OperisPM

Privacy Policy

OperisPM — Cloud-Based Project Management

Effective Date: July 1, 2026
Last Updated: July 1, 2026
Version: 1.2-free

This Privacy Policy describes how OperisPM ("OperisPM," "we," "us," or "our"), a business name of ProgTrack, LLC (a limited liability company organized in Texas, USA), collects, uses, and protects personal information when you use the OperisPM platform (the "Service"). By using the Service, you acknowledge the practices described here. OperisPM is currently provided free of charge; we collect no payment information at this time. If this changes in the future, we will update this Policy and provide at least 30 days' advance notice.

1. Information We Collect

Account information: Email address, display name, organization name, password (stored as a one-way hash), preferred language, and timezone.

Customer Data: Project data, tasks, files, comments, and other content you submit to the Service.

Technical information: IP address, browser type, device information, and access timestamps, captured in standard server logs and used for security, abuse prevention, and operational diagnostics.

Usage information: Aggregate, account-level activity counters (e.g., last login timestamp, monthly active user counts) used to operate and improve the Service. We do not maintain detailed individual behavioral profiles.

AI feature submissions: Optional AI-assisted features (such as a meeting-notes-to-tasks helper) are in development. Where and when you choose to use such a feature, the content you submit is sent to our third-party AI providers solely to generate the requested output. We do not use your submissions to train AI models.

What we do not collect: No payment information, no billing addresses, no credit card data, no marketing tracking pixels, no advertising IDs, no third-party analytics with individual user identifiers.

2. How We Use Information

We use the information we collect to:

3. Legal Basis (GDPR/UK GDPR)

Where GDPR or UK GDPR applies, we process personal information on the following bases:

A more detailed mapping of data, purpose, and legal basis is set out in Section 12 for users in the EEA and the UK.

4. Sharing

We do not sell personal information. We share personal information only with:

5. International Transfers

The Service is hosted, processed, and backed up within the European Economic Area (EEA): primary processing is on servers located in Germany, and backups are held within the EEA, in Finland. ProgTrack, LLC administers the Service from the United States; any access from outside the EEA is limited to what is necessary to operate, secure, and support the Service. Because your data is stored and backed up within the EEA, no Chapter V transfer mechanism is required for the core Service. Where a subprocessor operates outside the EEA (for example, an AI provider you choose to use), we rely on standard contractual clauses or another lawful transfer mechanism.

6. Retention

We retain Customer Data for as long as your account is active. If you delete your account, we will delete or anonymize Customer Data on a reasonable schedule consistent with our backup and retention practices, typically within 90 days, except where retention is required by law.

Server logs are typically retained for up to 90 days for security and diagnostic purposes.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. Some of these rights can be exercised directly within the Service:

If you are a member of a workspace and not its Owner, the in-app export and account-deletion tools are reserved to the Owner. You can still exercise your individual rights — including access, correction, and erasure of your personal data — by contacting [email protected]; we will respond within one month. Where your data forms part of a workspace controlled by your organization, we may direct or coordinate your request with that organization as the controller of that content.

Please note that if a workspace Owner deletes their account, all data in that workspace — including personal data of its members — is deleted as part of that action. For any request you cannot complete in-app, contact [email protected]. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We implement reasonable administrative, technical, and physical measures designed to protect personal information, including encrypted connections (TLS), password hashing, server-side input validation, rate limiting, and access controls. No method of transmission or storage is 100% secure; you should choose strong passwords and protect your credentials.

9. Children

The Service is not directed to children under 16. If you believe a child has provided us with personal information, contact [email protected] and we will take appropriate steps.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes (including changes related to the introduction of paid plans), we will give at least 30 days' notice via in-app notice or email.

11. Contact

For privacy questions, contact [email protected].

OperisPM (a business name of ProgTrack, LLC)
Texas, USA
Email: [email protected]

12. Additional Information for Users in the EEA and the UK (GDPR / UK GDPR)

(a) Data Controller & Representative

The controller of your personal data is ProgTrack, LLC, a limited liability company organized in Texas (USA), operating "OperisPM." We have designated, in writing, a representative in the European Union (GDPR Art. 27) and a representative in the United Kingdom (UK GDPR Art. 27) as points of contact for data subjects and supervisory authorities, reachable at [email protected]; we provide each representative's identity and contact details on request to any data subject or supervisory authority. Designating a representative does not constitute an establishment in the EU or the UK (Recital 80 GDPR). We have not appointed a Data Protection Officer, as our processing does not meet the Art. 37 thresholds.

(b) Data, Purposes, and Legal Basis

DataPurposeLegal basis (GDPR / UK GDPR Art. 6)
Account: email, display name, organization name, password (hashed), language, timezoneCreate and operate your account; authenticate you; communicate about your account and the ServiceArt. 6(1)(b) — performance of a contract
Customer Data: projects, tasks, files, comments you submitHost and operate your workspace as you directArt. 6(1)(b) — contract
Technical data: IP address, browser/device, access timestamps (server logs)Security, abuse prevention, troubleshooting, and aggregate, non-individual analyticsArt. 6(1)(f) — legitimate interests
AI feature submissions (only if you use an AI feature, where enabled)Generate the AI output you requestArt. 6(1)(b) — contract (feature you request)

We collect no payment data (the Service is free) and carry out no profiling or automated decision-making producing legal or similarly significant effects.

(c) International Transfers

Your data is stored and processed within the EEA — primary processing in Germany, with backups held within the EEA in Finland — and is not transferred outside the EEA to operate the core Service, so no Chapter V transfer mechanism is required for hosting. If you choose to use an AI feature whose provider operates outside the EEA, that specific transfer is covered by standard contractual clauses or another lawful mechanism.

(d) Your Rights

You have the right to access, rectify, erase ("right to be forgotten"), restrict or object to processing based on legitimate interests, data portability, and to withdraw consent at any time where processing is based on it. You can exercise several of these rights in-app (Section 7); for any other request, email [email protected] or contact our representative, and we will respond within one month. You also have the right to lodge a complaint with your local supervisory authority — in the EEA, your national data protection authority; in the United Kingdom, the Information Commissioner's Office (ICO), ico.org.uk.