Privacy Policy
Last updated: January 1, 2025
1. Overview
Ketchup Bot ("we", "our", or "us") provides an asynchronous standup bot service for Discord and Slack. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and being transparent about our data practices.
By using Ketchup Bot, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the Service.
2. Information We Collect
We collect information in the following categories:
Account & Platform Identifiers
- Discord or Slack user IDs
- Server/workspace IDs and names
- Channel IDs where the bot operates
- OAuth tokens (encrypted) for bot functionality
User-Generated Content
- Standup responses (what you did, what you're doing, blockers)
- Team names and configurations
- Reminder and digest schedule preferences
Technical & Usage Data
- Feature usage analytics (which commands are used)
- Error logs for debugging and service improvement
- Timestamp data for standup submissions
Billing Information (Paid Plans Only)
- Payment processing is handled by our third-party provider (Polar)
- We store subscription status and plan type
- We do not store credit card numbers or full payment details
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data under the following legal bases:
- Contract: Processing necessary to provide the standup service you requested.
- Legitimate Interest: Improving our service, preventing abuse, and ensuring security.
- Consent: Where required, such as for optional analytics or marketing communications.
- Legal Obligation: Compliance with applicable laws and regulations.
4. How We Use Your Information
- To provide and maintain the standup bot service
- To send standup reminders at your configured times
- To compile and deliver digest summaries to your team channels
- To process and display standup submissions to your team members
- To manage your subscription and billing
- To improve and optimize the service based on usage patterns
- To communicate important service updates
- To prevent abuse and ensure platform security
- To respond to support requests
5. Data Sharing
We do not sell your personal information. We only share data in the following circumstances:
- With Your Team: Standup responses are shared with members of your configured team—this is the core function of the service.
- Service Providers: We use trusted third parties for hosting (Railway), database (PostgreSQL), and payment processing (Polar). These providers are contractually obligated to protect your data.
- Legal Requirements: We may disclose information if required by law, court order, or to protect our rights and safety.
- Business Transfers: In the event of a merger or acquisition, user data may be transferred with notice provided.
6. Data Retention
We retain your data for specific periods based on the type of information:
| Data Type | Retention Period |
|---|---|
| Standup responses | 90 days, or until team deletion |
| Team configurations | Until team/workspace deletion |
| OAuth tokens | Until bot is removed from workspace |
| Billing records | 7 years (legal requirement) |
| Error logs | 30 days |
You may request earlier deletion of your data at any time by contacting us.
7. Data Security
We implement industry-standard security measures to protect your data:
- OAuth tokens are encrypted at rest using AES-256 encryption
- All data is transmitted over HTTPS/TLS
- Database access is restricted and monitored
- Regular security updates and vulnerability patching
- Access controls limiting employee access to user data
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights (GDPR)
If you are in the EEA, UK, or similar jurisdiction, you have the following rights:
Right to Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate personal data
Right to Erasure
Request deletion of your data
Right to Portability
Export your data in a portable format
Right to Restrict
Limit how we process your data
Right to Object
Object to certain data processing
To exercise these rights, contact us at support@ketchupbot.com. We will respond within 30 days.
9. California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the CCPA and CPRA:
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Correct: Correct inaccurate personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
We do not sell or share personal information as defined by the CCPA/CPRA. Therefore, we do not offer an opt-out for sales.
To submit a request, email support@ketchupbot.com or use the bot's support commands. We will verify your identity and respond within 45 days.
10. International Data Transfers
Our servers are located in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.
11. Children's Privacy
Ketchup Bot is not intended for use by individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@ketchupbot.com.
12. Third-Party Platforms
Ketchup Bot operates on Discord and Slack. Your use of these platforms is governed by their respective privacy policies:
We request only the minimum permissions necessary to provide the standup service. We do not access messages outside of direct bot interactions.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting a notice through the bot or updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions about this Privacy Policy, to exercise your privacy rights, or to submit a complaint, contact us at:
Ketchup Bot
Email: support@ketchupbot.com
We aim to respond to all privacy-related inquiries within 30 days. If you are in the EU and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.