Privacy Policy

Effective Date: March 12, 2026 · Last Updated: March 12, 2026

1. Introduction

ProjectPath.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our project management platform ("Service").

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, username, and password when you register.
• Profile Information: Job title, department, skills, location, timezone, and avatar/profile photo.
• Organization Information: Organization name, billing details, and team member information.
• Project Data: Project names, descriptions, tasks, epics, budgets, documents, notes, and meeting transcripts you create within the Service.
• Psychometric Data: Working style assessment responses, including MBTI and Big Five Inventory (BFI) scores, collected voluntarily through in-app assessments.
• Communication Data: Messages sent through the AI Project Pathfinder chat, stakeholder profiles, and team collaboration notes.
• Support Data: Information you provide when contacting support or submitting integration requests.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
• Device Information: Browser type, operating system, screen resolution, and device identifiers.
• Analytics Data: We use Google Analytics to collect anonymized usage statistics to improve the Service.

2.3 Information from Third-Party Integrations

When you connect third-party services, we may receive:

• Jira (Atlassian): Project data, issue details, team member information, and workflow statuses.
• Google Calendar: Calendar events, availability, and scheduling data.
• Google Drive: File names, metadata, and file content when you choose to import documents.
• Microsoft OneDrive: File names, metadata, and file content when you choose to import documents.

We only access third-party data within the scope of permissions you grant via OAuth authorization. We do not access data beyond the authorized scopes.

3. How We Use Your Information

We use your information to:

• Provide the Service: Create and manage your account, projects, tasks, and documents.
• AI-Powered Features: Generate project plans, task suggestions, team pairing recommendations, risk assessments, and budget insights using your project data as context.
• Psychometric Analysis: Provide team collaboration recommendations based on voluntarily provided working style data.
• Team Collaboration: Calculate collaboration scores and provide pairing recommendations based on task assignments, department alignment, and working styles.
• Integrations: Sync data between ProjectPath.ai and connected third-party services.
• Communication: Send you service-related notifications, updates, and support responses.
• Improvement: Analyze usage patterns to improve the Service, fix bugs, and develop new features.
• Security: Detect and prevent fraud, abuse, and unauthorized access.

4. AI Data Processing

Our AI features (powered by OpenAI) process your data as follows:

• Project plans and task suggestions use your project descriptions, team information, and timeline data.
• Team pairing recommendations use psychometric scores, skills, workload, and task assignment data.
• Risk assessments use project timelines, task statuses, and team workload data.
• Budget insights use your budget allocations, spending data, and transaction history.
• Chat conversations with the AI Project Pathfinder use your project context to provide relevant responses.

AI-processed data is sent to OpenAI's API for inference. We do not use your data to train AI models. OpenAI's data processing is governed by their API data usage policy, which does not use API inputs for model training.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Within Your Organization: Team members in your organization can see project data, task assignments, collaboration scores, and team analytics based on their role and permissions.
• Third-Party Service Providers: We use trusted service providers for hosting (AWS), database management (PostgreSQL), file storage (Amazon S3), email delivery, and AI processing (OpenAI).
• Third-Party Integrations: When you connect services like Jira, Google Calendar, or cloud storage, data flows between ProjectPath.ai and these services as authorized by you.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with notice provided to you.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (TLS/HTTPS) and sensitive data (OAuth tokens, credentials) is encrypted at rest.
• Access Control: Role-based access control ensures users only access data they are authorized to view.
• Infrastructure: The Service is hosted on secure cloud infrastructure with regular security updates.
• Authentication: We use JWT-based authentication with secure token handling.
• Content Security Policy: We enforce strict CSP headers to prevent cross-site scripting and injection attacks.

While we strive to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

7. Data Retention

• Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Deleted Data: When you delete projects, tasks, or documents, they are soft-deleted and may be retained for a limited period for recovery purposes before permanent deletion.
• Account Deletion: Upon account deletion request, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes.
• Integration Data: Disconnecting a third-party integration removes stored access tokens. Previously synced data may remain in your project records.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a portable, machine-readable format.
• Objection: Object to certain processing of your data, including AI-based profiling.
• Withdraw Consent: Withdraw consent for optional data processing (e.g., psychometric assessments) at any time.
• Integration Control: Connect or disconnect third-party integrations at any time through your account settings.

To exercise these rights, contact us at info@projectpath.ai.

9. Cookies and Tracking

• Essential Cookies: Required for authentication, session management, and security.
• Analytics Cookies: Google Analytics cookies to understand usage patterns. You may opt out using browser settings or Google's opt-out tools.
• Local Storage: We store authentication tokens and user preferences in browser local storage for session management.

We do not use advertising cookies or sell data to advertisers.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete that information.

11. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place for international data transfers.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, and shared.
• Right to delete personal information.
• Right to opt out of the sale of personal information (we do not sell personal information).
• Right to non-discrimination for exercising your privacy rights.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data includes:

• Contract Performance: Processing necessary to provide the Service.
• Legitimate Interest: Analytics, security, and service improvement.
• Consent: Psychometric assessments and optional integrations.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: info@projectpath.ai