updating the date at the top of this page. Continued use after changes constitutes acceptance.

← Back to AKRetro