Privacy Policy

Last updated: February 13, 2026

1. Introduction

Welcome to Caramelo Board. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our kanban board application.

Caramelo Board is operated by Codevantage s.r.o., a company registered in the Czech Republic. As a company based in the European Union, we are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Codevantage s.r.o.

Czech Republic

Email: support@carameloboard.com

3. Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Email address (required for account creation and communication)
  • Name (to personalize your experience)
  • Password (stored securely using industry-standard hashing)
  • Profile picture (optional)
  • Timezone preferences

Payment Information

  • Billing name and address
  • Payment card details (processed securely by Stripe; we do not store full card numbers)
  • Transaction history

Usage Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Error logs and performance data

Content You Create

  • Workspaces, boards, lists, and cards
  • Comments and attachments
  • Any other content you add to the platform

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the service: To create and manage your account, enable collaboration features, and deliver the kanban board functionality
  • Communication: To send transactional emails (account verification, password reset), service updates, and respond to support requests
  • Payment processing: To process subscriptions and payments through our payment provider
  • Improvement: To analyze usage patterns, fix bugs, and improve our service
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal compliance: To comply with applicable laws and regulations

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide you with our service as agreed in our Terms of Service
  • Legitimate interests: Processing for our legitimate business interests, such as improving our service, preventing fraud, and ensuring security
  • Legal obligation: Processing required to comply with applicable laws
  • Consent: Where required, we will ask for your explicit consent (e.g., for marketing communications)

6. Third-Party Services

We use the following third-party services to operate Caramelo Board:

Hetzner

Cloud infrastructure provider hosting our servers in the European Union.

Data processed: All application data

Amazon Web Services (AWS)

Used for email delivery (SES) and file storage (S3) within the EU region.

Data processed: Email addresses, uploaded files

Stripe

Payment processing platform. Stripe is PCI-DSS compliant and handles all payment card data.

Data processed: Payment information, billing details

Privacy policy: stripe.com/privacy

Sentry

Error tracking and performance monitoring to help us identify and fix issues.

Data processed: Error logs, device information, IP addresses

Privacy policy: sentry.io/privacy

7. Data Storage and International Transfers

Your data is primarily stored on servers located in the European Union. We have chosen EU-based infrastructure to ensure your data benefits from strong European data protection standards.

Some of our third-party service providers may process data outside the EU. In such cases, we ensure appropriate safeguards are in place, such as:

  • EU-approved Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

8. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy.

  • Active accounts: Data is retained while your account is active
  • After account deletion: We retain your data for 90 days after account deletion to allow for account recovery and to comply with legal obligations
  • Backup data: May be retained in backups for up to 90 days after deletion from primary systems
  • Legal requirements: Some data may be retained longer if required by law (e.g., financial records)

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@carameloboard.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

10. Cookies

We use cookies and similar technologies to:

  • Essential cookies: Required for the application to function (authentication, security)
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Understand how you use our service to improve it

You can control cookie settings through your browser. Note that disabling essential cookies may prevent you from using certain features of our service.

11. Children's Privacy

Caramelo Board is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at support@carameloboard.com, and we will take steps to delete such information.

12. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication

While we strive to protect your data, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your login credentials confidential.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: support@carameloboard.com

Company: Codevantage s.r.o.

Location: Czech Republic