1. Introduction

PlanCoo ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

We strive to respect privacy laws relevant to our users, including principles from the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

PlanCoo is the data controller for personal information processed through our service.

• Address: Brakehaugen 12, 5221 Nesttun, Norway
• Email: [email protected]

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email, company, job title, profile picture
• Project Data: Tasks, timelines, comments, files you upload
• Payment Information: Processed by LemonSqueezy (our payment processor)

3.2 Information Collected Automatically

• Usage Data: How you interact with our service
• Device Information: IP address, browser type, device type
• Cookies & Similar Technologies: For authentication, preferences, and analytics

3.3 Information from Third Parties

• Authentication data when you log in with Google, Microsoft, etc.
• Integration data from connected services

4. Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract Performance: To provide our service to you
• Legitimate Interests: To improve our service, for security, and business operations
• Consent: For marketing communications (where applicable)
• Legal Obligations: To comply with applicable laws

5. How We Use Your Information

• To provide and maintain our service
• To process payments and manage subscriptions
• To improve and personalize the user experience
• To communicate with you about service updates
• To protect our service and prevent abuse
• To analyze usage patterns and improve features

6. Data Sharing

6.1 Service Providers

We share data with trusted third parties who help us operate our service:

• Microsoft Azure: For hosting and data storage
• Firebase: For authentication and user management
• LemonSqueezy: For payment processing
• Analytics Services: For service improvement

6.2 Legal Requirements

We may disclose information when required by law or to protect rights and safety.

6.3 Business Transfers

If we're involved in a merger or acquisition, your data may be transferred.

7. International Data Transfers

Your data is stored in multiple Microsoft Azure regions:

• Application components and file storage: West Europe (Netherlands)
• Database: East US (Virginia)
• Authentication: Firebase (Google Cloud)
• Payments: LemonSqueezy

This means personal data is transferred from the EU/EEA to the United States. For such transfers, we rely on the European Commission's Standard Contractual Clauses and additional safeguards implemented by Microsoft Azure, ensuring appropriate protection in compliance with GDPR requirements.

Microsoft Azure's compliance documentation is available at: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr

8. Data Security

We implement reasonable security measures including:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

9. Data Retention

We retain your personal data only as long as necessary to provide our service and fulfill the purposes outlined in this policy, unless longer retention is required by law.

10. Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (with certain limitations)
• Object to or restrict certain processing
• Data portability
• Withdraw consent
• Lodge a complaint with a supervisory authority

10.1 California Residents

California residents have additional rights under the CCPA/CPRA. We do not sell personal information as defined by the CCPA.

11. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember preferences
• Collect usage information
• Improve our service

You can manage cookie preferences through your browser settings.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy. We'll notify you of significant changes through the service or via email.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights:

• Email: [email protected]
• Address: Brakehaugen 12, 5221 Nesttun, Norway

If you're unsatisfied with our response, you may contact the Norwegian Data Protection Authority (Datatilsynet).

Last updated: March 24, 2025