This Privacy Policy explains how we process personal data in ProjPro. For users in Brazil, we follow the LGPD (Law 13.709/2018). For users elsewhere, we aim to provide compatible transparency (including GDPR-style rights where applicable).

When companies use ProjPro for their teams, the customer organization is often the controller of business data entered (for example tickets referencing end customers), while Polara is controller for platform operations data and may act as processor for certain processing on the organization’s instructions. This policy complements any enterprise agreement your company signs.

Platform controller for ProjPro: Polara. For rights requests that relate solely to platform operation (account, billing, security logs), use the contact below.

For data your organization enters in day-to-day work (project content, customer records, documents), your organization is typically the primary controller; Polara processes such data to perform the SaaS contract unless law requires otherwise.

You may contact our privacy/DPO channel using the email in the Contact section, subject line “Privacy / LGPD”.

Identity and contact: full name, email used for login, optional phone, session identifiers, language/UI preferences.

Organization data: legal or trade name, slug, tax identifier, subscribed plan, quotas, subscription state, technical identifiers for organizations and projects.

Usage and security: IP address, user agent, audit logs (including legal acceptances at signup), aggregated reliability metrics, anti-fraud signals.

Work content: backlog/ticket/wiki text and metadata, board configuration, attachments stored in object storage (file bytes and filenames), per-project integration secrets stored encrypted plus configuration metadata, invitations and membership links.

Billing: customer and subscription identifiers at the payment provider, invoice-related events, webhooks needed to keep subscriptions active.

We do not sell personal data. We do not use workspace content to train general-purpose AI models unless a future feature provides explicit, separate consent.

Contract performance / pre-contract steps: provide authentication, store and display organization data, enforce permissions, deliver paid features.

Legal obligation: retain fiscal and compliance records, respond to lawful requests.

Legitimate interests (balanced against your rights): security, abuse prevention, service diagnostics, aggregated product analytics, customer support.

Consent: optional marketing or non-essential cookies where we request it explicitly.

Vital interests: urgent communications about serious security incidents affecting safety, where applicable.

We use HTTP-only cookies and local storage to keep you signed in, remember language preferences, handle refresh tokens when enabled, and support fraud prevention. Strictly necessary cookies cannot be disabled without losing login.

Clearing browser cookies ends your session. Embedded third-party widgets (such as payment flows) may set their own cookies governed by their policies.

We keep data for the life of the customer relationship and for a limited period afterward to meet legal, tax, dispute, and fraud-prevention obligations and to rotate backups.

Legal acceptance and certain security logs may be kept longer where required. Logical deletion in the application database may precede physical deletion from rolling backups.

We share personal data with vendors that help us run the service under confidentiality and security commitments, including application hosting, databases, transactional email, file/object storage, payment processing (Stripe), and error monitoring.

We may disclose information if required by competent authorities, court order, or to protect rights, safety, and the integrity of the platform.

International transfers, if any, will follow appropriate safeguards under applicable law (for example standard contractual clauses or adequacy decisions).

Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict processing, data portability, information about sharing, and to object to certain processing based on legitimate interests, subject to legal exceptions.

Requests about operational data inside your organization may need coordination with your administrator. You may lodge a complaint with your local supervisory authority (in Brazil, ANPD at www.gov.br/anpd).

We apply measures such as encryption in transit (HTTPS), logical segregation by organization, role-based access control, security logging, and secret management for integrations. Integration credentials for third parties are stored encrypted.

No method is perfectly secure; if we become aware of a breach likely to create relevant risk to data subjects, we will follow our incident response plan and notify affected parties and authorities as required by law.

ProjPro is intended for professional and business use. We do not knowingly collect data from children below the age where parental consent is required. If you become aware of an improper registration, contact us for removal.

We may update this policy for new features (such as additional integrations), regulator guidance, or case law. We will change the “Last updated” date at the top. Material changes will be communicated in-product or by email to administrators.

For data-subject requests or privacy questions: suporte@projpro.com with subject “Privacy / LGPD”. We typically respond within 15 business days, extendable where permitted by law with justification.