CEEQ.IT — Privacy Policy

Last updated: 09 September 2025

Who we are (Legal entity)

Strahberger Organisationsentwicklung (sole proprietorship)
Washingtonstrasse 21, 9400 Rorschach, Switzerland
UID/VAT: CHE-225.291.091 • Commercial Register No.: CH-320.1.101.941-8
Operating Name / Brand: “CEEQ.IT”
Contact: privacy@ceeq.it

Roles under GDPR/FADP

• Workspace content (e.g., tasks, comments, sprint data): Customer is Controller, CEEQ.IT is Processor under the DPA.
• Account, billing, website and anti-abuse data: CEEQ.IT is Controller.

Data we process

Information you provide

• Account data (name, business email), workspace content (tasks, comments, sprint records).
• Integrations (e.g., metadata from Jira/Azure DevOps if connected by Customer).

Automatically collected

• Technical telemetry (IP, device/browser, log timestamps) for security/operations.
• Usage analytics (feature usage, performance) — subject to consent where required.

Purposes & legal bases

• Service delivery (contract performance: Art. 6(1)(b) GDPR / legitimate interest: Art. 6(1)(f)).
• Security & fraud prevention (legitimate interest; legal obligations).
• Support & operations (legitimate interest/contract).
• Optional communications/analytics (consent where required).

Controller/Processor workflow (Data subject rights)

For workspace content, please contact your employer (Customer/Controller). We support the Controller in responding to requests (access, deletion, portability) under the DPA. For account/billing/website data controlled by CEEQ.IT, contact privacy@ceeq.it; we respond within 30 days.

International transfers

Primary processing locations are in the EU/EEA and Switzerland. Switzerland benefits from an EU adequacy decision. For transfers to other countries (e.g., US subprocessors), we use the 2021 EU Standard Contractual Clauses plus transfer risk assessments as appropriate.

Sub-processors

We engage vetted sub-processors listed at /legal/subprocessors.html. We will notify Customers of material changes as described there.

Security measures

We maintain appropriate technical and organizational measures (TOMs), including encryption in transit (TLS), encryption at rest, role-based access control, least privilege, logging/monitoring, vulnerability management, backups and incident response. Further details are outlined in the DPA Annex (TOMs).

Retention

• Customer (workspace) data: retained for the subscription term and deleted or returned per Customer’s instructions under the DPA/SLA (incl. backup/archival timelines).
• Account/website data: retained per operational/legal needs; schedules available on request.

Cookies & consent

We use essential cookies for core functionality. Non-essential cookies/analytics are based on your consent where required. Manage preferences via our Cookie Policy and consent tools.

Children’s data

The Service is not directed to children; we do not knowingly process children’s data.

Changes

We may update this Policy; material changes will be announced in-app or by email. The latest version applies.

Imprint/Impressum (DE): impressum