Planbridge HQSign in

Legal

Privacy Policy

Effective April 18, 2026

This Privacy Policy explains how Planbridge HQ (“Planbridge,” “we,” “us,” or “our”) collects, uses, and shares information when you use our project delivery and status reporting platform (the “Service”). We act as a data processor for the information your organization puts into the Service, and as a data controller for the account and usage information we collect directly from you.

1. Information We Collect

Information you provide

  • Account data. Your name, email address, and authentication identifiers from Google single sign-on or one-time email codes.
  • Organization data. Organization name, members, roles, teams, invites, and membership requests.
  • Workspace content. Projects, goals, work items, assignments, status reports, goal updates, reporting requests, cadences, and any notes or attachments your team submits.
  • Communications. Messages you send to our support team and survey responses.

Information collected automatically

  • Usage data. Pages visited, features used, actions taken, approximate timing of events, and error information.
  • Device and log data. IP address, browser type and version, operating system, referring URLs, and session identifiers.
  • Cookies and similar technologies. Used for authentication, session persistence, and basic product analytics.

Information from third parties

  • Google. If you sign in with Google, we receive your email address, basic profile details, and a unique identifier.
  • Slack. If your organization connects Slack for status reminders or reports, we receive workspace and channel identifiers and the user identifiers needed to deliver messages.

2. How We Use Information

  • Provide, maintain, and improve the Service.
  • Create and authenticate your account, manage organizations, and enforce access controls.
  • Generate timelines, rollups, workload views, and status summaries for your organization.
  • Send transactional emails (sign-in codes, reminders, notifications) and, with your consent where required, product updates.
  • Detect, investigate, and prevent abuse, fraud, or security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing

Where the GDPR or similar laws apply, we rely on the following legal bases: performance of a contract with you or your organization, compliance with a legal obligation, our legitimate interests in operating and securing the Service, and your consent where required (for example, for non-essential cookies or marketing communications).

4. How We Share Information

  • Within your organization. Workspace content is visible to other members of the same organization according to the roles and permissions configured by your administrators.
  • Service providers. We share information with vendors that help us operate the Service, including Convex for managed backend infrastructure and real-time data, Google for authentication, Resend for transactional email, and Slack for message delivery. These providers are bound by contractual commitments to protect your information.
  • Legal and safety. We may disclose information to comply with law, respond to valid legal process, enforce our agreements, or protect the rights, property, or safety of Planbridge, our users, or the public.
  • Business transfers. If Planbridge is involved in a merger, acquisition, or asset sale, your information may be transferred subject to standard confidentiality protections.

We do not sell your personal information or workspace content.

5. International Transfers

Planbridge and its service providers may process your information in countries other than your own. Where required, we rely on transfer mechanisms such as the Standard Contractual Clauses to protect your information when it moves across borders.

6. Data Retention

We retain workspace content for as long as your organization's account is active and for a reasonable wind-down period after termination, after which it is deleted or anonymized. Account and usage data may be retained longer where required for legal, accounting, or legitimate-business reasons. You can request earlier deletion of specific content from within the Service or by contacting us.

7. Security

We implement technical and organizational measures designed to protect your information, including encryption in transit, scoped access controls, multi-tenant data isolation, and continuous monitoring. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. Many of these rights can be exercised directly in the Service; otherwise, contact us using the details below. If Planbridge processes your information on behalf of your organization, we will direct your request to the organization's administrator.

9. Cookies

We use a small number of strictly necessary cookies for authentication and session persistence, and limited analytics cookies to understand how the Service is used. You can control cookies through your browser settings; disabling essential cookies will prevent sign-in.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective” date at the top of this page indicates when the current version was published. You are responsible for reviewing this page periodically for changes; continued use of the Service after the effective date of an updated policy constitutes acceptance.

11. Contact

Questions, requests, or complaints about this Privacy Policy can be sent to privacy@planbridgehq.com. If you are located in the EEA or UK and have unresolved concerns, you have the right to lodge a complaint with your local data protection authority.