Leanmote PTY LTD (“Leanmote”, “we”, “us” or “our”) knows that you care how information about you is used and shared and we are careful to ensure that any such information that comes into our possession is properly looked after. This Privacy Policy sets out the basis on which any personal data we collect from or about you on our website, www.leanmote.com, our platform, or any of the integrations/apps connected to it will be processed by us. It also sets out the steps that we take to ensure that any information provided to us is kept secure and is used only for the purposes for which it is provided.
We will be the data controller of your data which you provide to us or which is collected by us via our website and platform. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Privacy Policy. It is important that you read this Privacy Policy so that you are aware of how and why we use your personal information and how we will treat it.
Leanmote has appointed a Data Protection Team, who can be contacted using the details at the end of this Notice should you have any questions, complaints, or feedback about your privacy.
You can also contact us using the details provided at the end of this Privacy Policy in the “Contact Us” section.
Personal Information
When you communicate with us via our website, for example, by submitting a query, requesting a demo, subscribing to our blog, commenting on a blog post or using the chat function, we will collect the personal information that you provide to us for that purpose. You don’t have to give us any of this personal information but, if you don’t provide us with certain information, we may not be able to provide you with the information or service you have requested from us. The forms you fill in on our website will make it clear what information we need in order to provide the information or service you are requesting and what information you can choose to provide if you wish.
We will also collect technical information about your equipment, browsing actions and patterns to serve more relevant content to you on the site. We collect this personal data by using cookies, server logs and other technologies and full details as to how we use cookies can be found in our Cookie Policy.
We will only use your personal data to send you our newsletter and blog updates where you have consented to us doing so. Otherwise, we will collect and process the information set out above about you on the basis that it is in our legitimate interests to use your data for the purposes set out below, and those interests are not overridden by your interests and fundamental rights.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as a Sales representative, or in some cases, external sources, such as marketing or event management agencies. We will combine information we receive from other sources (as set out in this Notice) with information you give to us. We will only use this information and the combined information for the purposes set out in this Notice.
Purposes for which Personal Information may be used
The personal information that you provide to us or that we collect about you via our website will be used only for the following purposes:
- To provide information or services to you as requested by you.
- To the extent permitted by law, to let you know about information and services from Leanmote in which you may be interested including via our newsletter.
- To review and understand the content on our website which users are most interested in.
- To improve the content of our website.
- To customize the content and /or layout of the website for each user.
- To notify you about updates to the website.
Automated Decision Making
We do not carry out any solely automated decision-making using your personal information.
Change of Purpose
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and permitted under data protection laws. If we need to use your personal information for an unrelated purpose, in most cases we will notify you and we will explain the legal basis which allows us to do so.
Disclosure
At the date of this Privacy Policy, we share your data with the following trusted third parties for the purposes of managing our business and providing the information and services you request from us:
- Google Analytics, our web analytics provider;
- Sentry.io, our issue-tracking provider;
- Our service “Partners“
When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected. We will also disclose your personal information to third parties:
- if we sell or buy any business or assets, in which case we will disclose your data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and/or
- if we are under a duty to disclose or share your data to comply with any legal obligation, or to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of us, our users, customers, and providers. This will include sharing your information as part of a legal or official investigation if legally required.
Data privacy guidelines for our integrations
We store the data from our integrations complying with the General Data Protection Regulation (GDPR), below you’ll find the specific treatment for each of them:
Atlassian (Jira, Slack, Trello)
We assure you of the following rights complying with the GDPR:
- Right to erasure (also known as Right to be Forgotten): If Leanmote stores the personal data of a user and the user requests for their data to be erased, we will erase the data.
- Right to rectify: If Leanmote stores the personal data for a user and the user changes their data, we erase or update the data.
- Right to be informed: We inform users if we collect and use their data.
We periodically report the personal data we are storing back to Jira using the personal data reporting API and based on the response back from Atlassian we update or erase the personal data for users accordingly. We repeat this process each cycle period (7 days).
We store the data following Atlassian guidelines:
- We track and report the age of personal data so Atlassian can determine if the personal data is stale.
- We store a single copy of personal data to ensure that all personal data is erased when necessary.
- When Leanmote is uninstalled we erase personal data that is no longer needed.
Slack
Use of channels:history
Our application utilizes the “channels:history
” scope to enhance our service capabilities. We prioritize user privacy and security and adhere to the following principles to ensure compliance with Slack’s standards:
- Purpose of the Scope: We require access to the channel history to collect metadata about team interactions. This data helps us analyze communication patterns and improve team dynamics and performance metrics.
- Use of the Data:
- Metadata Only: Our application only extracts metadata, such as message timestamps, user IDs, and interaction frequencies. We do not read, or store the actual content of any messages.
- Data Processing: The collected metadata is used exclusively to generate insights about team interactions and to enhance our service offerings. We do not use this data for any other purpose.
- Privacy and Security:
- Strict Data Minimization: We strictly limit our data collection to essential metadata and avoid any unnecessary data access.
- No Content Storage: We do not store or process any message content. Our focus is solely on metadata to ensure user privacy.
- Robust Security Measures: We implement industry-standard security practices to protect the metadata we collect. This includes encryption, access controls, and regular security audits to safeguard data.
- Transparency and User Control: We maintain transparency about our data practices and provide users with clear information on how their data is used. Users have control over their data and can request more information or raise concerns at any time.
- Compliance and Best Practices:
- Adherence to Slack Policies: Our data handling practices are fully compliant with Slack’s API Terms of Service and Privacy Policy.
- Continuous Improvement: We regularly review and update our privacy practices to align with the latest security standards and regulatory requirements.
By using our application, users consent to the collection and use of metadata as described in this policy. We are committed to maintaining the highest standards of privacy and security to ensure user trust and confidence.
Leanmote use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Retention of Information
Unless we need to keep your data for legal purposes (such as to defend against a legal claim), we will only retain your personal information for 24 months from your last interaction with us, for example, when you opted in or when you submitted a query on our website.
Protection of Information
We have implemented appropriate technology safeguards, security policies, and other measures to protect data under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction, or accidental loss. These include implementing suitable access controls, and ensuring that encryption and hashing are used and robust physical security controls are in place. We also protect your information by requiring that all our employees and others who have access to or are associated with the processing of your data respect your confidentiality.
Your Rights
Data protection laws provide you with the following rights:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Request the restriction of processing of your personal information, for example, if you want to establish its accuracy or the reason for processing it.
- Obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
- You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where we rely on your consent to process your personal data, for example in relation to any direct marketing we provide to you, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent in relation to direct marketing, please contact us using any of the details set out below in the “Contacting Us” section.
To request the deletion of your personal data, please follow these steps:
Send an email to [email protected] with the subject line “Data Deletion Request”.
Include your full name and any relevant account information to help us locate your data.
Specify clearly in the body of the email that you are requesting the deletion of your personal information.
We will process your request in accordance with applicable data protection laws and regulations.
Changes to our Privacy Policy
If we decide to change our Privacy Policy we will post the changes here and, where appropriate, notify you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
Contacting Us
If you have any queries, comments, or requests regarding this Privacy Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:
- by email at [email protected]