Privacy Notice

GiveItPoints

Last updated: March 2026

This privacy notice explains how GiveItPoints collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller for your personal information is:

GiveItPoints, operated by Premier Code, Inc.
Contact: support@giveitpoints.com

2. Data We Collect

We collect the following categories of personal data:

Account Data

Email address — used as your unique identifier and for account login
Display name — how you appear to other team members
Password — stored securely using bcrypt hashing (we never store plaintext passwords)
Account creation date — when you registered
Last activity date — when you last used the application

Team Data

Team memberships and roles (facilitator, member)
Voting history and session participation

Organization Data

Organization memberships and your role within each organization

Support Data

Support tickets you submit and associated comments

Payment Data (via Stripe)

Last 4 digits of your payment method
Billing history and subscription status
Full payment card details are handled exclusively by Stripe and are never stored on our servers

Technical Data

Session cookies and CSRF tokens
IP addresses recorded in admin audit logs

Analytics Data

Page views and usage patterns collected via Google Analytics (only when you have given consent)

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

Legal Basis	Purpose
Contract Performance Art. 6(1)(b)	Account management, team features, voting sessions, subscription services
Legitimate Interest Art. 6(1)(f)	Security and fraud prevention, service improvement, admin audit logging
Consent Art. 6(1)(a)	Analytics cookies (Google Analytics), marketing communications
Legal Obligation Art. 6(1)(c)	Retention of financial and payment records for tax and legal compliance

4. Third-Party Data Processors

We share data with the following third-party processors, each operating under a data processing agreement:

Processor	Purpose	Data Shared
Stripe stripe.com	Payment processing	Email address, subscription data, payment details
Google Analytics analytics.google.com	Website analytics	Anonymized usage data (requires your consent)
Mailgun mailgun.com	Email delivery	Email address, email content
Google reCAPTCHA google.com/recaptcha	Bot protection (when enabled)	IP address, browser data

5. Cookies & Tracking

Cookie / Mechanism	Type	Purpose	Consent Required
Session cookie	Essential	Maintains your authenticated session (12-hour expiry)	No
CSRF token cookie	Essential	Protects against cross-site request forgery attacks	No
Guest token cookie	Essential	Identifies guest users for team participation	No
Google Analytics cookies	Analytics	Collects anonymized page views and usage patterns	Yes — explicit opt-in

Email tracking: We do not track email opens or link clicks. Service emails are delivered via Mailgun without open or click tracking enabled.

6. Data Retention

Data Category	Retention Period
Active accounts	Retained while the account remains active
Inactive accounts	Retained indefinitely until the user requests deletion. You can delete your account at any time from your account settings.
Teams	Retained while the team remains active
Payment records	Retained as required for legal and tax obligations
Admin audit logs	Retained for security and compliance purposes

7. Your Rights (GDPR Articles 15–22)

As a data subject, you have the following rights regarding your personal data:

Right	Description	How to Exercise
Access Art. 15	View all personal data we hold about you	View your data (requires login)
Erasure Art. 17	Delete your account and all associated data, including team memberships, support tickets, notifications, and organization memberships	Delete your account (requires login)
Rectification Art. 16	Correct inaccurate personal data	Update your profile in account settings
Data Portability Art. 20	Download your data in a machine-readable format (JSON)	Download your data (requires login)
Object Art. 21	Object to processing based on legitimate interest	Contact support@giveitpoints.com
Restriction Art. 18	Restrict processing of your data	Contact support@giveitpoints.com
Withdraw Consent Art. 7(3)	Withdraw previously given consent at any time without affecting prior processing	Manage cookie preferences via the consent banner
Lodge a Complaint Art. 77	File a complaint with a supervisory authority if you believe your rights have been violated	Contact your local data protection authority

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Password storage: All passwords are hashed using bcrypt before storage
Jira API token encryption: Tokens are encrypted using AES-256-GCM
Transport security: All data in transit is protected with SSL/TLS encryption
CSRF protection: Cross-site request forgery protection is enabled on all state-changing operations
Access control: Role-based access control restricts data access to authorized users and administrators

9. International Data Transfers

Your data may be processed in the United States by our third-party processors, including Stripe, Google, and Mailgun. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

GiveItPoints is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at support@giveitpoints.com and we will promptly delete the data.

11. Changes to This Notice

We may update this privacy notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this notice periodically.

Last updated: March 2026

12. Data Subject Access Requests

You can exercise most of your rights directly through our self-service tools:

View your data: My Data
Download your data: Download as JSON
Delete your account: Delete Account
Email preferences: Manage Preferences

If you are unable to use the self-service tools or wish to make a formal data subject access request, contact us at support@giveitpoints.com. We will verify your identity and respond to all requests within 30 days as required by GDPR Article 12.

13. Contact & Complaints

If you have questions about this privacy notice or how we handle your personal data, please contact us:

support@giveitpoints.com

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed in violation of applicable data protection laws.

Back to Home