Privacy Policy

Last updated: December 24, 2025

1. Information We Collect

Identity Data: We collect your name, email address, and profile image when you sign in using Google, GitHub, or Magic Link. We do not store passwords.
Usage and Technical Data: We collect information about how you interact with our Service, such as IP addresses, browser type, device information, and timestamps. We also use cookies and similar analytical technologies to track activity on our Service and hold certain information to improve and analyze our Service.
Authentication Data: We generate and store hashed Personal Access Tokens (PATs) and OAuth tokens to secure your connection to our API.
Content: Data you create, such as teams, boards, feedback items, votes, and comments.
Billing Data: When you subscribe to a paid plan, payment processing is handled by third-party payment processors. We do not store your credit card or full billing details on our servers; we only receive confirmation of payment and subscription status.

2. How We Use Information

We use your data to:

Provide and maintain the Service.
Authenticate your identity across the Web App and VS Code Extension.
Improve our Service through usage analysis.
Communicate with you regarding updates, security alerts, and support.
We use third-party service providers for analytics, infrastructure monitoring, and performance measurement to help us understand usage patterns, identify technical issues, and improve the Service.

3. VS Code Extension Privacy

Our VS Code Extension is designed with privacy in mind.

What we DO collect: The extension sends API requests to fetch and update feedback items stored on our servers. It authenticates using your Personal Access Token.
What the extension is not intended to collect: The extension is designed not to read, analyze, or upload your local source code, file contents, or project structure. It operates as a client for the ShipBoard API and is intended to interact only with data necessary to provide the Service. While safeguards are in place to minimize data collection, limited technical metadata (such as error logs or request diagnostics) may be processed to maintain reliability and security.
Storage: Your Personal Access Token is stored securely in VS Code's native Secret Storage API on your local machine.

4. Data Retention & Security

We implement industry-standard security measures, including encryption of data in transit (HTTPS) and encryption of sensitive tokens at rest. We retain your data for as long as your account is active. Following account deletion or termination, data may be retained for a limited period where necessary for backup integrity, legal compliance, dispute resolution, or legitimate business records, after which it is deleted or anonymized.

5. Your Rights

Depending on your location, you may have rights under data protection laws (such as GDPR or CCPA), including:

Access: The right to request copies of your personal data.
Correction: The right to request correction of inaccurate data.
Erasure: The right to request deletion of your data ("Right to be Forgotten").

To exercise these rights, you may contact us at support@shipboard.dev. We may require verification of your identity before fulfilling a request. Requests are handled within a reasonable timeframe in accordance with applicable law.

6. Children's Privacy

Our Service is not intended for individuals under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes to billing or data handling via the email associated with your account.