Privacy Policy

1. Introduction

Cyrus365 ("we," "our," or "us") operates Projects.ink (the "Service"), available at both projects.ink and projects.cyrus365.com. This Privacy Policy explains what data we collect, how we use it, which service providers we use, and what choices you have.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with this policy, please discontinue use of the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly, including:

• Name and email address
• Profile information (avatar, display name)
• Organization and membership details
• Support and contact messages

2.2 Usage Data

We automatically collect technical and usage data, including:

• Browser type and version
• Operating system
• Pages visited and time spent
• IP address, device identifiers, and approximate location derived from IP
• Authentication and session metadata (e.g., session IDs, token timestamps)

2.3 Project Data

We store and process project data you create in the Service, including projects, tasks, comments, assignees, sprint/group structures, attachments, and collaboration metadata. Project data is visible to authorized members based on project visibility and role settings.

3. How We Use Your Information

We use collected data to operate and improve the Service, including to:

• Provide project collaboration features, access controls, and account management
• Authenticate users and maintain secure sessions across Cyrus365 services
• Store and synchronize project updates, including offline/local-first workflows
• Deliver product notifications, support communications, and transactional email
• Detect abuse, fraud, and unauthorized access; monitor reliability and performance
• Comply with legal obligations and enforce our terms, security, and billing rules

4. Data Sharing and Disclosure

We do not sell your personal information. We share data only as needed to run the Service, including with the following categories of recipients:

• Infrastructure and storage providers: Hosting, database, and cache providers used to operate projects.ink/projects.cyrus365.com.
• Authentication and identity services: Cyrus365 authentication services, including token/session validation and user verification.
• Synchronization services: Local-first sync infrastructure for project data replication and upload processing.
• Product integrations you enable: File storage providers (attachments), mailbox providers (Google/Microsoft), and webhook recipients configured by your organization.
• Authorized workspace members: Data shared according to project membership, visibility, and role permissions.
• Legal and business events: Lawful requests, dispute resolution, or corporate transactions (e.g., merger or acquisition).

5. Data Security

We use technical and organizational safeguards to protect data against unauthorized access, disclosure, alteration, and destruction. Controls include:

• Encryption in transit and managed encryption at rest where supported
• Signed authentication tokens, session controls, and permission checks
• Role-based access controls and project visibility constraints
• Operational logging, monitoring, and incident response procedures

No system is completely secure. While we continuously improve our controls, we cannot guarantee absolute security.

6. Data Retention

We retain data for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type.

• Account and project data: Retained while the account/workspace is active, then deleted or anonymized within a reasonable operational period unless legally required.
• Session/security logs: Retained for security, audit, and fraud prevention for limited periods based on operational needs.
• Backups and recovery copies: May persist temporarily until rotated out by backup schedules.

7. Your Rights

Depending on your location and applicable law, you may have rights to:

• Access: Request confirmation and access to personal data we hold about you
• Correction: Request correction of incomplete or inaccurate data
• Deletion: Request deletion of personal data, subject to legal exceptions
• Portability: Request export of relevant data in a commonly used format
• Restriction/Objection: Request limits on certain processing activities
• Consent withdrawal: Withdraw consent where processing relies on consent

To exercise these rights, contact us at [email protected]. We may verify your identity and request additional details to process your request.

8. Cookies and Tracking

We use cookies and similar technologies that are necessary to operate authentication, session continuity, security controls, and core product functionality.

You can control cookies in your browser settings. Blocking required cookies may prevent login, session refresh, and parts of the Service from working correctly.

9. Third-Party Services

We rely on third-party providers to deliver parts of the Service. Depending on your usage, this may include cloud infrastructure, database/storage services, email delivery, payment, analytics/monitoring, file storage, identity providers, and mailbox providers.

Third-party services are governed by their own terms and privacy notices. Where integrations are configured by your organization (for example, webhooks and external mailbox links), your organization is responsible for its own lawful use and disclosures.

10. Children's Privacy

The Service is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from children under the age required by applicable law. If you believe a child submitted personal information, contact us and we will take appropriate action.

11. International Data Transfers

Because our providers and infrastructure may operate in multiple regions, your information may be processed outside your country. Where required, we use appropriate safeguards and contractual protections for cross-border transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by updating the "Last updated" date on this page and, where appropriate, by additional in-product or email notice.