Privacy Policy

Last updated: March 19, 2026

1. Introduction

Obeya Cloud ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at obeya.cloud and its subdomains (the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, password)
  • Organization and workspace data you create
  • Project content, board items, comments, and attachments
  • Profile information and preferences
  • Communications you send to us (support requests, feedback)

2.2 Information Collected Automatically

  • Log data (IP address, browser type, operating system, referral URLs)
  • Usage data (features used, pages visited, actions taken)
  • Device information (device type, screen resolution, language)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, operate, and maintain the Service
  • To improve, personalize, and expand the Service
  • To understand and analyze how you use the Service
  • To communicate with you for customer service, updates, and marketing
  • To process transactions and send related information
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Within your organization: Data you create is visible to other members of your organization based on their role and permissions.
  • Service providers: We may share data with third-party vendors who assist in operating the Service (hosting, analytics, email).
  • Legal requirements: We may disclose data when required by law, regulation, or legal process.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or reporting purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encryption at rest, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to data portability: Request a machine-readable copy of your data.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing of your data for certain purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@obeya.cloud.

8. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use the Service. You can control cookie settings through your browser preferences. Essential cookies (required for authentication and core functionality) cannot be disabled while using the Service.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, where required by GDPR.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Privacy Policy