Privacy Policy

ProMarshal ("we", "our", or "us") is a B2B SaaS platform that helps project managers automate coordination tasks through AI agents in Slack. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data. By using ProMarshal, you agree to the practices described in this policy. If you do not agree, please do not use our service.

We use your data solely to provide and improve ProMarshal: • Deliver automated task reminders via Slack • Sync task data between Jira and our system • Send transactional emails (OTP codes, account notifications) via SendGrid • Generate AI-powered insights and reminders (paid tier) • Monitor system health and prevent abuse • Respond to support requests We do not sell your data. We do not use your data for advertising.

ProMarshal uses the following third-party processors to deliver our service: | Service | Purpose | Data Shared | |---------|---------|-------------| | Slack | Task reminders, team interactions | Workspace tokens, messages | | Jira (Atlassian) | Task sync and status updates | Project/issue data, OAuth tokens | | MongoDB Atlas | Database storage | All user and project data | | OpenAI | AI message generation (paid tier) | Task titles, descriptions | | Anthropic | AI message generation (alternative) | Task titles, descriptions | | SendGrid | Transactional email delivery | Email address | | Render | Backend hosting | All data in transit | | Google | OAuth sign-in | Name, email | Each provider is bound by their own privacy policy and data processing agreements. Links to their policies are available on their respective websites.

We retain your data for as long as your account is active. Upon account deletion: • Your account and profile data is deleted within 30 days • Integration tokens are revoked and deleted immediately • Project and task data is deleted within 30 days • Backup copies may persist for up to 90 days in encrypted storage You may request early deletion at any time by contacting us at legal@promarshal.ai.

We take security seriously: • All data is transmitted over HTTPS/TLS • OAuth tokens are encrypted at rest using AES-256 encryption • Access to production data is restricted to authorized personnel • We conduct regular security reviews While we implement industry-standard protections, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

ProMarshal uses a minimal set of cookies, all of which are strictly necessary for the service to function: • next-auth.session-token — Maintains your login session • next-auth.csrf-token — Protects against cross-site request forgery These cookies do not track you across websites and do not require your consent under any privacy regulation, as they are essential to providing the service you have requested. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

If you are located in the EU, EEA, or United Kingdom, you have the following rights under GDPR: • Right to Access — Request a copy of your personal data • Right to Rectification — Correct inaccurate data • Right to Erasure — Request deletion of your data ("right to be forgotten") • Right to Restriction — Limit how we process your data • Right to Data Portability — Receive your data in a machine-readable format • Right to Object — Object to processing based on legitimate interests • Right to Withdraw Consent — Where processing is based on consent Our lawful basis for processing is primarily contract performance (delivering the service you signed up for) and legitimate interests (service security and reliability). To exercise any right, contact us at legal@promarshal.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have the right to: • Know what personal data we collect and why • Request deletion of your personal data • Correct inaccurate personal data • Non-discrimination for exercising your rights ProMarshal does not sell personal information and does not share personal information for cross-context behavioral advertising. Therefore, a "Do Not Sell or Share" opt-out is not applicable. To submit a request, contact us at legal@promarshal.ai.

Canada (PIPEDA / Quebec Law 25): We provide equivalent data subject rights to Canadian users, including access, correction, and deletion. Quebec users may exercise rights under Law 25 by contacting us directly. Brazil (LGPD): Brazilian users have rights to confirmation of processing, access, correction, deletion, and portability under the LGPD. Contact us to exercise these rights. Australia (Privacy Act): We comply with the Australian Privacy Principles. Australian users may request access to or correction of their data at any time. India (DPDP Act 2023): We respect Indian users' rights to access and correction of personal data as provided under applicable Indian law. For all regions, contact us at legal@promarshal.ai to exercise your rights.

ProMarshal is a B2B service intended for business users aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the application. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of ProMarshal after changes take effect constitutes acceptance of the updated policy.

For any privacy-related questions, data subject requests, or concerns, contact us at: ProMarshal Email: legal@promarshal.ai We aim to respond to all inquiries within 5 business days and to fulfill all data subject requests within 30 days.