Privacy Policy

We respect your privacy and are committed to protecting your personal data.

Terms Imprint Contact

Overview

This Privacy Policy explains how Ouraboard collects, uses, and protects personal data when you visit or use our website or services.

Data controller

The data controller responsible for processing your personal data is:

Ouraboard
Germany

This Privacy Policy applies to both our marketing website (ouraboard.app) and the Ouraboard web application. For privacy-related requests, please contact us at contact@ouraboard.app.

Data we collect

The exact data we process depends on whether you are browsing the marketing site or using the Ouraboard app.

Marketing site

  • • Basic usage data (pages viewed, referrer, and coarse device/browser information)
  • • Technical data (IP address and timestamps in server/security logs)

Ouraboard app

  • • Account data (email address, display name, password hash)
  • • Workspace and collaboration data you create (workspaces, boards, issues, comments, labels, attachments)
  • • Authentication/session data (refresh tokens, session identifiers, security events)
  • • Support communications (messages you send us, and our replies)
  • • Technical data (IP address, browser/device info, and timestamps in server/security logs)

We do not intentionally collect special categories of personal data (Art. 9 GDPR). Please avoid posting sensitive personal information in free-text fields.

Purpose of processing

  • • To provide and operate the Ouraboard service (accounts, workspaces, collaboration features)
  • • To authenticate users and maintain sessions
  • • To ensure security, prevent abuse, and troubleshoot incidents
  • • To communicate with you (support requests, service messages, verification emails)
  • • To process payments and manage subscriptions (if you purchase a paid plan)
  • • To improve the website and product based on aggregated usage patterns

Legal basis

  • • Contract (Art. 6(1)(b) GDPR) – to provide the service you sign up for and to manage your account
  • • Legitimate interests (Art. 6(1)(f) GDPR) – to secure the service, prevent abuse, and improve reliability
  • • Legal obligations (Art. 6(1)(c) GDPR) – where we must comply with applicable laws (e.g., accounting)
  • • Consent (Art. 6(1)(a) GDPR) – only where we explicitly ask for it (e.g., optional analytics/marketing tools)

Cookies

Ouraboard uses essential cookies and similar storage strictly required for security and basic operation (for example, to keep you signed in to the app and to protect requests with anti-CSRF mechanisms).

We do not use advertising cookies. If we introduce non-essential cookies (for example, marketing trackers) in the future, we will request your consent where required.

Analytics on the marketing site

We use Cloudflare Web Analytics to understand basic usage of our marketing website (for example, which pages are visited and which referrers bring visitors). This helps us improve our website.

Cloudflare Web Analytics is designed to work without setting cookies. We use it in a privacy-first way and do not send personal identifiers (such as your name, email address, or user ID).

Legal basis: legitimate interests (Art. 6(1)(f) GDPR). You can object to this processing by contacting us.

You can also limit analytics by using browser settings or content blockers. Cloudflare Web Analytics is designed to work without cookies.

Service providers (processors)

We use trusted service providers to operate the website and the Ouraboard application. Depending on the environment (staging/production), this may include:

  • • Hosting and content delivery for the marketing site
  • • Application hosting and logs/monitoring for the API
  • • Database and cache providers (to store app data and sessions)
  • • Payment processing (for paid plans)
  • • Email delivery (verification, invitations, and service messages)

We only share data with providers to the extent necessary to deliver the service. Where required, we enter into data processing agreements.

Data retention

We keep personal data only as long as necessary for the purposes described in this policy. For example, account and workspace data is kept while your account is active; security logs may be retained for a limited period to detect and investigate abuse. If you request deletion, we will delete or anonymize data unless we must keep certain records for legal reasons.

International transfers

Some service providers may process data outside the European Economic Area (EEA). When that happens, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

Security

We use reasonable technical and organizational measures to protect personal data (for example, TLS encryption in transit, access controls, and secure storage of credentials). No method of transmission or storage is 100% secure, but we work to minimize risk.

Your rights

Under applicable data protection laws (including GDPR), you have the right to access, rectify, or delete your personal data, as well as the right to restrict or object to its processing. Where applicable, you also have the right to data portability and the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). You also have the right to lodge a complaint with a supervisory authority in your place of residence, work, or where an alleged infringement occurred.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page.

Contact

If you have questions about this Privacy Policy or your personal data, you can contact us at contact@ouraboard.app .