Privacy Policy

Aluzio ("we", "us", or "our") operates the Aluzio retrospective platform. This Privacy Policy explains what personal data we collect, why we collect it, how we store it, and your rights regarding that data.

By using Aluzio, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

We collect the following categories of data:

Account Data

When you create an account, we collect your name, email address, and an encrypted password hash. We never store your password in plain text.

Organization Data

If you create or join an organization, we store the organization name and URL slug.

Retrospective Content

We store the content you create within the platform, including board names, section definitions, cards and notes, and session data such as session states and timestamps.

Usage Data

We record basic usage information such as login timestamps and last-activity dates to maintain your session and improve the service.

We use your data for the following purposes:

• To provide and operate the Aluzio service, including authentication, board management, and retrospective sessions
• To send transactional emails such as account verification, password resets, and important service notifications
• To improve the product based on how the service is used

We do not sell your data. We do not use your data for advertising. We do not profile you for marketing purposes.

All application data is stored in a PostgreSQL database hosted on Fly.io infrastructure. Data is encrypted at rest on the database server and encrypted in transit using HTTPS for all connections between your browser and our servers.

Passwords are hashed using the Argon2 algorithm before storage. We never have access to your plain-text password.

We use a limited number of third-party services to operate Aluzio:

Fly.io — Hosting and Database

Fly.io provides application hosting, compute infrastructure, and a managed PostgreSQL database. All application data is processed and stored on Fly.io infrastructure.

Mailgun — Email Delivery

Mailgun handles the delivery of transactional emails on our behalf. When we send you an email, Mailgun receives your email address and the email content in order to deliver it.

We do not use any analytics services, advertising networks, or other third-party trackers.

Aluzio uses only essential cookies required for the service to function. We do not use tracking cookies, analytics cookies, or third-party cookies.

• Session cookie (_aluzio_key): Used for authentication and CSRF protection. This cookie is essential for keeping you logged in and securing form submissions. It expires when you close your browser or after your session times out.
• Theme preference (localStorage): We store your light/dark theme preference in your browser's local storage so it persists between visits. This data never leaves your browser.

You have the following rights regarding your personal data:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to erasure: You can request that we delete your account and all associated data.
• Right to rectification: You can request that we correct any inaccurate personal data.
• Right to data portability: You can request an export of your data in a standard, machine-readable format.

To exercise any of these rights, contact us at hi@aluzio.ai. We will respond to your request within 30 days.

We retain your data for as long as your account is active. If you request account deletion, we will permanently remove your personal data and associated content within 30 days of your request.

Some data may be retained in encrypted database backups for a limited period after deletion as part of routine backup procedures, after which backups are rotated and the data is permanently destroyed.

Aluzio is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email.

We encourage you to review this page periodically to stay informed about how we protect your data.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

hi@aluzio.ai