Privacy Policy

Introduction

CheckinPigeon ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Slack application.

Consent

By installing the Slack app, connecting your Slack workspace, or using the Service, you consent to the collection and processing of information as described in this Privacy Policy.

Where we rely on your consent (for example, for certain communications), you may withdraw your consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

Information We Collect

Information from Slack

• Workspace ID and name
• User IDs, names, and email addresses (if available)
• Bot installation details (scopes, and tokens needed to operate the Slack app)
• Messages and responses you submit to standups and polls

Files Uploaded to Slack During Standups

If you upload files (for example, images, videos, or other attachments) as part of a standup response in Slack, we may download and store those files in our own secure cloud storage (Cloudflare R2 in the EU) so they can be displayed reliably in reports and dashboards.

• We store the file contents and basic metadata (such as file name, type, size, and Slack file ID)
• We do not make these files public; access is restricted to authorized users in the relevant Slack workspace
• We may use temporary signed URLs to allow authorized viewing/downloading

Information You Provide

• Standup questions and configurations
• Poll questions and options
• Response data to standups and polls
• Account settings and preferences

Automatically Collected Information

• Log files and diagnostic data (for example, IP address, request timestamps, and basic request metadata)
• Limited website analytics (via Plausible) to understand page traffic and improve the site
• Application error reports (via AppSignal) to diagnose and fix issues
• Live chat data (via Crisp) when you contact us for support, including:
  • Your name and email (if provided)
  • Chat messages and conversation history
  • Pages you visit on our website (visible to support agents)
  • Device and browser information
  • IP address and approximate location

Payment Information

• We use Creem (our payment processor) to handle payments
• We do not store credit card numbers
• Our payment provider collects billing information and payment details
• See Creem's Privacy Policy at https://www.creem.io/privacy

AI Features and Third-Party Processing

Blocker Detection Feature

If you enable the AI Blocker Detection feature, we process standup responses using artificial intelligence to help identify potential blockers and generate insights for your team.

How It Works:

• Standup responses are sent to OpenRouter (our AI service provider)
• OpenRouter routes requests to third-party AI model providers
• The AI analyzes the text and returns blocker detection results
• Results are displayed to workspace admins and relevant team members

What Data Is Sent:

• Standup question text
• User's standup response text
• Minimal context needed for analysis (no email addresses or personal identifiers are included in AI requests)

Third-Party AI Processing:

We use OpenRouter as our AI service provider. OpenRouter may route requests to different underlying model providers (such as Meta, Google, Anthropic, or others) depending on availability and configuration. These providers may:

• Process data in different countries
• Have their own data retention policies
• Change over time as we optimize the feature

Important Notes:

• This feature is optional and can be enabled/disabled per standup
• We do not control the data handling practices of underlying AI model providers
• AI providers' policies may vary and are subject to their own terms
• We configure providers to minimize data retention where supported, but cannot guarantee all providers meet the same standards

Data Retention for AI Features:

• We do not intentionally store AI inputs or outputs long-term
• Requests may be logged temporarily for debugging and abuse prevention (up to 30 days)
• OpenRouter and underlying model providers may have their own retention policies

Training on Your Data:

• We do not use your data to train our own AI models
• We configure AI providers not to use customer content for model training where such options are available
• However, we cannot guarantee that all underlying model providers honor no-training policies, especially for free-tier models

Your Control:

• You can enable or disable AI Blocker Detection at any time per standup
• Disabling the feature stops sending data to AI providers for new responses
• Previously processed data may be retained by AI providers per their policies

How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Process standups and polls
• Send notifications and reminders
• Provide customer support
• Improve and optimize the Service
• Communicate updates and changes
• Comply with legal obligations
• Prevent fraud and abuse

Data Storage and Security

Where We Store Data

• Our application servers and database are hosted on a VPS in Romania, European Union
• Our file storage uses Cloudflare R2 with data stored in the European Union
• All infrastructure is located within the European Union to ensure GDPR compliance

How We Protect Data

We also use application-level encryption for certain sensitive fields (such as authentication tokens) to reduce the risk of exposure if the database or backups are accessed.

• Industry-standard security measures
• Regular security audits and updates
• Access controls and authentication
• Encrypted database connections
• Regular backups

Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Categories

• Account / Workspace data: retained while the workspace is active
• Communication records: standup and poll responses and related records retained for up to 2 years
• Standup file attachments: retained while the related standup exists, then deleted when the standup is deleted
• Logs and analytics: diagnostic logs (including IP address) and usage/analytics retained for up to 12 months
• Payment and tax records: retained for up to 7 years (where applicable) to comply with accounting and legal requirements

Deletion of Standup Attachments

• If a standup is deleted in CheckinPigeon, we delete the stored copies of attachments associated with that standup
• If you uninstall the Slack app or request workspace data deletion, we will delete workspace data (including cached attachments) within 14 days as required by Slack's policies

Billing Data After Deletion

When workspace data is deleted (for example, by request), we retain minimal billing records as required by law, including:

• Subscription history (dates, plan types, amounts)
• Transaction records for tax compliance
• Minimal audit trail for dispute resolution

We anonymize or remove:

• Payment processor customer IDs (replaced with random identifiers)
• Detailed customer profile data
• Personal information not required for accounting/legal compliance
• Raw payment and billing webhook payloads (replaced with anonymized subscription records)
• Billing provider configuration data not required for legal compliance

Slack App Uninstall

• If the Slack app is uninstalled from your workspace, we will stop the Service for that workspace (for example, standups will be stopped)
• If you have an active paid subscription, we may schedule cancellation at the end of the current billing period and send a confirmation email
• Uninstalling the Slack app does not automatically delete workspace data; deletion requires an explicit request (see "How to Request Data Deletion" below)

Log Files

Like many online services, we collect log files to operate and secure the Service. These logs may include:

• Internet Protocol (IP) address
• Browser type, device information, and basic request details
• Time and date of access and pages/features used
• Error and diagnostic information

We use this information for security monitoring, troubleshooting, abuse prevention, and improving reliability.

Data Sharing and Disclosure

We do NOT sell your data.

We may share data with:

Service Providers

• Cloud hosting providers for infrastructure
• Creem for payment processing
• Plausible for website analytics
• Sentry for error tracking
• OpenRouter for AI-powered blocker detection (when enabled)
  • OpenRouter may use various underlying AI model providers
  • These providers may change over time
  • See OpenRouter's Privacy Policy at https://openrouter.ai/privacy
• Crisp for live chat customer support
  • Crisp collects chat conversations, browsing activity on our website, and basic contact information
  • Crisp is hosted in the EU and GDPR-compliant
  • See Crisp's Privacy Policy at https://crisp.chat/en/privacy/

Legal Requirements

We may disclose data if required by law, to:

• Comply with legal processes
• Enforce our Terms of Service
• Protect our rights and safety
• Prevent fraud or security issues

Your Data Rights

Depending on your location, you may have rights including:

For All Users

• Access your data
• Export your data
• Delete your account and data
• Opt-out of marketing communications

Regarding AI Processing:

If you are concerned about third-party AI processing, you can:

• Disable the AI Blocker Detection feature for your standups
• Contact us to request exclusion from AI processing
• Note that once data is sent to AI providers, we cannot guarantee deletion from their systems

For EU Users (GDPR)

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

For California Users (CCPA)

• Right to know what data is collected
• Right to delete personal data
• Right to opt-out of data sales (we don't sell data)

To Exercise Your Rights:

Contact us at [email protected]

How to Request Data Deletion

To request deletion of your personal data:

Contact Methods

Email: [email protected]

What Happens Next

• We will verify your identity and workspace ownership/admin status
• We will process your deletion request within 30 days
• Some minimal records may be retained for legal, accounting, or tax compliance (as described in our Data Retention section)
• You will receive confirmation via email once deletion is complete

Note: If you have an active paid subscription, we recommend canceling it first. Data deletion does not automatically cancel billing.

Slack App Uninstall: Uninstalling the Slack app stops the Service for your workspace and may trigger subscription cancellation at the end of the billing period, but it does not automatically delete workspace data.

Cookies and Tracking

We use minimal tracking technologies:

Essential Cookies

• Session cookies to keep you logged in
• Authentication tokens
• User preferences
• Crisp chat widget (for live customer support)

Analytics

• We use Plausible Analytics, which is privacy-friendly and does NOT use cookies
• Plausible does not track users across websites and collects only aggregated, anonymized usage statistics
• No cookies or persistent identifiers are used for analytics
• See: https://plausible.io/privacy

No Marketing Cookies

• We do not use marketing or advertising cookies
• We do not track you across websites

You can disable cookies in your browser settings, but this may prevent you from logging in.

Live Chat and Customer Support

Crisp Chat Widget

When you visit our website, we use Crisp, a live chat service, to provide customer support.

What Crisp Collects:

• Your browsing activity on our website (pages visited, time spent)
• Messages you send through the chat widget
• Your name and email (if you provide them)
• Device information (browser, operating system)
• IP address and approximate location
• Session recordings showing how you navigate our site

How We Use This Information:

• Provide real-time customer support
• Understand common support issues
• Improve our website and documentation
• Track customer satisfaction

Data Visibility:

Our support team can see your real-time browsing activity on our website when you have the chat widget open. This helps us provide contextual support (for example, if you're on the pricing page, we can answer pricing questions more effectively).

Your Control:

• You can close the chat widget at any time to stop sharing browsing activity
• You can request deletion of your chat history by contacting [email protected]
• Crisp chat data is retained for up to 2 years for support quality purposes

Data Storage:

Crisp stores data on servers located in the European Union (France) and is GDPR-compliant.

Third-Party Privacy Policy:

See Crisp's Privacy Policy: https://crisp.chat/en/privacy/

Third-Party Services

Our Service integrates with:

• Slack: See Slack's Privacy Policy at https://slack.com/privacy-policy
• Plausible: See Plausible's Privacy Policy at https://plausible.io/privacy
• AppSignal: See AppSignal's Privacy Policy at https://www.appsignal.com/privacy-policy
• Creem: Our payment provider processes payments and billing information (Privacy Policy: https://www.creem.io/privacy )
• Crisp: Our live chat support tool (Privacy Policy: https://crisp.chat/en/privacy/ )

We are not responsible for the privacy practices of third-party services.

International Data Transfers

Our servers are hosted in Romania, European Union. If you are located outside Romania, your data will be processed on servers located in Romania, EU. As Romania is an EU member state, all data processing complies with GDPR requirements.

Additionally, if you enable AI features, your standup response data may be processed by AI model providers located in various countries, including the United States and other regions, depending on which providers OpenRouter uses at the time of processing.

For EU Users

We comply with GDPR requirements for international data transfers using:

• Standard Contractual Clauses (SCCs)
• Appropriate technical and organizational measures

Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect data from children under 18. If you believe we have collected data from a child, contact us immediately.

Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Notify relevant authorities as required by law
• Take immediate steps to contain and remedy the breach

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

• Posting the new Privacy Policy on our website
• Sending an email notification
• Displaying an in-app notification

Continued use after changes constitutes acceptance.

Contact Us

For privacy-related questions or to exercise your rights:

• Email: [email protected]
• Website: checkinpigeon.com