Privacy policy
Last updated: April 5, 2021
The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.
This policy applies to gantt.io
What we collect and why
Our guiding principle is to collect only what we need. Here’s what that means in practice:
Identity & access
When you sign up for Gantt.io, we typically ask for identifying information such as your name, email address.. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We sometimes also give you the option to add a profile picture that displays in our products, but we do not normally look at or access that picture. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission either.
Billing information
When you pay for a Gantt.io, we ask for your credit card and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor stripe.com and doesn't ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number and as-of billing address, for account history, invoicing, and billing support. We store your billing address to calculate VAT in Switzerland, to detect fraudulent credit card transactions, and to print on your invoices.
Geolocation data
We log all access to all accounts by full IP address so that we can always verify no unauthorized access has happened. We keep this login data for as long as your product account is active. We also log full IP addresses used to sign up a product account. We keep this record forever because they are used to mitigate spammy signups.
Website interactions
When you browse our marketing pages or applications, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. These web analytics data are tied to your IP address and user account if applicable and you are signed into our Services.
Cookies and Do Not Track
We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org. At this time, our sites and applications do not respond to Do Not Track beacons sent by browser plugins.
Voluntary correspondence
When you write Gantt.io with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future. We also store any information you volunteer like surveys. Sometimes when we do customer interviews, we may ask for your permission to record the conversation for future reference or use. We only do so if you give your express consent.
Information we do not collect
We don’t collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.
We also do not collect any biometric data. You are given the option to add a picture to your user profile, which could be a real picture of you or a picture of something else that represents you best. We do not extract any information from profile pictures: they are for your use alone.
When we access or share your information
Our default practice is to not access your information. The only times we’ll ever access or share your info are:
To provide products or services you've requested. We do use some third-party services to run our applications and only to the extent necessary process some or all of your personal information via these third parties. You can view the list of third-party services we use in this list:
- Microsoft Azure : Cloud services provider
- Ably: Realtime messaging platform
- Stripe: Payment processing services
- Sendinblue: Transactional email service
- Sentry: Error reporting software
- Mixpanel: Analytics software
- Google Analytics: Analytics software
- Front: Help desk software
- Linkmink : Affiliate tracking and management
- Paypal: Payment transfer service
To help you troubleshoot or squash a software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
To investigate, prevent, or take action regarding restricted uses. Accessing a customer’s account when investigating potential abuse is a measure of last resort. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.
When required under applicable law.
Gantt.io is a venture of AGILIS SERVICES SA, a company located in Switzerland under the registration number CHE-114.781.203. Therefore, the legal framework of Switzerland is applicable in any case of data protection issue or order legal dispute.
Gantt.io uses the above mentioned cloud providers to run its platform and does not necessarily have control over the exact location of the data storage.
Restricted uses
If you have an account with any of our products, you can’t use them for any of the restricted purposes listed below. If we find out you are, we will take action.
Restricted purposes
- Child exploitation, sexualization, or abuse: We don’t tolerate any activities that create, disseminate, or otherwise cause child abuse. Keep away and stop. Just stop.
- Doxing: If you are using Gantt.io products to share other peoples’ private personal information for the purposes of harassment, we don’t want anything to do with you.
- Infringing on intellectual property: You can’t use Gantt.io products to make or disseminate work that uses the intellectual property of others beyond the bounds of fair use.
- Malware or spyware: Code for good, not evil. If you are using our products to make or distribute anything that qualifies as malware or spyware — including remote user surveillance — begone.
- Phishing or otherwise attempting fraud: It is not okay to lie about who you are or who you affiliate with to steal from, extort, or otherwise harm others.
- Spamming: No one wants unsolicited commercial emails. We don’t tolerate folks (including their bots) using Gantt.io products for spamming purposes. If your emails don’t pass muster with CAN-SPAM or any other anti-spam law, it’s not allowed.
- Cybersquatting: We don’t like username extortionists. If you purchase a Gantt.io product account in someone else’s name and then try to sell that account to them, you are cybersquatting. Cybersquatting accounts are subject to immediate cancelation.
- Violence, or threats thereof: If an activity qualifies as violent crime in Switzerland or where you live, you may not use Gantt.io products to plan, perpetrate, or threaten that activity.
We’ve outlined these restrictions to be clear about what we won’t stand for. That said, this list is by no means exhaustive. We will make changes over time.
How to report abuse
See someone using gantt.io for one of the restricted purposes? Let us know by emailing hello@gantt.io and we will investigate. If you’re not 100% sure, report it anyway
Please share as much as you are comfortable with about the account, the content or behavior you are reporting, and how you found it. Sending us a URL or screenshots is super helpful. If you need a secure file transfer, let us know and we will send you a link. We will not disclose your identity to anyone associated with the reported account.
Please share as much as you are comfortable with about the account, the content or behavior you are reporting, and how you found it. Sending us a URL or screenshots is super helpful. If you need a secure file transfer, let us know and we will send you a link. We will not disclose your identity to anyone associated with the reported account.
Your rights with respect to your information
At gantt.io, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. gantt.io recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:
- Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.
- Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. You have the right to request correction of your personal information.
- Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using Gantt.io services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
- Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority. To identify your specific authority or find out more about this right, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.
- Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data.)
- Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
- Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
- Right to Non-Discrimination. This right stems from the CCPA. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right “to be forgotten”) may, by virtue of your exercising those rights, prevent you from using our Services.
Many of these rights can be exercised by signing in and directly updating your account information.
If you have questions about exercising these rights or need assistance, please contact us at hello@gantt.io or at AGILIS SERVICES SA, Place de la Gare 15, 1700 Fribourg, Switzerland. For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.
If you are in the EU, you can identify your specific authority to file a complaint or find out more about GDPR, at https://edpb.europa.eu/about-edpb/board/members_en.
How we secure your data
We protect your data.
All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.
Your data are sent using HTTPS.
Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.
Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.
We protect your billing information.
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network. Gantt.io has never access to your credit card data - this is reserved to our payment provider.
What happens when you delete data in your product accounts
Gantt versions are saved as follows:
- For free accounts, the Gantt version history is removed from the interface if it is older than 7 days, thus, only versions younger than 7 days are conserved.
- For premium accounts, the entire Gantt version history is kept as long as the subscription is maintained.
- Upon cancellation of a premium subscription or non-payment of the subscription, the principles for free accounts are applied.
- If a user deletes his/her account, all Gantts are immediately removed from the user interface.
The following applies to all Gantts:
- The active database always contains the life data of the last 30 days plus the version history for premium users.
- Backup data is conserved for 60 days.
If a user requests the deletion of his/her account, the following applies:
- If no subscription is active, the account is immediately deleted.
- The account data is deleted from the database after 30 days.
- The account data is deleted from backups after 60 days.
Gantt.io does not offer any data restoration request, users are solely responsible for any data they may delete through the user interface.
If a free account is not used for more than 365 days and, the account will be deleted.
Cancellation policy
We want satisfied customers, not hostages. That’s why we make it easy for you to cancel your account directly in gantt.io — no phone calls required, no questions asked.
Account owners can follow these instructions to cancel in-app:
- Go to the Billing page https://app.gantt.io/billing
- Click on "Manage subscription" button.
- Click on "Cancel current subscription" button.
- Confirm the cancelling with click on "Cancel subscription" button in the popup.
Our legal responsibility is to account owners, which means we cannot cancel an account at the request of anyone else. If for whatever reason you no longer know who the account owner is, contact us at hello@gantt.io. We will gladly reach out to any current account owners at the email addresses we have on file.
Location of site and data
Gantt.io uses the above mentioned cloud providers to run its platform and does not necessarily have control over the exact location of the data storage. By using our application, participating in any of our services and/or providing us with your information, you consent to this
When transferring personal data from the EU
The GDPR requires that any data transferred out of the EU must be treated with the same level of protection that the EU privacy laws grant. The privacy laws of Switzerland generally do meet that requirement.
We commit to resolving all complaints
In compliance with the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us at hello@gantt.io or at AGILIS SERVICES SA, Place de la Gare 15, 1700 Fribourg, Switzerland.
Changes & questions
We may update this policy as needed to comply with relevant regulations and reflect any new practices.
Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at hello@gantt.io and we’ll be happy to answer them!