Privacy Policy

1. Introduction

This Privacy Policy explains how Orble Ltd ("we," "us," or "our"), a company registered in England and Wales (Company Number: 15619520), collects, uses, discloses, and protects your personal information when you use our BotBot service available at backontrack.bot ("Service"). We are committed to protecting your privacy and handling your personal data transparently and securely.

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. This policy should be read in conjunction with our Terms of Service.

2. Data Controller Information

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Orble Ltd is the data controller of your personal information.

3. Information We Collect

3.1 Personal Information You Provide

We collect the following personal information that you voluntarily provide to us:

• Account Information: Email address, name, company domain
• Billing Information: Payment details processed through Stripe (we do not store full payment card details)
• Communication Data: Information you provide when contacting our support team
• Profile Information: Workspace settings, user preferences, and account configurations

3.2 Information Collected from Third-Party Integrations

When you connect third-party services to BotBot, we may collect:

• Slack: Messages, channel information, user profiles, workspace data
• Jira: Issue data, project information, user activity, ticket details
• Notion: Page content, database entries, workspace structure
• Google Docs: Document content, sharing settings, revision history

3.3 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage Data: Pages visited, features used, time spent, click patterns
• Technical Data: IP address, browser type, device information, operating system
• Log Data: Server logs, error messages, performance metrics
• Cookies and Tracking: See our Cookie Policy section below

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we rely on the following legal bases to process your personal data:

4.1 Contractual Necessity

We process your account and billing information to provide our Service to you and fulfill our contractual obligations under our Terms of Service.

4.2 Legitimate Interests

We process usage data and technical information for our legitimate interests in:

• Improving and optimizing our Service
• Ensuring security and preventing fraud
• Analyzing service performance and user experience
• Developing new features and functionality

4.3 Consent

We process data from third-party integrations based on your explicit consent when you authorize these connections. You can withdraw this consent at any time.

4.4 Legal Obligation

We may process your data to comply with legal obligations, such as tax reporting, regulatory compliance, or responding to lawful requests from authorities.

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 Service Provision

• Creating and managing your account
• Processing payments and billing
• Providing project tracking and management features
• Facilitating integrations with third-party services
• Delivering customer support

5.2 Service Improvement

• Analyzing usage patterns to improve functionality
• Monitoring service performance and reliability
• Developing new features and capabilities
• Conducting research and analytics

5.3 Security and Compliance

• Detecting and preventing fraud or security threats
• Ensuring compliance with legal obligations
• Protecting the rights and safety of our users
• Maintaining system security and integrity

5.4 Communication

• Sending service-related notifications
• Responding to your inquiries and support requests
• Providing important updates about our Service
• Sending billing and account information

6. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

6.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Stripe: Payment processing (governed by Stripe's privacy policy)
• Render: Cloud hosting and infrastructure services
• Email Services: Transactional and support email delivery
• Analytics Providers: Service performance and usage analytics

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory investigations
• Protecting our rights, property, or safety
• Protecting the rights, property, or safety of our users

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change in ownership.

6.4 Workspace Members

Information within your workspace may be visible to other authorized members of your organization who have access to the same workspace.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Adequacy decisions for countries deemed to provide adequate protection
• Other appropriate safeguards as required by UK data protection law

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

8.1 Account Data

We retain your account information for as long as your account remains active. After account deletion, we may retain certain information for up to 7 years for legal and regulatory compliance purposes.

8.2 Usage Data

We typically retain usage and analytics data for up to 2 years to improve our Service and understand user behavior patterns.

8.3 Financial Records

We retain billing and payment information for up to 7 years as required by UK tax and accounting regulations.

8.4 Support Communications

We retain support communications for up to 3 years to improve our customer service and resolve any ongoing issues.

9. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request access to your personal data and receive information about how we process it.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the original purpose.

9.4 Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

9.8 Exercising Your Rights

To exercise any of these rights, please contact us at support@backontrack.bot. We will respond to your request within one month unless the request is complex, in which case we may extend this period by up to two additional months.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

10.1 Technical Safeguards

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Network security and firewall protection

10.2 Organizational Measures

• Limited access to personal data on a need-to-know basis
• Regular staff training on data protection
• Data protection policies and procedures
• Incident response and breach notification procedures

10.3 Third-Party Security

We require our service providers to implement appropriate security measures and only process your data in accordance with our instructions.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience with our Service:

11.1 Essential Cookies

These cookies are necessary for the Service to function properly, including authentication, security, and basic functionality.

11.2 Performance Cookies

These cookies help us understand how users interact with our Service, allowing us to improve performance and user experience.

11.3 Functional Cookies

These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.

11.4 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

12. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to remove that information from our servers.

13. Privacy Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if you have an account with us
• Post a notice on our website
• For significant changes, provide at least 30 days' advance notice

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Complaints and Regulatory Contact

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: