Planyway and GDPR
Last Updated: January 27, 2025
The General Data Protection Regulation (GDPR) regulates the collection and processing of personal information belonging to citizens of the European economic area. It is intended to improve data privacy and require transparency for all steps involved in collecting, storing, and processing information on the internet. The legislation is effective as of May 25, 2018.
Planyway is committed to complying with the GDPR and enabling our customers to comply with the latter data protection law.
• Does Planyway have a Data Protection Contact?
Yes. Planyway’s privacy contact can be reached at support@planyway.com.
• Does Planyway enter into Data Processing Agreements?
Yes, Planyway offers a data processing addendum ("DPA") to customers upon request (Planyway a processor). DPA is available at https://planyway.com/legal/data-processing-addendum
• What is Customer Content?
Customer Content is data, information, file attachments, text, images, personally identifiable information, and other content that is uploaded or submitted by users, or collected by users from third parties using forms or other features of the service, to the Planyway internet-delivered application.
• Where is Customer Content stored?
Information stored by Microsoft Azure in South Central USA. If you post or transfer any Information to or through our Site and Services, in doing so you agree that such Information, including Personal Data and User Content, is hosted in the United States.
• How is Customer Content secured?
Planyway shall process all personal data in the strictest confidentiality and implement the appropriate technical and organizational measures as required by the applicable regulations. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure, and as a result, we cannot ensure the security of Information you transmit to us, including Personal. Accordingly, you acknowledge that you do so at your own risk. More information about our security policies and technologies can be found here https://planyway.com/legal/security.
• What information do we collect about you?
The table below provides more details on what data we collect and for what purposes.
Purpose |
Processing Data |
|
Website Analytics and Tracking. We use personal information in order to better understand of our audience and their preferences. More information about it can be found in our Cookie Notice https://planyway.com/legal/cookies |
Statistics about visits to our website, location (Country and City) |
| Personalizing Your Experience. We use personal information in order to adapt our product to your needs. More information about it can be found in our Cookie Notice https://planyway.com/legal/cookies | Trello user ID, language preferences, time zone, actions (events) carried out on the site and in the Planyway service, GitHub user ID |
|
Product maintenance We use personal information in order to fix bugs and keep the Site and Service operational. |
Trello user ID, Error logs and performance metrics, GitHub user ID |
|
Responding to Requests or Inquiries. We use personal information in order to verify your identity and to fulfil your support request. We may also use this data in order to investigate any complaints on your behalf and to provide you with a more efficient service. |
User name, user email data in the messages you sent us |
|
Service notifications. We use personal information in order to notify about any technical work on the service. Status of Subscriptions and Licensing |
User name, user email, Trello user ID, GitHub user ID |
|
Newsletters. We use personal information in order to notify you of new features and discounts. |
User name, user email, Trello user ID, GitHub user ID |
|
Basic functionality. We use personal information in order to provide the basic functionality of the service. |
Trello user ID, Trello OAuth token, Trello boards IDs, Planway user settings, GitHub user ID |
|
Planyway time tracking data. We use personal information in order to provide an additional function: tracking time in Trello cards. |
Trello user ID, Trello OAuth token, Trello board fields (ID), Trello card fields (ID), Planyway time tracking data (time entry start date, duration and note), GitHub user ID |
|
iCal export feature. We use personal information in order to provide an additional function: export the Calendar for viewing purposes. |
Trello user ID, Trello OAuth token, Trello board fields (ID, name), Trello card fields (ID, name, description, due date, Planyway card data), user time zone, Planyway user settings, GitHub user ID, GitHub user ID, GitHub OAuth token |
|
Google sync feature. We use personal information in order to provide an additional function: reflecting Trello boards in Google Calendar. |
Trello user ID, Trello OAuth token, Trello board fields (ID, name), Trello card fields (ID, name, description, due date, Planyway card data), user time zone, Planway user settings, Google OAuth 2.0 tokens, Google calendar fields (user email, calendar ID), Google event fields (ID, name, description, start/end dates, recurrence rule), GitHub user ID, GitHub OAuth token |
|
Google connect feature. We use personal information in order to provide an additional function: reflecting all the Calendars from the Google Calendar. |
Trello user ID, Trello OAuth token, Google OAuth 2.0 tokens, Google calendar fields (user email), GitHub user ID, GitHub OAuth token |
|
Outlook Connect feature. We use personal information in order to provide an additional function: reflecting all the Calendars from the Outlook Calendar. |
Trello user ID, Trello OAuth token, Outlook user ID, Outlook OAuth 2.0 tokens, GitHub user ID, GitHub OAuth token |
|
Payments. We use personal information in order to confirm payment and provide access to paid services. |
User email, Trello user ID, user country, license type, payment period, subscription quantity, GitHub user ID |
Legal bases for processing (for EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only in case we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. It means we collect and use your information only when:
We need it to provide you with the Services, including the Service operation, providing customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
If you have consented to our use of information for a specific purpose, you have the right to change your mind at any time, but it will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
Subprocessors
Planyway engages third party service providers that process Customer Content on our behalf in connection with the provision of our services to customers ("Subprocessors").
• Does Planyway have written agreements with its Subprocessors? Yes, DPA between Planyway and Subprocessors is included in the Terms of Service and takes effect automatically.
List of Current Subprocessors
Below you can find the list of Subprocessors Planyway engages with today; this list can be change at Planyway's discretion.
Last Updated: January 27, 2025
Processors |
Country |
Privacy Policy |
GDPR-compliant |
| Google, Inc. | USA | For more information about Google’s privacy policy, see https://policies.google.com/privacy | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to Google to ensure that it is properly protected. |
| Amplitude Inc. | USA | For more information about Amplitude’s privacy notice, see https://amplitude.com/privacy | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to Amplitude to ensure that it is properly protected. https://amplitude.com/blog/2018/04/24/amplitude-gdpr |
| Microsoft Corporation | USA | For more information about Microsoft Corporation’s privacy notice, see https://privacy.microsoft.com/en-us/PrivacyStatement | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to Microsoft Corporation to ensure that it is properly protected. |
| Paddle | USA | For more information about Paddle’s privacy notice, see https://paddle.com/privacy/ | For more information on Paddle Readiness for GDPR https://paddle.com/gdpr/ |
| SendGrid, Inc. | USA | For more information about SendGrid’s privacy notice, see https://www.twilio.com/legal/tos | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to SendGrid to ensure that they are properly protected. |
| Intercom company | USA | For more information about Intercom’s privacy notice, see https://www.intercom.com/legal/privacy | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to Intercom to ensure that it is properly protected. |
| Trello, Inc. | USA | For more information about Trello’s privacy notice, see https://www.atlassian.com/legal/privacy-policy | If you are located in the EU, the EU-US “Privacy Shield” legal mechanism is used to transfer your data to Trello to ensure that it is properly protected. |
| Mouseflow | USA | For more information about Mouseflow privacy notice, see https://mouseflow.com/privacy | For more information on Mouseflow Readiness for GDPR, see https://mouseflow.com/gdpr |