The short version: We collect what we need to run the product — your email, license key, and usage metadata. We do not sell your data. Board data from your agile tools is processed for coaching and not stored. You can delete your account anytime.
Driftless is operated by Eric Reighard ("we," "us," or "our"), a sole proprietorship based in Pennsylvania, United States. This Privacy Policy describes how we collect, use, and protect information when you use the Driftless Chrome extension, website at bedriftless.com, and related services (the "Service").
Questions? Contact us at eric@bedriftless.com.
| Data | When Collected | Why |
|---|---|---|
| First and last name | Account creation | Dashboard personalization |
| Email address | Account creation, beta signup | Account management, license delivery, notifications |
| Password (hashed) | Account creation | Authentication — never stored in plain text |
| License key | Generated on purchase/signup | Access control and usage tracking |
| Anthropic API key | Optional, entered in Settings | Stored locally in Chrome storage only — never transmitted to Driftless servers |
| Team profile data | Onboarding and Settings | AI coaching context — team name, sprint length, maturity level, recurring challenges |
| Feedback form content | When you submit feedback | Product improvement |
| Data | Source | Why |
|---|---|---|
| Tool run logs (tool ID, timestamp, license key) | Every AI tool run | Usage analytics, daily throttle enforcement, billing |
| Coaching journal entries | Auto-saved after tool runs (user-initiated) | Sprint memory and coaching continuity |
| Sprint Health Prediction scores | When prediction is run | Coaching history on dashboard |
| ToS acceptance timestamp and version | Account creation | Legal compliance |
When you open a sprint board in Jira, Rally, or another supported tool, the extension reads the visible content of that page — including ticket IDs, titles, statuses, assignee names, point values, sprint name, and sprint goal. This data is:
Assignee names from your board are sent to Anthropic as part of the coaching analysis. These are real names of real people on your team. We process them solely to provide coaching context.
We do not sell your data. We do not use your data to train AI models. We do not share your data with advertisers.
We share data only with the service providers necessary to operate the product:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Anthropic | AI coaching analysis | Board data, coaching prompts (not stored per Anthropic API policy) | anthropic.com/legal/privacy |
| Supabase | Database and authentication | Account data, license keys, usage logs, journal entries | supabase.com/privacy |
| Stripe | Payment processing | Payment information (Stripe handles directly — we never see card numbers) | stripe.com/privacy |
| Railway | Server hosting | API request data passes through Railway infrastructure | railway.app/legal/privacy |
| Netlify | Website hosting | Web traffic (standard server logs) | netlify.com/privacy |
| Resend | Transactional email | Email address, email content for license/notification emails | resend.com/privacy |
| Formspree | Feedback form processing | Feedback content and email address (if provided) | formspree.io/legal/privacy-policy |
| ImprovMX | Email forwarding | Emails sent to eric@bedriftless.com pass through ImprovMX | improvmx.com/privacy |
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of Driftless, its users, or the public.
| Data Type | Retention |
|---|---|
| Account information | Until account deletion + 30 days |
| Usage logs | Duration of active subscription |
| Journal entries (synced) | Duration of active subscription |
| Journal entries (local) | Until browser data cleared or extension uninstalled |
| Sprint board data | Not retained — processed in memory only |
| ToS acceptance records | Retained indefinitely for legal compliance |
You can view and update your account information at bedriftless.com/dashboard. For data not accessible through the dashboard, contact eric@bedriftless.com.
You can request deletion of your account and associated data by emailing eric@bedriftless.com. We will process deletion requests within 30 days, subject to legal retention requirements. Note that ToS acceptance records are retained for legal compliance and cannot be deleted.
You can unsubscribe from non-essential emails by replying to any email with "unsubscribe" or contacting us directly. Note that transactional emails (license keys, billing notifications) cannot be opted out of while your account is active.
Data stored in Chrome local storage (team profiles, journal, settings) can be cleared at any time by uninstalling the extension or clearing Chrome storage in DevTools.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (we do not sell personal information). To exercise these rights, contact eric@bedriftless.com.
The Driftless website uses minimal tracking. We do not use advertising cookies or third-party tracking pixels. Supabase authentication uses session tokens stored in localStorage. We do not use Google Analytics or similar analytics platforms on the core product.
The Chrome extension does not use cookies. It stores data in chrome.storage.local, which is sandboxed to the extension and not accessible by websites.
The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a minor, we will delete it promptly. Contact eric@bedriftless.com if you believe we have information from a minor.
The Service is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA) or UK and have questions about our legal basis for processing, contact us at eric@bedriftless.com.
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top and notify you by email. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
If you have any questions about this Privacy Policy, your data, or your rights, contact us at:
Driftless
Eric Reighard
Email: eric@bedriftless.com
Website: bedriftless.com