Flint & Steel Ventures, LLC is the data controller responsible for your personal information when you use PMHub.io. This means we determine the purposes and means of processing your personal data.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us through our support page.

We collect information that you provide directly to us, information collected automatically when you use our service, and information from third-party sources.

Personal information we collect includes:

• Account information: name, email address, password, profile information

• Project data: project names, descriptions, tasks, deadlines, team member information, and project-related content you create

• Payment information: billing address, payment method details (processed securely through third-party payment processors)

• Communication data: messages, comments, and other communications you send through the service

• Usage data: how you interact with our service, features used, time spent, device information, IP address, browser type, and access times

• Cookies and tracking technologies: we use cookies, web beacons, and similar technologies to collect information about your browsing activities

We use your personal information for the following purposes:

• To provide, maintain, and improve our services

• To process transactions and send related information

• To send administrative information, updates, security alerts, and support messages

• To respond to your inquiries and provide customer support

• To personalize your experience and provide content and features relevant to you

• To detect, prevent, and address technical issues and security threats

• To comply with legal obligations and enforce our Terms of Use

• To analyze usage patterns and improve our service functionality

We process your personal data based on the following legal bases (where applicable under GDPR): contract performance, legitimate interests, consent, and legal obligations.

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We share information with third-party service providers who perform services on our behalf, such as hosting, payment processing, analytics, email delivery, and customer support. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

• Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

• Legal requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

• With your consent: We may share information with your explicit consent or at your direction.

• Aggregated or de-identified data: We may share aggregated or anonymized data that cannot reasonably be used to identify you.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols

• Access controls and authentication mechanisms

• Regular security assessments and vulnerability testing

• Employee training on data protection and privacy

• Secure data centers with physical access controls

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

• Account data: Retained while your account is active and for 30 days after account deletion, after which it may be permanently deleted unless we are required to retain it for legal purposes

• Project data: Retained while your account is active and for 30 days after account deletion

• Payment records: Retained as required by law (typically 7 years for tax and accounting purposes)

• Usage logs: Retained for up to 12 months for security and analytics purposes

• Marketing communications: You can opt out at any time, and we will stop sending marketing communications immediately

After the retention period, we will securely delete or anonymize your personal information unless we are legally required to retain it.

Depending on your location, you may have the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you

• Right to rectification: Request correction of inaccurate or incomplete information

• Right to erasure: Request deletion of your personal information (subject to legal requirements)

• Right to restrict processing: Request limitation of how we process your information

• Right to data portability: Request transfer of your data to another service

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent where processing is based on consent

• Right to opt-out of sale/sharing: Under CCPA/CPRA, opt out of the sale or sharing of personal information (we do not sell your information)

• Right to limit sensitive information: Under CPRA, limit use of sensitive personal information

• Right to non-discrimination: Exercise your rights without discrimination

To exercise these rights, contact us through our support page. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

We use cookies, web beacons, and similar tracking technologies to collect and store information about your use of our service. Types of cookies we use include:

• Essential cookies: Required for the service to function properly

• Analytics cookies: Help us understand how users interact with our service

• Preference cookies: Remember your settings and preferences

• Marketing cookies: Used to deliver relevant advertisements (if applicable)

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our service. For more information about our cookie practices, please contact us through our support page.

PMHub.io is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us through our support page immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal information from the European Economic Area (EEA) or United Kingdom to other countries, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your information receives an adequate level of protection.

By using our service, you consent to the transfer of your information to countries outside your country of residence.

Some features of PMHub.io use automated systems and algorithms to personalize your experience, recommend features or content, and analyze usage patterns. This may include profiling to better understand your preferences and needs.

These automated processes do not result in legal or similarly significant effects for you. You have the right to object to automated decision-making and profiling. If you have questions or wish to opt out of such processing, please contact us through our support page.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach (where required by law).

Notifications will include information about the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address the breach.

We use third-party service providers (sub-processors) to help us operate our service. These providers may have access to your personal information only to perform services on our behalf and are obligated not to disclose or use it for any other purpose.

Categories of sub-processors we use include:

• Cloud hosting and infrastructure providers

• Payment processors

• Analytics and monitoring services

• Email delivery services

• Customer support platforms

We maintain contracts with all sub-processors that require them to protect your information in accordance with applicable data protection laws. If you would like more information about our sub-processors, please contact us through our support page.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share information

• Right to delete: Request deletion of personal information (subject to exceptions)

• Right to correct: Request correction of inaccurate personal information

• Right to opt-out: Opt out of the sale or sharing of personal information (we do not sell your information)

• Right to limit: Limit use and disclosure of sensitive personal information

• Right to non-discrimination: Exercise your rights without discrimination

To exercise these rights, contact us through our support page. We will verify your identity and respond within 45 days (or as required by law).

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

• Right of access: Obtain confirmation of whether we process your data and access to that data

• Right to rectification: Correct inaccurate or incomplete data

• Right to erasure ('right to be forgotten'): Request deletion of your data under certain circumstances

• Right to restrict processing: Limit how we process your data

• Right to data portability: Receive your data in a structured, machine-readable format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent where processing is based on consent

• Right to lodge a complaint: File a complaint with your local supervisory authority

To exercise these rights, contact us through our support page. We will respond within one month (or as required by law).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new 'Last updated' date

• Sending an email notification to the email address associated with your account

• Displaying a prominent notice on our service

Your continued use of PMHub.io after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through our support page.

Data Controller: Flint & Steel Ventures, LLC

We are committed to addressing your privacy concerns and will respond to all inquiries within 2 business days.