Privacy & Security

What we collect, where it's stored, and how long it sticks around. Planning Poker is intentionally ephemeral — there's no account, no profile, and no long-term retention of your session content.

What we collect

Session data (temporary)

  • Session settings: deck type, timebox, status
  • Estimation items and their descriptions
  • Individual participant votes and estimates
  • Real-time presence (who's online)

Participant information (temporary)

  • The display name you provide
  • Your avatar selection and colour preference

Local storage (your device only)

  • A participant ID for session continuity
  • Your display preferences (name, avatar, colour)

How session data is handled

Real-time synchronisation

All session data is synchronised in real time via Ably LiveObjects, transmitted over secure WebSocket connections. Each session uses a private channel accessible only to participants who have the room link.

No permanent storage

Planning Poker sessions are ephemeral. There are no user accounts, no long-term profiles, and no retention of your session content beyond the cleanup window. Session data is automatically deleted 90 days after the last activity.

Data isolation

Each session operates in its own private channel keyed by a randomly generated room key. Participants cannot read data from other sessions. Joining a session requires the specific room link.

Third-party services

AWS — static hosting

Serves the static application files (HTML, JavaScript, CSS, images).

Ably — real-time infrastructure

Handles real-time data synchronisation, WebSocket connections, and temporary data persistence (Ably LiveObjects). All session data flows through Ably's secure infrastructure and is subject to Ably's privacy policy.

Rollbar — error monitoring

Collects technical error information so we can fix bugs. No personal data is included in error reports — they contain stack traces, browser metadata, and the kind of context engineers need to reproduce a problem.

Plausible — privacy-focused analytics

Tracks aggregate usage patterns (page views, referrers) without cookies, persistent tracking, or personal data. No cross-site tracking, no behavioural profiles.

Your privacy rights

Data control

  • You choose what to share — your name, avatar, and colour are optional and entirely under your control.
  • You can leave a session at any time.
  • Local preferences can be cleared through your browser's storage settings.

No tracking

  • We don't track you across sessions or across other websites.
  • No persistent user profiles or behavioural tracking.
  • Session participation is anonymous by default.

Security measures

Secure transmission

  • All data is encrypted in transit using industry-standard protocols.
  • WebSocket connections use secure authentication.
  • Private channels keep session data isolated from other sessions.

Access control

  • Joining requires the specific room link — typically shared via your team's chat or video call.
  • Participant authentication runs through secure relay endpoints.
  • Automatic cleanup prevents indefinite data accumulation.

Data retention

Session lifetime + 90 days

Session data exists for the duration of the session plus 90 days. Automatic deletion runs 90 days after the last activity. There is no long-term storage of session content or votes.

Local data

Only your participant preferences are stored locally on your device. You can clear this data through your browser's site settings at any time. Local data is never transmitted to other participants.