Privacy Policy
Last updated: April 2026
1. Controller
BOTFORCE GmbH
Wienerbergstraße 11/12A, A-1100 Wien, Austria
Email: datenschutz@botforce.at
Phone: +43 664 1213 139
Wienerbergstraße 11/12A, A-1100 Wien, Austria
Email: datenschutz@botforce.at
Phone: +43 664 1213 139
2. Data We Collect
2.1 Account Data
When you sign up, we collect your email address and, if provided via Google SSO, your name and profile picture. This data is necessary to create and manage your account.
2.2 Chart Data
All GANTT chart content you create (task names, dates, responsible persons, remarks) is stored in our database to provide the service. This data belongs to you.
2.3 Usage Data
We collect anonymized usage analytics via Google Analytics 4 (with IP anonymization enabled), including pages visited, feature usage, and session duration. This helps us improve the product.
2.4 Technical Data
Our servers automatically log IP addresses, browser type, operating system, and referring URLs. This data is used for security, debugging, and performance optimization.
2.5 Payment Data
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store credit card numbers. We receive from Stripe: your subscription status, plan type, and billing period. See Stripe's Privacy Policy.
3. Legal Basis (GDPR Art. 6)
We process your data based on:
• Contract performance (Art. 6(1)(b)) — to provide the GANTT360° service
• Consent (Art. 6(1)(a)) — for optional analytics cookies
• Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, product improvement
• Legal obligation (Art. 6(1)(c)) — for tax and accounting records
• Contract performance (Art. 6(1)(b)) — to provide the GANTT360° service
• Consent (Art. 6(1)(a)) — for optional analytics cookies
• Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, product improvement
• Legal obligation (Art. 6(1)(c)) — for tax and accounting records
4. Service Providers (Data Processors)
We use the following third-party services that process data on our behalf:
| Service | Purpose | Location |
|---|---|---|
| Vercel | Website hosting, edge functions | EU (Frankfurt) |
| Supabase | Database, auth, storage | EU (eu-west-1) |
| Google Analytics 4 | Usage analytics (IP anonymized) | EU/US (DPF) |
| Stripe | Payment processing | EU/US (DPF) |
| Resend | Transactional emails | EU (SES eu-west-1) |
| Anthropic (Claude) | AI features: analysis, editing, advisor (opt-in) | US (DPF) |
All US-based providers are certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection for transatlantic data transfers.
5. AI-Powered Features
GANTT360° includes several AI features powered by Anthropic's Claude API: AI Chart Editing, AI Project Analysis, What-If Scenario Analysis, SteerCo Script Generator, and PM Advisor. All AI features are opt-in — data is only sent when you explicitly trigger an action.
Data sent to Anthropic: When you use an AI feature, the following data may be transmitted: chart structure (task names, dates, milestones, dependencies, progress percentages, owner names), your text prompts, and any files you upload (images, PDFs, documents). Your email address and account credentials are never sent.
Data retention by Anthropic: Anthropic does not use API inputs for model training. Data is processed in transit and not retained after the request completes. See Anthropic's Privacy Policy.
Project Notes: The PM Advisor automatically extracts structured facts (deadlines, decisions, risks, action items) from conversations. These "Project Notes" are stored in our database (Supabase, EU) and persist across sessions. Raw emails, uploaded file contents, and full conversation logs are never stored — only the extracted facts. You can delete any note at any time.
6. Cookies
Essential cookies: Supabase auth session cookie — required for login. Cannot be disabled.
Analytics cookies: Google Analytics (_ga, _gid) — only set with your consent. You can withdraw consent at any time via the cookie banner or browser settings.
No advertising or tracking cookies are used.
Analytics cookies: Google Analytics (_ga, _gid) — only set with your consent. You can withdraw consent at any time via the cookie banner or browser settings.
No advertising or tracking cookies are used.
7. Data Retention
• Account data: retained while your account is active, deleted within 30 days of account deletion
• Chart data: retained while your account is active
• Version history: append-only, retained as long as the chart exists
• Analytics data: 26 months (Google Analytics default)
• Payment records: 10 years (Austrian tax law, BAO § 132)
• Server logs: 90 days
• Chart data: retained while your account is active
• Version history: append-only, retained as long as the chart exists
• Analytics data: 26 months (Google Analytics default)
• Payment records: 10 years (Austrian tax law, BAO § 132)
• Server logs: 90 days
8. Your Rights (GDPR Art. 15–22)
You have the right to:
• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Delete your data ("right to be forgotten", Art. 17)
• Restrict processing (Art. 18)
• Data portability — export your charts as .pptx, .pdf, or .png (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time without affecting prior processing
To exercise any right, email datenschutz@botforce.at.
• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Delete your data ("right to be forgotten", Art. 17)
• Restrict processing (Art. 18)
• Data portability — export your charts as .pptx, .pdf, or .png (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time without affecting prior processing
To exercise any right, email datenschutz@botforce.at.
9. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
10. Changes
We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify registered users by email of material changes. The latest version is always available at www.gantt360.com/privacy.