Privacy Policy

Last updated: June 13, 2026

1. Introduction

Venril ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have regarding your information. By using the Service, you agree to the practices described here.

2. Information We Collect

Information you provide directly:

  • Account information: email address, display name, and password (stored hashed) when you register.
  • Profile information: optional display name and avatar image.
  • Project data: workspaces, projects, tasks, comments, and other content you create within the Service.
  • Feedback: bug reports and suggestions you submit through in-app feedback tools.
  • Payment information: processed directly by Stripe; we receive only a customer reference ID and subscription status — never card numbers.
  • Communications: messages sent through our contact form.

Information collected automatically:

  • Usage data: pages visited, features used, and actions taken within the Service.
  • Technical data: IP address, browser type, device information, and timestamps.
  • Cookies and local storage: used for session management and preference storage (e.g. your selected theme).
  • Error and diagnostic data: when the Service encounters an error, technical details about the error (which may include your IP address and browser information) are collected through our error-monitoring provider to help us fix problems.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To authenticate your identity and manage your account.
  • To process billing and subscription management via Stripe.
  • To send transactional emails (account confirmation, password reset, workspace invitations, and notifications such as task assignments — notification emails can be controlled in your settings).
  • To respond to your support requests and contact form submissions.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

We do not sell your personal data to third parties.

4. Third-Party Services

We use the following third-party providers to operate the Service:

  • Supabase — database, authentication, and file storage.
  • Vercel — hosting and deployment.
  • Stripe — payment processing. Governed by Stripe's Privacy Policy.
  • Resend — transactional email delivery.
  • GitHub — optional OAuth integration. Only connected at your explicit request; access tokens are stored encrypted. Governed by GitHub's Privacy Statement.
  • Slack — optional integration. Only connected at your explicit request; access tokens are stored encrypted. Governed by Slack's Privacy Policy.
  • hCaptcha — bot protection on signup and login. Governed by hCaptcha's Privacy Policy.
  • Sentry — error monitoring and diagnostics.
  • AI providers — when you use AI-powered features (such as sprint planning suggestions, task auto-fill, or report digests), content you have entered into the Service (such as item titles and descriptions) may be sent to third-party AI API providers. We do not use your content to train AI models. Content processed by AI features is subject to the privacy policies of the respective AI service providers.

5. Shared Report Links

Workspace members may create shareable, read-only report links. Anyone with such a link can view aggregated workspace analytics (counts, charts, and member display names) for the shared report — task titles, descriptions, and email addresses are never included. Links expire automatically and can be revoked by any workspace member at any time.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service. You may delete your account at any time from your account settings, or by contacting us; deletion removes your profile and personal data from the Service. Certain records may be retained longer where required by law or for legitimate business purposes (e.g. billing records). Content you contributed to shared workspaces (such as tasks and comments) may remain available to the other members of those workspaces.

Content and account data flagged for legal compliance may be retained longer than normal when necessary to satisfy reporting or preservation obligations, as described in Section 4 of our Terms of Service.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: delete your account and personal data directly from account settings, or by request.
  • Portability: request an export of your project data.
  • Objection: object to certain uses of your data.

To exercise any of these rights, contact us through our contact page.

8. Security

We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords, encrypted OAuth tokens, and row-level security policies on our database. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

If you have questions or concerns about this Privacy Policy, please contact us through our contact page.