Pricing
Get started

Privacy Policy

Last updated: February 28, 2026

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and how we handle it. We comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Martin Lowinski
Zinzendorfstr. 24
70825 Korntal-Münchingen, Germany
E-Mail: info@keyroles.org

2. Data We Collect

When you use keyroles.org, we may collect the following data:

  • Account data: Name, email address, and password (hashed) when you register.
  • Organization data: Organization name, roles, circles, tensions, proposals, and assignments you create within the platform.
  • Usage data: Pages visited, features used, and session duration for product analytics (via PostHog).
  • Technical data: IP address, browser type, operating system, and device information transmitted automatically by your browser.
  • Communication data: Messages and data exchanged through integrations (e.g., Slack) that you explicitly connect.

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Providing the service: To operate your account and deliver the features you use (Art. 6(1)(b) GDPR — contractual necessity).
  • Product improvement: To understand how the platform is used and to fix bugs (Art. 6(1)(f) GDPR — legitimate interest).
  • Error monitoring: To detect and resolve technical issues using Sentry (Art. 6(1)(f) GDPR — legitimate interest).
  • Transactional emails: To send account-related notifications such as verification and password reset emails (Art. 6(1)(b) GDPR — contractual necessity).

4. Hosting and Data Storage

All application data is stored on servers located in the European Union. Our infrastructure is hosted via European data centers. We do not transfer your personal data outside the EU/EEA unless explicitly stated and with appropriate safeguards in place.

5. Third-Party Services

We use the following third-party services:

  • Vercel (Vercel Inc., USA) — for application hosting and deployment. Subject to their privacy policy. Data processing is governed by the EU-US Data Privacy Framework.
  • PostHog (PostHog Inc.) — for product analytics. We use PostHog's EU-hosted cloud instance. Subject to their privacy policy.
  • Sentry (Functional Software Inc.) — for error tracking and performance monitoring. Subject to their privacy policy.
  • Brevo (Sendinblue SAS, France) — for transactional emails. EU-based. Subject to their privacy policy.
  • Slack (Salesforce Inc., USA) — only when you connect your Slack workspace. Subject to their privacy policy.

6. Cookies

We use a single essential cookie (pb_auth) to maintain your authentication session. This cookie is strictly necessary for the service to function and does not require consent. We do not use advertising or tracking cookies.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. When you delete your account, your personal data will be removed from our systems within 30 days, unless we are required to retain it for legal obligations.

8. Your Rights

Under the GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict processing of your data.
  • Data portability: Request a machine-readable copy of your data.
  • Objection: Object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@keyroles.org. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS), hashed passwords, and access controls. However, no method of transmission over the Internet is 100% secure.

10. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

Featured on Startup Fame Featured on Twelve Tools
Open-Launch Top 2 Daily Winner
© 2024-2026 Martin Lowinski. All rights reserved. Made with and hosted in the European Union. Any feedback is welcome.
Pricing
Blog
Philosophy
Contact
Privacy Policy
Imprint