Privacy Policy

Who we are

How We Win ("we", "us") operates the How We Win service and is responsible for your personal data in connection with that service.

Information we collect

We collect information you provide when you register and use the service:

• Account details: email address, name, and password (stored in encrypted form).
• Profile and preferences: display name, job title, bio, timezone, and notification preferences.
• Content you create: goals, tasks, weekly focus, standup notes, team memberships, and related data.

We also collect technical and usage data necessary to run and improve the product (e.g. log data and errors). We do not use third-party analytics.

How we use it

We use your information to provide, secure, and improve How We Win; to communicate with you about the service (e.g. verification emails, product updates); and as described in this policy. Where applicable law requires a legal basis (e.g. under GDPR), we process your data on the basis of performing our contract with you, our legitimate interests in operating and improving the service, and your consent where we ask for it.

Who we share it with

We do not sell your personal data. We share it only with service providers that help us run How We Win, under strict obligations to protect your data:

• Hosting (DigitalOcean): our app and database run on servers in the EU.
• Email (Resend): to send verification emails, password resets, and transactional messages.
• Payments (Stripe): when you subscribe or pay, payment data is processed by Stripe in accordance with their privacy policy.
• Logs: we keep application and infrastructure logs on systems we operate to run and debug the service; logs may contain identifiers such as user ID or IP.

Where your data is stored

Our primary systems (application and database) are hosted with DigitalOcean in the European Union. Some of the third-party services above may process data in other regions; we choose providers that offer appropriate safeguards where required (e.g. for international transfers).

Data retention

We retain your data while your account is active. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we must keep it for legal, security, or dispute-resolution purposes. Data may remain in backup systems for a limited period after deletion before being overwritten.

Cookies and similar technologies

We use strictly necessary cookies (or similar technologies) to keep you logged in and to operate the service. We do not use advertising or third-party tracking cookies.

Your rights

You can access, update, or delete your account and much of your data directly in the app (e.g. profile settings, account deletion). You can also contact us for help with any of the following:

• Access to the personal data we hold about you
• Correction of inaccurate data
• Deletion of your data (subject to legal exceptions)
• Export of your data in a portable format

If you are in the European Economic Area or the UK, you also have the right to object to or restrict certain processing, to data portability, and to lodge a complaint with your local data protection authority. We will respond to requests in accordance with applicable law.

Children

How We Win is intended for general use. We do not knowingly collect personal data from children under 13. In some jurisdictions (e.g. certain EU countries), users under 16 may need parental or guardian consent before using the service; we encourage parents to be involved in their children's use of online services.

Contact

For privacy-related questions or to exercise your rights, contact us at [email protected].