Privacy policy

Who we are

Retrospective Lab is a free platform for sprint retrospectives and agile tools, run by an independent developer. Questions can be sent to privacy@retrospectivelab.com.

What data we collect

We store as little as possible. Concretely:

• Account: email address + hashed password (Supabase Auth). Optionally a display name and avatar URL.
• Board content: the names, columns, cards and comments you put on your boards.
• Session cookie: an HTTP-only cookie from Supabase to keep you signed in.
• Language preference: a cookie (NEXT_LOCALE) to remember your chosen language.

We do not use analytics, advertising cookies or tracking pixels.

Where your data lives

Account and board data are stored on Supabase (Postgres + Auth, EU region). The 48 standalone tools (calculators, generators) keep their data exclusively in your own browser via localStorage — it never leaves your device.

Legal basis

We process account data on the basis of contract performance (Article 6.1.b GDPR) and functional cookies on the basis of legitimate interest (Article 6.1.f GDPR).

Your rights

Under the GDPR you have the right to:

• Access your data — via your profile page or on request by email.
• Correct your data — change name and avatar on /auth/profile/.
• Delete your data — delete your account from your profile page; all boards go with it.
• Export your data — download any board as JSON via the board toolbar.
• File a complaint with the Dutch Data Protection Authority.

Retention

We keep account data for as long as your account exists. If you delete it, the data is fully removed from our systems and backups within 30 days.

Changes

This policy may change. We'll post a banner on the homepage when something relevant changes.