Kanbello
Kanbello

Privacy Policy

Last updated: November 11, 2025

Kanbello ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform, available at kanbello.ai.

What Information We Collect

We collect only the information necessary to provide and improve our Kanban board and project management services:

  • Account Information: Email address, first name, last name, and password (securely hashed)
  • Profile Information: Optional bio, phone number, job title, and profile avatar (generated via Gravatar)
  • Organization Data: Organization name, member roles, and team structure
  • Project Data: Boards, columns, cards, tasks, descriptions, due dates, labels, and comments you create
  • Collaboration Data: Card assignments, @mentions, reactions, and activity history
  • File Attachments: Files you upload to cards (images, documents, PDFs - max 50MB per file)
  • AI Settings (Optional): If you enable AI features, your encrypted OpenAI or Anthropic API keys

How We Use Your Information

Your data is used solely to provide and improve our project management services:

  • To provide access to your boards, cards, and workspaces
  • To enable real-time collaboration with your team members
  • To send board invitation emails when you invite collaborators
  • To generate AI-powered suggestions (only if you enable AI features with your own API keys)
  • To provide notifications about activity on boards you follow
  • To maintain and improve the security of the platform

Third-Party Services We Use

To power key features of Kanbello, we securely work with the following services:

  • Supabase – Database, authentication, real-time features, and file storage
  • Resend – Transactional email delivery for board invitations
  • Gravatar – Automatic avatar generation based on your email address
  • OpenAI & Anthropic Claude (Optional) – AI features using your own API keys. We do not process your AI requests - they go directly from your browser to the AI provider using keys you provide and control.

These providers process data solely on our behalf under strict data protection agreements.

Cookies and Session Management

We use essential session cookies to keep you logged in and maintain your authentication state. These cookies are:

  • httpOnly – Cannot be accessed by JavaScript (security protection)
  • Secure – Only transmitted over HTTPS
  • Essential – Required for the platform to function

We do not use any third-party tracking cookies, analytics cookies, or advertising cookies.

Data Sharing and Disclosure

We do not sell, rent, or share your personal information with advertisers or marketing partners.

We only share data with the third-party services listed above, and only to the extent necessary to provide our services. Additionally, we may disclose information if required by law or to protect our rights and users' safety.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is transmitted over HTTPS with TLS encryption
  • Password Security: Passwords are hashed using bcrypt before storage
  • Database Security: Row Level Security (RLS) policies ensure users can only access their own data
  • API Key Encryption: Optional AI API keys are encrypted at rest
  • Input Validation: All user inputs are validated and sanitized

Data Control and Deletion

You have full control over your data:

  • You can edit or delete any boards, cards, or content at any time
  • You can update your profile information from your account settings
  • You can leave organizations you're a member of at any time
  • Organization owners can delete their entire organization and all associated data
  • You can request complete account deletion by contacting support

Data Retention

We retain your data as long as your account is active or as needed to provide services. When you delete content, it is permanently removed from our systems. If you delete your account, all associated data will be deleted within 30 days, except where we are required to retain it by law.

Data Location

All data is securely stored on Supabase's infrastructure in US East Coast servers. Your data is backed up regularly and protected with enterprise-grade security measures.

Children's Privacy

Kanbello is intended for users 16 years and older. We do not knowingly collect or solicit personal information from children under 16. If we learn we have collected personal information from a child under 16, we will delete that information as quickly as possible. If you believe we might have any information from a child under 16, please contact us at dinesh@kanbello.ai.

AI Features and API Keys

AI features in Kanbello are entirely optional and require you to provide your own API keys from OpenAI or Anthropic. These keys are:

  • Stored encrypted in our database
  • Never shared with third parties
  • Used only to make API calls on your behalf
  • Can be deleted by you at any time

When you use AI features, your prompts and card data are sent directly to the AI provider (OpenAI or Anthropic) using your API key. We do not log, store, or process the content of these AI interactions. Please review the privacy policies of OpenAI and Anthropic for more information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. We will notify you of material changes via email or through an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about your privacy or this policy, please contact us at dinesh@kanbello.ai