Scrumpy

Who we are

Scrumpy is a scrum board and sprint planning tool. The data controller is Jeroen van Dijk, operating as a sole trader based in the Netherlands. You can reach us at support@scrumpy.it.

What data we collect, why, and our legal basis

Account data Legal basis: contract performance (Art. 6(1)(b))

When you register, we store your name and email address. This is required to provide the service and send you transactional emails (password resets, sprint notifications, and similar).

Content data Legal basis: contract performance (Art. 6(1)(b))

Stories, sprints, epics, comments, and other content you create is stored to provide the service. You own your data and can export or delete it at any time.

Billing data Legal basis: contract performance (Art. 6(1)(b))

Payment processing is handled entirely by Lemon Squeezy, who acts as the Merchant of Record. We never see or store your card details. Lemon Squeezy's own privacy policy applies to payment data.

Security and fraud prevention Legal basis: legitimate interests (Art. 6(1)(f))

We log authentication events and rate-limit requests to protect accounts and the service from abuse. We do not use any analytics tools, advertising networks, or third-party tracking. We do not sell or share your data with third parties for marketing purposes.

Cookies

We use only strictly necessary cookies. These do not require consent under the ePrivacy Directive. No tracking or advertising cookies are set.

Cookie	Purpose	Duration
session	Keeps you logged in	Session / 2 hours
XSRF-TOKEN	Protects against cross-site request forgery	Session
appearance	Remembers your light/dark mode preference	1 year
cookie_consent	Remembers that you acknowledged this cookie notice	1 year

Data processors

We use the following third-party processors to operate the service. Each has been selected for EU data residency or adequate data protection guarantees.

Processor	Purpose	Data location
Hosting provider	Application servers and database	European Union
Lemon Squeezy	Payment processing (Merchant of Record)	United States (Standard Contractual Clauses)

Data storage and security

Your data is stored on servers within the European Union. All connections are encrypted via HTTPS. We use industry-standard security practices including encrypted passwords, CSRF protection, and optional two-factor authentication.

Data retention and deletion

We keep your data for as long as your account is active. You can export all your data at any time from the Organization settings. If you delete your account or organization, your data is permanently removed within 30 days.

Your rights (GDPR)

If you are in the European Economic Area, you have the following rights regarding your personal data:

Right of access — request a copy of the data we hold about you
Right to rectification — ask us to correct inaccurate data
Right to erasure — request deletion of your data
Right to data portability — receive your data in a machine-readable format (use the JSON export in Organization settings)
Right to object — object to processing based on legitimate interests
Right to lodge a complaint — you can file a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens

To exercise any of these rights, email support@scrumpy.it and we will respond within 30 days.

Changes to this policy

If we make significant changes to this policy, we will notify active users by email before the changes take effect.

Contact

Questions about this policy? Email support@scrumpy.it.

Privacy Policy