Privacy Policy

Last Updated: November 30, 2024

This Privacy Policy describes how Storyloop collects, uses, and protects your information when you use our service.

1. Information We Collect

Personal Data

We collect the following personal information:

  • Name and Email — Used for account authentication, personalization, and communication about your account or service updates.
  • Azure DevOps Credentials — Personal Access Tokens (PATs) are collected to sync work items from your Azure DevOps organization. These tokens are encrypted using AES-256-GCM before storage.

Work Item Data

When you connect Storyloop to your Azure DevOps organization, we sync and store work item data including titles, descriptions, acceptance criteria, and metadata. This data is used to power the review interface.

Usage Data

We collect information about how you interact with the service, including review votes, session data, and feature usage patterns. This helps us improve the service.

Non-Personal Data

We automatically collect certain technical information through cookies and similar technologies:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and features used
  • Time spent on pages

2. Purpose of Data Collection

We use your data to:

  • Provide and maintain the Storyloop service
  • Authenticate your identity and manage your account
  • Sync work items from Azure DevOps for review
  • Process and store your review votes and feedback
  • Generate AI-powered suggestions for work item improvements
  • Send important notifications about your account or service changes
  • Improve and optimize the service based on usage patterns

3. Third-Party Integrations

Azure DevOps

Storyloop integrates with Azure DevOps to fetch work items for review. Your PAT token is used to authenticate API requests. We only access the permissions necessary to read work items from your configured projects.

Azure OpenAI

When AI suggestions are enabled, work item content may be sent to Azure OpenAI for analysis. This data is processed according to Microsoft's Azure OpenAI data privacy policies.

Authentication Providers

We use OAuth providers (GitHub, Microsoft) for authentication. When you sign in with these providers, we receive basic profile information according to their respective privacy policies.

4. Data Sharing

We do not sell your personal data. We only share data in the following circumstances:

  • With third-party services necessary to provide the Storyloop functionality
  • When required by law or to protect our legal rights
  • With your explicit consent

5. Data Security

We implement industry-standard security measures including:

  • Encryption at Rest — Azure DevOps PAT tokens are encrypted using AES-256-GCM before storage in our database.
  • Encryption in Transit — All data is transmitted over HTTPS/TLS.
  • Access Controls — Database access is restricted to authorized services only.
  • Authentication — We use secure session management via Supabase Auth.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your data at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability

To exercise these rights, please contact us at the address below.

8. Children's Privacy

Storyloop is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through the service. Your continued use of Storyloop after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at support@storyloop.dev.