Privacy policy

Effective date: June 11, 2026. issueboard ("the issueboard service") is operated by Opengittr ("we", "us"). This policy describes how we handle personal data when you use issueboard.dev, app.issueboard.dev, and related services. issueboard is in public beta; this policy will be reviewed by counsel before general availability, and we will announce any material changes (see "Changes to this policy" below).

Data we collect

Account data

You sign in with Google, Microsoft, or GitHub. From your chosen provider we receive your name, email address, and avatar, plus a provider account identifier. We never receive or store a password — issueboard does not have password authentication. Reporters who use magic links provide only an email address.

Content you create

Issues, comments, attachments, project and team names, custom field values, customer references, and anything else you or your teammates put into the service. This content belongs to your organization (see the terms of service) and may contain personal data that your organization chooses to include — your organization is responsible for what it puts into issues.

Usage and technical data

Standard server logs (IP address, browser user agent, timestamps, requested URLs) and product usage events (for example, which features are used and how often) that help us operate, debug, and improve the service. We do not run third-party advertising or cross-site tracking scripts.

What we use data for

• Providing the service: storing and displaying your issues, sending the notifications you and your organization configure.
• Authentication and security: verifying sign-ins, detecting abuse, protecting accounts and data.
• Operating and improving the product: debugging, capacity planning, understanding which features matter.
• Communicating with you: service emails such as magic links, issue notifications, and important account or policy notices. We do not send marketing email without consent.

What we do not do

We do not sell personal data. We do not share your issue content with third parties except the subprocessors below, and we do not use your private issue content to market to anyone.

Subprocessors

issueboard runs on third-party cloud infrastructure (hosting, storage, and email delivery providers) that processes data on our behalf under their own confidentiality and data-processing commitments. Where AI features are used with issueboard's own provider account, Anthropic acts as a subprocessor for the content being summarized (see "Chat integrations and AI processing"). We keep the list of subprocessors current and will publish it as the service matures through beta; you can request the current list at any time via privacy@issueboard.dev.

Chat integrations and AI processing

When your organization connects a chat space (for example Google Chat) to issueboard, thread content is read only when the issueboard app is explicitly @mentioned in a space your team added it to and your organization's admin has connected that space to a project. Day-to-day conversation is not delivered to issueboard, and spaces without the app are never accessible.

To draft an issue from a mentioned thread, the thread's messages are sent to an AI model provider — Anthropic (Claude) — for summarization. If your organization configures its own AI API key in Settings → AI, this processing happens under your organization's own provider account and data-processing terms; otherwise issueboard's provider account is used. Only the resulting issue text is stored in issueboard; raw chat threads are not retained, and AI providers used this way do not train on the content under their API terms. Organization-supplied AI keys are stored encrypted and are never displayed again after entry.

Retention

Content is retained for as long as your organization's account is active. If you delete an issue, project, or organization, it is removed from the live service promptly and from backups on the backup rotation schedule (a bounded number of weeks). Server logs are retained for a short operational window and then deleted. When billing launches, billing records will be retained as required by law.

Your rights

Regardless of where you are, we extend GDPR-style rights to everyone using the service:

• Access — ask what personal data we hold about you.
• Export — receive a copy of your data in a portable format. Organization owners can export their organization's content.
• Correction — fix inaccurate account data (much of it you can edit directly).
• Deletion — delete your account, or have your organization's data deleted entirely.
• Objection — object to a particular use of your data.

To exercise any of these, email privacy@issueboard.dev. We will respond within 30 days. If you are an end user of an organization on issueboard (for example, a reporter), we may direct your request to that organization where it controls the data in question.

Cookies

issueboard uses session cookies only — the minimum needed to keep you signed in and to protect against request forgery. There are no advertising cookies, no third-party trackers, and therefore no cookie banner theater. The marketing site you are reading now sets no cookies at all.

Security

See the security page for how data is protected: per-organization isolation, OAuth-only authentication, encryption in transit, and least-privilege access. If you find a vulnerability, contact security@issueboard.dev.

Children

issueboard is a workplace tool and is not directed at children under 16. We do not knowingly collect data from children.

Changes to this policy

We will update this policy as the service evolves — including the counsel review noted above — and will post changes here with an updated effective date. For material changes we will notify organization owners by email before the changes take effect.

Contact

Privacy questions and requests: privacy@issueboard.dev. Security reports: security@issueboard.dev. issueboard is an Opengittr product.