Privacy Policy
Last updated: January 19, 2026
Summary: Steadyboard reads and, when you direct it to, modifies your Jira data to provide its features. We don't sell your data, don't track you across the web, and don't store your Jira content on our servers.
1. Information We Collect
1.1 Jira Data (via OAuth)
When you connect Steadyboard to your Atlassian account, we access:
- Issue details (title, description, status, comments, changelog)
- Sprint and board information
- Project metadata
- User display names, avatars, and email address (for account identification and support)
Steadyboard may also modify your Jira data when you use certain features:
- Create new issues and epics (Quick Create feature)
- Update issue titles and descriptions
- Change issue parent/epic assignments
- Move issues between sprints or to backlog
All modifications require explicit user action and are performed directly in your Jira instance. We do not modify data without your direct instruction.
Issue and project data is processed in your browser and is not stored on our servers. Your email address is stored server-side to enable customer support. OAuth tokens are stored securely in Chrome's encrypted storage.
1.2 AI Processing
When you use AI features (summaries, Q&A, duplicate detection), your issue content is sent to Google's Gemini API for processing. Google processes this data according to their privacy policy. We use Gemini's API with no data retention enabled.
Your data is not used to train shared, generalized, or public AI models. AI processing is performed on a per-request basis and content is not retained beyond what is necessary to provide the Service.
1.3 Payment Information
If you upgrade to Pro, payment processing is handled entirely by Stripe. We never see or store your credit card details. We receive only:
- Your email address (for account identification)
- Subscription status (active/cancelled)
- Stripe customer ID (for billing management)
1.4 Analytics
We collect anonymous usage analytics to improve the product:
- Feature usage counts (which features are used, not the content)
- Error rates and types
- Extension version and browser type
We use Google Analytics with IP anonymization enabled. We do not track individual user behavior or create advertising profiles.
2. How We Use Your Information
We use collected information solely to:
- Provide Steadyboard's features (timeline, summaries, predictions, etc.)
- Process your subscription payments
- Improve the product based on aggregate usage patterns
- Send critical service notifications (e.g., subscription status changes)
3. Data Storage
3.1 Local Storage
Most data is stored locally in your browser using Chrome's storage APIs:
- Your settings and preferences
- Cached AI summaries (to reduce API calls)
- License and subscription status
- OAuth tokens (encrypted)
3.2 Server Storage
Our servers (hosted on Vercel) store:
- Your email address (from Jira or Stripe) for account identification and customer support
- Subscription status and Stripe customer ID
- Aggregate AI usage counts for rate limiting
- Anonymous install ID (UUID) to track usage quotas
We do not store your Jira issues, comments, or any project content on our servers.
4. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:
- Atlassian - For OAuth authentication (you authorize this directly)
- Google (Gemini API) - For AI processing (content only, not stored)
- Stripe - For payment processing
- Vercel - For hosting our backend services
5. Data Security
We implement security measures including:
- OAuth 2.0 with PKCE for Atlassian authentication
- HTTPS encryption for all API communications
- Secure token storage using Chrome's encrypted storage
- No server-side storage of sensitive Jira content
6. Data Retention
6.1 Server-Side Data
- Email and Stripe customer ID: Retained while your subscription is active, plus 30 days after cancellation to handle any refunds or disputes.
- AI usage counts: Retained for 12 months for rate limiting and abuse prevention.
- Install UUID: Deleted when you request account deletion.
6.2 Local Data
- Cached data: Automatically expires (24 hours for most data, 30 days for AI summaries).
- Settings: Stored locally until you uninstall the extension or clear extension data.
6.3 Deletion Requests
We process data deletion requests within 30 days. To request deletion, email support@steadyboard.com.
7. Your Rights
You can:
- Access your data - View all locally stored data in Chrome's developer tools
- Delete your data - Uninstalling the extension removes all local data; email us to delete server-side data
- Revoke access - Disconnect from Jira in the extension settings or revoke access in your Atlassian account settings
- Export your data - Contact us for a copy of any data we store about you
8. Children's Privacy
Steadyboard is not intended for children under 13. We do not knowingly collect information from children.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via the extension or email (if you're a subscriber).
10. Contact Us
For privacy questions or data requests, contact us at:
11. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information we collect
- Right to request deletion of personal information
- Right to opt-out of the sale of personal information (we don't sell data)
- Right to non-discrimination for exercising privacy rights
12. European Privacy Rights (GDPR)
If you're in the EU/EEA, you have rights under GDPR including:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
Our legal basis for processing is:
- Contract - To provide the service you signed up for
- Legitimate interest - For analytics and service improvement
- Consent - For optional features you enable
12.1 International Data Transfers
Our servers are hosted in the United States via Vercel. If you are located outside the United States, your data will be transferred to and processed in the United States. By using Steadyboard, you consent to this transfer. For EU/EEA users, we rely on Standard Contractual Clauses and other appropriate safeguards for international data transfers.