Sharing to Private Channels
To share summaries to private channels, you need to invite the SprintPulse bot to those channels first.
Step 1: Find the SprintPulse app
In Slack, look for SprintPulse in the Apps section of your sidebar. If you don't see it, click Add apps and search for "SprintPulse".
Step 2: Invite to private channel
Open the private channel you want to share to, then either:
- Type
/invite @SprintPulse - Or click the channel name → Integrations → Add apps
Once invited, the private channel will appear in the channel list when sharing summaries.
Privacy Policy
Last updated: 13 January 2026
1. Introduction
Eloquent Bytes ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use SprintPulse, our retrospective board service.
We comply with the General Data Protection Regulation (GDPR) and Finnish data protection legislation. By using SprintPulse, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
Eloquent Bytes is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:
Eloquent Bytes
Email: [email protected]
3. Information We Collect
3.1 Information You Provide
We collect information you voluntarily provide when using SprintPulse:
- Account information: Name, email address, and password when you register
- Profile information: Profile picture (if uploaded or obtained via Google OAuth)
- Board content: Feedback items, comments, votes, and action items you create
- Communications: Messages you send to us for support or enquiries
3.2 Information Collected Automatically
When you access SprintPulse, we automatically collect certain information:
- Log data: IP address, browser type, operating system, referring URLs, and access times
- Device information: Device type, unique device identifiers, and screen resolution
- Usage data: Pages visited, features used, and interactions with the service
- Cookies: See Section 8 for details on our cookie usage
3.3 Information from Third Parties
If you choose to sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We only access the information you authorise Google to share.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
- Contract performance (Article 6(1)(b)): Processing necessary to provide the SprintPulse service, including account management, board functionality, and user support.
- Legitimate interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving the service, ensuring security, and preventing fraud, where these interests are not overridden by your rights.
- Consent (Article 6(1)(a)): Where we rely on your consent, such as for optional marketing communications. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements, such as tax and accounting obligations.
5. How We Use Your Information
We use your personal data for the following purposes:
- Providing, maintaining, and improving the SprintPulse service
- Creating and managing your account
- Enabling collaboration features such as real-time updates and board sharing
- Processing board invitations and team memberships
- Sending service-related communications (e.g., password resets, security alerts)
- Responding to your enquiries and providing customer support
- Analysing usage patterns to improve user experience
- Detecting, preventing, and addressing technical issues and security threats
- Complying with legal obligations
6. Information Sharing and Disclosure
We do not sell your personal data. We may share your information in the following circumstances:
6.1 With Other Users
When you participate in a board, your name, profile picture, and contributions (feedback, comments, votes) are visible to other board members. Board owners can see the email addresses of invited members.
6.2 Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
- Cloud hosting and infrastructure (hosted within the EU)
- Email delivery services
- Analytics services
- Customer support tools
These providers are contractually bound to protect your data and may only use it for the specific services they provide to us.
6.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and your options.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations
- Board content: Retained while the board exists; deleted when the board is permanently deleted
- Log data: Typically retained for up to 90 days for security and troubleshooting purposes
- Backup data: May be retained for up to 30 days after deletion from production systems
When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.
8. Cookies and Tracking Technologies
SprintPulse uses cookies and similar technologies to provide and improve our service:
8.1 Essential Cookies
These cookies are necessary for the service to function and cannot be disabled. They include:
- Session cookies to keep you logged in
- Security cookies to prevent cross-site request forgery
- Preference cookies to remember your settings
8.2 Analytics Cookies
We may use analytics cookies to understand how users interact with SprintPulse. These help us improve the service but are not essential for its operation.
8.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of SprintPulse.
9. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access (Article 15): You can request a copy of the personal data we hold about you.
- Right to rectification (Article 16): You can request correction of inaccurate or incomplete personal data.
- Right to erasure (Article 17): You can request deletion of your personal data in certain circumstances ("right to be forgotten").
- Right to restriction (Article 18): You can request that we limit the processing of your personal data in certain circumstances.
- Right to data portability (Article 20): You can request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by the GDPR.
You also have the right to lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): https://tietosuoja.fi/en
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Regular security assessments and updates
- Access controls and authentication mechanisms
- Secure password hashing
- Regular backups with encrypted storage
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. International Data Transfers
SprintPulse is hosted within the European Union, and we process and store your data within the EU/EEA. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally approved transfer mechanisms
12. Children's Privacy
SprintPulse is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: