Privacy Policy
Last updated: March 1, 2026
At Project Paced Ltd, we believe project management tools should be visual, streamlined, and respectful of your privacy. This policy explains what information we collect, how we use it, and the controls you have over your data.
1. Who We Are and What This Policy Covers
We are Project Paced Ltd, a company registered in England and Wales (Company Address: International House, 64 Nile Street, London, N1 7SR).
This policy applies to your use of projectpaced.com and app.projectpaced.com. We act as the Data Controller for the personal information you provide to us under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
We only collect information that is strictly necessary to provide our visual timeline and export services.
Information You Provide
- Account Credentials: Your email and password, managed securely via Firebase Authentication. Legal basis: Performance of a contract.
- Project Content: The titles and milestone descriptions you enter to create your timelines. Legal basis: Performance of a contract.
- AI Inputs (Optional): If you use our AI Timeline Builder, we process the project description you provide to generate a draft. Legal basis: Performance of a contract.
- Team Roster Data (Enterprise): If you use our resource allocation features, we store the team member profiles you create, including names, email addresses (if provided), departments, and capacity allocations. This data is entered by you and relates to third parties. Legal basis: Performance of a contract. You are responsible for ensuring you have the right to share this information with us.
- Payment Data: We use Stripe to process payments. We do not store your credit card details; we only receive a confirmation token and a Stripe Customer ID. Legal basis: Performance of a contract.
Information Collected Automatically
- Performance Monitoring (Sentry & Better Stack): We use these tools to fix bugs. To protect your privacy, we have configured full client-side masking — we see that a button was clicked, but we cannot see the text you type or the specific project data you enter. Legal basis: Legitimate interests (service reliability).
- Analytics (Google Analytics): We use Google Analytics to collect anonymised data on how our website and application are used (e.g., page visits, feature adoption, sign-up funnels). This helps us prioritise new features and improve performance. Analytics cookies are set on both projectpaced.com and app.projectpaced.com. Legal basis: Consent (managed via our cookie banner).
- PDF Report Generation (Enterprise): We process your project and team data on-device and server-side to generate downloadable PDF reports. No third-party processor is involved in PDF generation. Legal basis: Performance of a contract.
3. Our Use of Artificial Intelligence (Vertex AI)
Project Paced offers an optional AI-assisted timeline generation tool.
- Privacy by Design: We use the Google Cloud Vertex AI API (Enterprise Tier).
- No Training on Your Data: Under our enterprise agreement, Google does not use the data you submit via the API to train its global AI models. Your project ideas remain your own.
4. Data Sharing & Sub-Processors
We do not sell your data. We only share it with these trusted partners to operate our service:
| Sub-Processor | Purpose |
|---|---|
| Google Cloud | Database hosting (Firestore) and AI processing (Vertex AI) |
| Stripe | Subscription management and PCI-compliant payment processing |
| Vercel | Hosting our web application |
| Sentry | Masked error reporting |
| Better Stack | Masked performance monitoring |
| Resend | Transactional email delivery (contact form, welcome emails) |
All sub-processors are contractually obligated to protect your data and may only use it to provide services to us.
5. Data Retention & Deletion
We believe in keeping your data only as long as necessary. Our retention policies are designed to respect your privacy while complying with legal obligations.
User Content & Account Data
- Active Subscribers: We retain your data for the duration of your subscription plus 30 days after cancellation to allow for accidental cancellations or payment retries.
- Trial Accounts: Data from expired trial accounts is retained for 14 days to give you a chance to upgrade before permanent deletion.
- Immediate Deletion: You can delete your account and all associated data immediately via the Account Settings panel. This action is irreversible.
Financial Records
We are legally required to retain certain financial information even after account deletion:
- HMRC Compliance (UK): Transaction records, invoices, and billing information are retained for 6 years as required by UK tax law.
- Pseudonymization: Upon account deletion, we pseudonymize these financial records to protect your identity while preserving the integrity of our tax records.
- Payment Processors: Stripe retains payment processing records for 7 years in accordance with PCI-DSS compliance and financial regulations.
The Deletion Process
When you request account deletion, our automated systems perform the following actions:
- Content Removal: Immediate deletion of all timelines, milestones, and uploaded files.
- Auth Removal: Deletion of your login credentials (Firebase Authentication).
- Financial Data: Pseudonymization of financial records for tax compliance.
- Stripe: Your customer record in Stripe is marked as deleted.
6. Cookies and Tracking Technologies
We use a small number of cookies and similar technologies to operate and improve our Service. We do not use marketing or advertising cookies. For full details of every cookie we set and how to manage your preferences, see our Cookie Policy.
You can manage your cookie preferences at any time via the cookie banner on our site. Please note that refusing essential cookies will prevent you from logging in to the application.
| Cookie Type | Purpose | Where Used |
|---|---|---|
| Essential (Firebase Auth) | Maintains your login session | app.projectpaced.com |
| Performance (Sentry/Better Stack) | Anonymous, masked error and performance monitoring | app.projectpaced.com |
| Analytics (Google Analytics) | Anonymised usage analytics (e.g., feature adoption, export frequency) | projectpaced.com & app.projectpaced.com |
7. Your Rights (UK GDPR)
As a UK GDPR data subject, you have the right to:
- Access a copy of the personal data we hold about you.
- Rectify any inaccurate or incomplete data.
- Erase your data (Right to Erasure / "Right to be Forgotten").
- Port your data (Right to Portability) — you can export your timelines as CSV or image files at any time from within the app.
- Object to processing based on legitimate interests.
- Restrict processing in certain circumstances.
To exercise any of these rights, please email us at privacy@projectpaced.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK supervisory authority for data protection — at ico.org.uk or by calling 0303 123 1113.
8. Changes to This Policy
We may update this policy occasionally to reflect changes in our app or legal requirements. We will notify you of any significant changes via email or an in-app notification before they take effect.
The current version is always available at projectpaced.com/privacy.
For questions about this policy, contact us at privacy@projectpaced.com.
Project Paced Ltd — International House, 64 Nile Street, London, N1 7SR