1. Who we are
iKanBan ("we", "our", "us") is an open-source Kanban platform operated by Craig Derington. Our primary service is accessible at app.ikanban.org. You can reach us at admin@mg.ikanban.org with any privacy-related questions.
2. Data we collect
We collect only the minimum necessary to provide the service:
- Account data — your email address, display name, and bcrypt-hashed password when you register.
- Board data — boards, columns, cards, checklists, comments, and attachments you create.
- Usage data — timestamps of logins and API key last-use, for security auditing.
- Email notifications — we store your notification preferences (due-date reminders, task completion) so we can send them.
We do not collect payment information directly. If you upgrade to a paid plan, payment is processed by a third-party provider and we receive only a subscription status flag.
3. How we use your data
- To authenticate you and secure your account.
- To operate, maintain, and improve the iKanBan service.
- To send transactional emails you've opted into (due-date reminders, task completion alerts).
- To detect and respond to security incidents (e.g. brute-force login attempts).
We do not use your data for advertising, profiling, or sale to third parties — ever.
4. Cookies and local storage
The iKanBan app uses localStorage (not third-party cookies) to persist your authentication tokens and UI preferences (e.g. dark mode). No tracking or analytics cookies are set. You can clear your browser's local storage at any time to sign out completely.
5. Data sharing
We share your data only with:
- Infrastructure providers — the cloud host and database provider necessary to run the service, under strict data processing terms.
- Email delivery — Mailgun, for transactional notification emails only.
- Law enforcement — if required by a valid legal order.
No marketing partners. No data brokers. No ad networks.
6. Data retention
Your account data is retained for as long as your account is active. If you delete your account, your personal data is permanently removed from our primary database within 30 days. Board content you've shared with an organization may be retained for the organization's records at the owner's discretion.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at admin@mg.ikanban.org and we'll respond within 30 days.
8. Security
Passwords are hashed with bcrypt before storage and never stored in plain text. API keys are also bcrypt-hashed; only the key prefix is stored for lookup. Connections to the app and API are encrypted in transit via TLS. We employ account lockout after repeated failed login attempts.
9. Self-hosted deployments
If you run iKanBan on your own infrastructure (which is fully permitted under the MIT license), this policy does not apply to your deployment. You are responsible for the privacy practices of your own instance.
10. Changes to this policy
We will post any material changes to this page and update the effective date. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
Contact
Questions or concerns? Email admin@mg.ikanban.org.