Privacy Policy

In this Privacy Policy, the following terms have the following meanings:

• 'We,' 'us,' and 'our' refer to Flint & Steel Ventures, LLC, the operator of PMHub.io.

• 'You' and 'your' refer to the individual using PMHub.io or the organization on whose behalf you are using it.

• 'Personal information' and 'personal data' mean any information that identifies, relates to, describes, or is capable of being associated with you.

• 'Service' and 'PMHub.io' refer to the project management platform and related services operated by Flint & Steel Ventures, LLC.

• 'Processing' means any operation performed on personal information, such as collection, storage, use, or disclosure.

This Privacy Policy applies to personal information we collect when you use PMHub.io, including through our website, applications, and related services. It applies to users in all jurisdictions where we offer the Service.

This policy does not apply to: (a) information collected by third-party websites or services linked from PMHub.io; (b) information we process on behalf of our business customers under a separate data processing agreement; or (c) information that has been aggregated or de-identified such that it cannot reasonably identify you.

Flint & Steel Ventures, LLC is the data controller responsible for your personal information when you use PMHub.io. This means we determine the purposes and means of processing your personal data.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us through our support page.

We collect information that you provide directly to us, information collected automatically when you use our service, and information from third-party sources.

Personal information we collect includes:

• Account information: name, email address, password, profile information

• Project data: project names, descriptions, tasks, deadlines, team member information, and project-related content you create

• Payment information: billing address, payment method details (processed securely through third-party payment processors)

• Communication data: messages, comments, and other communications you send through the service

• Usage data: how you interact with our service, features used, time spent, device information, IP address, browser type, and access times

• Cookies and tracking technologies: we use cookies, web beacons, and similar technologies to collect information about your browsing activities

We use your personal information for the following purposes:

• To provide, maintain, and improve our services

• To process transactions and send related information

• To send administrative information, updates, security alerts, and support messages

• To respond to your inquiries and provide customer support

• To personalize your experience and provide content and features relevant to you

• To detect, prevent, and address technical issues and security threats

• To comply with legal obligations and enforce our Terms of Use

• To analyze usage patterns and improve our service functionality

We process your personal data based on the following legal bases (where applicable under GDPR): contract performance, legitimate interests, consent, and legal obligations.

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We share information with third-party service providers who perform services on our behalf. These include: (a) Stripe for payment processing—payment card details are not stored by us and are handled directly by Stripe in accordance with their privacy policy; (b) Google Analytics for understanding how users interact with our service; (c) cloud hosting and infrastructure providers; (d) email delivery and customer support platforms. We expect these providers to protect your information and use it only for the purposes we specify.

• Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

• Legal requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

• With your consent: We may share information with your explicit consent or at your direction.

• Aggregated or de-identified data: We may share aggregated or anonymized data that cannot reasonably be used to identify you.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data at rest and in transit (e.g., HTTPS)

• Access controls and authentication mechanisms to restrict access to authorized users

• Reliance on third-party cloud providers for hosting and infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

• Account data: Retained while your account is active and for 90 days after account deletion, after which it may be permanently deleted unless we are required to retain it for legal purposes

• Project data: Retained while your account is active and for 90 days after account deletion

• Payment records: Retained as required by law (typically 7 years for tax and accounting purposes)

• Usage logs: Retained for a limited period as needed for security and analytics (e.g., product usage data may be retained for 90 days; application logs may be retained longer)

• Marketing communications: We do not currently send marketing emails. If we do in the future, you may opt out at any time

After the retention period, we will securely delete or anonymize your personal information unless we are legally required to retain it.

Depending on your location, you may have the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you

• Right to rectification: Request correction of inaccurate or incomplete information

• Right to erasure: Request deletion of your personal information (subject to legal requirements)

• Right to restrict processing: Request limitation of how we process your information

• Right to data portability: Request transfer of your data to another service

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent where processing is based on consent

• Right to opt-out of sale/sharing: Under CCPA/CPRA, opt out of the sale or sharing of personal information (we do not sell your information)

• Right to limit sensitive information: Under CPRA, limit use of sensitive personal information

• Right to non-discrimination: Exercise your rights without discrimination

To exercise these rights, contact us through our support page. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

We use cookies, web beacons, and similar tracking technologies to collect and store information about your use of our service. Types of cookies we use include:

• Essential cookies: Required for the service to function properly (e.g., authentication, session management). These do not require consent under applicable law.

• Analytics cookies: We use Google Analytics to understand how users interact with our service. Analytics data is used to improve our service and may be processed in the United States. Where required by law (e.g., in the EEA), we obtain your consent before using analytics cookies.

• Preference cookies: Remember your settings and preferences.

• Marketing cookies: We do not currently use marketing cookies for advertising.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our service. Where we use non-essential cookies, we will obtain your consent where required by applicable law before placing such cookies. For more information about our cookie practices, please contact us through our support page.

PMHub.io is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us through our support page immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal information from the European Economic Area (EEA) or United Kingdom to other countries, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your information receives an adequate level of protection.

By using our service, you consent to the transfer of your information to countries outside your country of residence.

Some features of PMHub.io use automated systems and algorithms to personalize your experience, recommend features or content, and analyze usage patterns. This may include profiling to better understand your preferences and needs.

These automated processes do not result in legal or similarly significant effects for you. You have the right to object to automated decision-making and profiling. If you have questions or wish to opt out of such processing, please contact us through our support page.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach (where required by law).

Notifications will include information about the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address the breach.

We use third-party service providers (sub-processors) to help us operate our service. These providers may have access to your personal information only to perform services on our behalf, and we expect them not to disclose or use it for any other purpose.

Categories and examples of sub-processors we use include:

• Payment processing: Stripe (https://stripe.com/privacy)

• Analytics: Google Analytics (https://policies.google.com/privacy)

• Cloud hosting and infrastructure providers

• Email delivery services

• Customer support platforms

We expect sub-processors to protect your information in accordance with applicable data protection laws. If you would like more information about our sub-processors, please contact us through our support page.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share information

• Right to delete: Request deletion of personal information (subject to exceptions)

• Right to correct: Request correction of inaccurate personal information

• Right to opt-out: Opt out of the sale or sharing of personal information (we do not sell your information)

• Right to limit: Limit use and disclosure of sensitive personal information

• Right to non-discrimination: Exercise your rights without discrimination

To exercise these rights, contact us through our support page. We will verify your identity and respond within 45 days (or as required by law).

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

• Right of access: Obtain confirmation of whether we process your data and access to that data

• Right to rectification: Correct inaccurate or incomplete data

• Right to erasure ('right to be forgotten'): Request deletion of your data under certain circumstances

• Right to restrict processing: Limit how we process your data

• Right to data portability: Receive your data in a structured, machine-readable format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent where processing is based on consent

• Right to lodge a complaint: File a complaint with your local supervisory authority

To exercise these rights, contact us through our support page. We will respond within one month (or as required by law).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new 'Last updated' date

• Sending an email notification to the email address associated with your account

• Displaying a prominent notice on our service

Your continued use of PMHub.io after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through our support page.

Data Controller: Flint & Steel Ventures, LLC

We are committed to addressing your privacy concerns and will respond to all inquiries within 2 business days.

This Privacy Policy is governed by the laws of the United States and the State of Georgia, without regard to conflict of law principles. Any disputes arising from this policy shall be resolved in accordance with our Terms of Use.

If any provision of this Privacy Policy is held to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect.