Privacy Policy

Last updated: May 19, 2026

1. Introduction

Welcome to Release Cadence ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, password)
  • Organization and team information
  • Project data, features, and roadmaps you create
  • Survey responses and feedback data collected through your surveys
  • Payment information (processed securely through Stripe)
  • Communications with our support team

2.2 Information We Collect Automatically

  • Usage data (features used, pages visited, time spent)
  • Device information (browser type, operating system, IP address)
  • Cookies and similar tracking technologies
  • Log data (access times, error logs)

2.3 Information from Atlassian Integration

If you connect Release Cadence to your Atlassian Jira or Confluence instance using our Forge app, we process the following data to provide the integration:

  • Confluence page IDs and Jira issue keys — used to link your Atlassian content to Release Cadence projects and features
  • Your Release Cadence API key — stored in Atlassian's encrypted Forge Key-Value Store on your Atlassian site; never transmitted to Release Cadence servers in plain text
  • Your Release Cadence platform URL — stored alongside the API key in Forge KVS to identify your account

The Forge app does not transmit Atlassian user personal data (names, email addresses, account IDs) to Release Cadence servers. Only structural identifiers (page IDs, issue keys) are sent to resolve which Release Cadence project or feature corresponds to a given Atlassian item.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process your transactions and manage your account
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Information Sharing and Disclosure

We may share your information with:

  • Sub-processors: Third-party services we use to operate the platform (see Section 4.1 below)
  • Team Members: Other users in your organization as permitted by your account settings
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

4.1 Sub-processors

We use the following third-party services to operate Release Cadence. Each sub-processor has been evaluated for data protection compliance and is bound by appropriate data processing agreements.

Provider Purpose Location
Supabase Database hosting and authentication United States
Amazon Web Services (AWS) Backend application hosting (ECS, us-east-1) United States
Netlify Frontend application and marketing website hosting United States
Stripe Payment processing and billing United States
Atlassian Forge platform (Atlassian integration components and KVS storage) Varies by Atlassian region

5. Our Role as a Data Processor

When you use Release Cadence to collect feedback from your customers through surveys, you are the data controller for that feedback data. Release Cadence acts as a data processor, processing that data on your behalf and according to your instructions.

As a data processor, we:

  • Process your customers' survey responses only to provide the Release Cadence service to you
  • Do not use survey response data for our own purposes or share it with third parties beyond our sub-processors
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to data subject rights requests from your customers
  • Notify you of any data breaches affecting your data without undue delay
  • Delete your customers' data upon your instruction or at termination of your account

Business customers who require a formal Data Processing Agreement (DPA) for GDPR compliance may request one at legal@releasecadence.dev. Our DPA template is also available at releasecadence.dev/dpa.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Encryption of data in transit (TLS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure data storage with reputable cloud providers
  • API key storage in encrypted, access-controlled storage

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this policy. When you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or regulatory purposes.

Survey response data collected on behalf of your organization is retained for the duration of your subscription. Upon account termination, survey response data is deleted within 90 days.

8. Your Rights

Under applicable data protection law, you have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Object to or restrict processing of your data
  • Export your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@releasecadence.dev. We will respond within 30 days.

9. Email Communications

We may send you the following types of emails:

9.1 Transactional emails (cannot be disabled)

  • Account security alerts (password changes, suspicious login attempts)
  • Billing notifications (payment receipts, failed payments, subscription changes)
  • Service-critical notices (data processing, legal updates)

9.2 Marketing and product emails (opt-out available)

  • Product updates & new features — Announcements about new Release Cadence features and improvements
  • Tips & best practices — Onboarding guidance and usage tips
  • Weekly activity digest — A summary of project and survey activity
  • Survey response alerts — Notifications when your surveys receive responses
  • Promotional offers — Special deals and plan upgrade offers

You can manage your email preferences at any time from Account Settings → Email Notifications. Every marketing email also includes an unsubscribe link. We honor opt-out requests promptly (within 10 business days as required by CAN-SPAM, and immediately where technically feasible).

For users in the European Economic Area, we rely on legitimate interest as the legal basis for product-related emails, and on consent for promotional emails. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

10. Cookies and Tracking

We use cookies and similar tracking technologies to collect and track information about your use of our service. You can control cookies through your browser settings, but disabling cookies may affect your ability to use certain features.

11. Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services (such as Atlassian Jira and Confluence). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. International Data Transfers

Release Cadence is operated from the United States. Our primary infrastructure (database, backend, frontend) is hosted in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, your personal data is transferred to the United States under appropriate safeguards, including Standard Contractual Clauses where required.

13. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our service after such changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

Privacy inquiries: privacy@releasecadence.dev

Legal and DPA requests: legal@releasecadence.dev

Support: Contact Form