⚠ This is the public-facing privacy policy. The published copy must replace the placeholders [FOUNDER NAME] and [POSTAL ADDRESS] with real legal information after lawyer review. The text below already reflects the data-handling reality of the Service.

Privacy Policy

Last updated: [DATE]
Operator: [FOUNDER NAME / COMPANY], [POSTAL ADDRESS] (the "Operator", "we", "us")

This Privacy Policy describes how Recapline ("the Service") processes personal data of users and team members of customer organisations.

1. Roles under GDPR

When you install Recapline, you (or your organisation) are the Controller of the personal data processed by the Service. We are the Processor acting on your documented instructions per Article 28 GDPR. A Data Processing Agreement (DPA) is automatically incorporated into the Service Terms when you install Recapline.

2. What we process

2.1 Data we collect from you

Atlassian account information when you install: cloud ID, your Atlassian account ID, email, display name.
Team member identifiers: when you map members in Recapline, we store Atlassian account IDs, Slack user IDs, GitHub logins, names, roles, timezones.
Connector secrets: encrypted at rest with Fernet (AES-128 + HMAC-SHA256) before storage. Decrypted in memory only at the moment of use.

2.2 Data we read on your behalf

When the agent runs, it reads from your connected services in your name: Jira issues/sprints/transitions, GitHub PRs and reviews, Slack DMs and channel posts. We process this data in memory to generate the report and do not retain it beyond the run unless explicitly listed below.

2.3 Data we generate and retain

Generated reports in Markdown — retained indefinitely so customers can audit history.
Run metadata — start/end time, status, error if any, token counts, posted-to channel.
DM transcripts — the question we asked each member and the reply, retained for 90 days for audit, then deleted.

3. Why we process

Purpose	Legal basis
Provide the Service	Contract (Art. 6(1)(b))
Bill via Atlassian Marketplace	Contract
Improve the Service (anonymised analytics only)	Legitimate interest (Art. 6(1)(f))
Respond to support requests	Contract
Comply with legal obligations	Legal obligation (Art. 6(1)(c))

We do not train AI models on your data. We do not sell, rent, or share your data with advertisers.

4. Sub-processors

Sub-processor	Purpose	Region
Anthropic PBC	LLM inference (Claude)	US (with EU mirroring where available)
Hetzner Online GmbH	Hosting backend + database	Germany (EU)
Atlassian Pty Ltd	Marketplace billing + Forge runtime	Australia / EU

We use Standard Contractual Clauses for any international transfers per GDPR Art. 46.

5. How long we keep data

Generated reports: indefinite (you can request deletion anytime).
DM transcripts: 90 days.
Run logs: 12 months.
Connector secrets: until you uninstall or revoke.
Backups: 30 days rolling.

When you uninstall, all your data is deleted within 30 days unless retention is required by law.

6. Where data is stored

EU (Germany — Hetzner). LLM inference may transit to Anthropic infrastructure (US) for the duration of a single run.

7. Your rights (GDPR Art. 15-22)

You may at any time access, correct, delete, export, object to or restrict processing, or lodge a complaint with your data protection authority. Email privacy@recapline.com. We respond within 30 days.

8. Security measures

Encryption at rest (Fernet AES-128 + HMAC) for all secrets
Encryption in transit (TLS 1.2+)
OAuth 2.0 + state CSRF protection
Principle of least privilege — connectors request minimum scopes
Backup retention 30 days
Annual third-party security review (post-incorporation)

9. Breaches

Notification to affected Controllers within 72 hours of awareness, per GDPR Art. 33.

10. Children

The Service is not directed at minors and we do not knowingly collect data of children under 16.

11. Changes

Material changes will be notified by email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

12. Contact

Email: privacy@recapline.com
Postal: [FOUNDER NAME], [POSTAL ADDRESS]