Legal

Your privacy, explained

What we collect, why we collect it, and how you stay in control of your data.

Who we are

KanbanGPT ("we", "us") provides an AI-powered Kanban board to help you organise and manage work. This Privacy Policy applies to our website and services (the "Service").

Data we collect

We may collect the following categories of personal data:

  • Account data: name, email, password (stored securely as a hash), account preferences.
  • Usage data: pages viewed, feature usage, approximate device/browser details.
  • Content you submit: boards, cards, notes, attachments, comments, and messages you add.
  • Payment data: handled by our payment processor (e.g., Stripe). We do not store full card details.
  • Support data: messages you send us via the contact form, and any attachments you provide.

How we use your data

  • Provide and operate the Service (create accounts, manage boards, deliver features).
  • Process payments and manage subscriptions.
  • Improve performance, reliability, and user experience.
  • Communicate with you about service updates, security, and support requests.
  • Prevent fraud, abuse, or misuse of the Service.

Legal basis (UK/EU)

If you are in the UK/EU, we process personal data under one or more of these legal bases:

  • Contract: to provide the Service you signed up for.
  • Legitimate interests: to improve and secure the Service and prevent abuse.
  • Consent: where required (e.g., certain cookies or marketing communications).
  • Legal obligation: where we must comply with laws (e.g., accounting/tax).

Sharing your data

We do not sell your personal data. We may share data with trusted service providers to run the Service, such as:

  • Payment processing: e.g., Stripe (for subscriptions and billing).
  • Hosting and infrastructure: servers, storage, and delivery networks.
  • Analytics: to understand product usage (optional).
  • Customer support tooling: email/helpdesk services (if used).

We may also disclose information if required by law or to protect the rights, safety, and security of users and the Service.

AI processing

When you use AI features in KanbanGPT, your queries — which may include content from your boards and cards — are sent to AI model providers for processing. These requests are routed via OpenRouter, a third-party AI gateway service.

  • OpenRouter: By default, OpenRouter operates a Zero Data Retention (ZDR) policy, meaning your prompt content is not stored or logged by OpenRouter. Only basic request metadata (timestamp, model used, token counts) is retained for billing and operational purposes. You can review OpenRouter's privacy practices at openrouter.ai/privacy.
  • Upstream AI model providers: OpenRouter proxies requests to the underlying AI model provider you have selected (e.g. OpenAI, Anthropic, Google, Mistral). Each provider has its own data retention and usage policies. We recommend reviewing the privacy policy of the specific provider associated with the model you use.
  • What this means for your data: Card content sent as part of an AI query is processed solely to generate a response and is not used by KanbanGPT for training or analytics. However, upstream providers may have their own policies regarding data use.

If you have questions about which model provider your account uses, or would like to opt out of AI features, please contact us at support@kanbangpt.ai.

Retention

We keep personal data only as long as necessary for the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

You may request deletion of your account and associated data (see "Your rights" below).

Security

We use reasonable technical and organisational measures to protect your data, including access controls and encryption where appropriate. No method of transmission or storage is 100% secure, but we work hard to protect your information.

Your rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Request portability of your data
  • Withdraw consent (where processing is based on consent)

To exercise these rights, contact us using the details below.

Cookies

We may use cookies or similar technologies to keep you signed in, remember preferences, and improve the Service. You can control cookies through your browser settings. Where required, we'll request consent for non-essential cookies.

Contact

If you have questions about this policy or your data, contact us: