Planning Poker Tool - Privacy & Security

Our customers trust us to keep their data secure and confidential. We take privacy and security seriously and work constantly to ensure that trust is well-founded. The following document applies to https://planning-poker.teamretro.com/ - our free online Planning Poker tool.

Have questions? Feel free to reach out to us at privacy@teamretro.com or security@teamretro.com


Data We Collect and Store

Session Data (Temporary)

  • Planning poker session settings (deck type, timebox, status)
  • Estimation items and their descriptions
  • Individual participant votes and estimates
  • Real-time presence information (who's online/offline)

Participant Information (Temporary)

  • Display name you provide
  • Avatar selection and color preference

Local Storage (Your Device Only)

  • Participant ID for session continuity
  • Your display preferences (name, avatar, color)

How We Handle Your Data

Real-Time Synchronization

  • All session data is synchronized in real-time through Ably LiveObjects
  • Data is transmitted over secure WebSocket connections
  • Each session uses a private channel accessible only to participants

No Permanent Storage

  • Planning poker sessions are ephemeral - data exists only during active sessions
  • No user accounts or long-term data retention
  • Session data is automatically cleaned up after 90 days of inactivity

Data Isolation

  • Each session operates in a completely isolated private channel
  • Session IDs are randomly generated for security
  • Participants cannot access data from other sessions

Third-Party Services

AWS (Static content hosting)

  • Serves static application content

Ably (Real-time Infrastructure)

  • Handles real-time data synchronization, WebSocket connections and temporary data persistence (Ably LiveObjects)
  • Data is transmitted through Ably's secure infrastructure
  • Subject to Ably's privacy policy and security measures

Error Monitoring (Rollbar)

  • Collects technical error information to improve app reliability
  • No personal data is included in error reports
  • Used solely for debugging and performance optimization

Analytics (Plausible)

  • Privacy-focused analytics without personal data collection
  • Tracks general usage patterns to improve the application
  • No cookies or persistent tracking

Your Privacy Rights

Data Control

  • You control what information you share (name, avatar selection)
  • You can leave sessions at any time
  • Local preferences can be cleared through browser settings

No Tracking

  • We don't track you across sessions or websites
  • No persistent user profiles or behavioral tracking
  • Session participation is anonymous by default

Security Measures

Secure Transmission

  • All data is encrypted in transit using industry-standard protocols
  • WebSocket connections use secure authentication
  • Private channels ensure data isolation between sessions

Access Control

  • Sessions require knowledge of the specific session ID to join
  • Participant authentication through secure relay endpoints
  • Automatic session cleanup prevents data accumulation

Data Retention

Session Lifetime + 90 days

  • Data exists only for the duration of planning sessions + 90 days
  • Automatic deletion 90 days following last activity
  • No long-term storage of session content or votes

Local Data

  • Only participant preferences stored locally on your device
  • You can clear this data through browser settings at any time
  • Local data never transmitted to other participants

This privacy-focused approach ensures your estimation sessions remain confidential while enabling seamless real-time collaboration.

Still need help? Contact Us Contact Us