Privacy Policy for AITOC, INC DBA agileCCPM

Version 1.1 Published on December 28, 2025

1. Introduction

1.1 Overview of the Privacy Policy

AITOC, INC dba agileCCPM values your privacy and is committed to protecting your personal data. This privacy policy outlines how we manage your personal data when you visit our website or use our Atlassian marketplace app, agileCCPM. It also informs you about your privacy rights and how the law protects you.

1.2 About agileCCPM and Our Products (Website and Atlassian Marketplace App)

agileCCPM is a technology company that focuses on providing innovative and reliable software solutions to enhance productivity and efficiency with a strong focus on Theory of Constraints (TOC) and Critical Chain Project Management (CCPM) methodologies. agileCCPM is our Atlassian marketplace app that integrates with your Jira software to offer enhanced project management capabilities.

1.3 Key Definitions

Please refer to the Glossary at the end of this document to understand the meaning of some of the terms used in this privacy policy.

2. Who We Are and How to Contact Us

2.1 Identity of the Data Controller

agileCCPM, is the data controller responsible for your personal data.

2.2 Contact Information for Privacy Queries

For any queries about this privacy policy or our privacy practices, please contact our at:

Email: privacy@agileccpm.com Postal address: 17657 Candlewood Ter, Boca Raton, FL 33487, USA

2.3 Updates to This Privacy Policy

We review and update this privacy policy regularly. When we make an update, we update the information in the header above.

2.4 Third-Party Links and Services

Our website and Atlassian marketplace app may contain links to third-party websites and services. We are not responsible for their privacy practices, and we encourage you to read their privacy policies.

3. What Data We Collect

This website and our products/services are not intended for children and we do not knowingly collect data relating to children.

3.1 Categories of Personal Data

We may collect, use, store, and transfer different kinds of personal data about you, including:

3.1.1 Identity Data

Your first name, last name, display name.

3.1.2 Contact Data

Your email address, postal address, and telephone numbers.

3.1.3 Technical Data

Your IP address, login data, browser type and version, time zone setting and location, operating system and platform, anonymized Jira accountId, and other technology on the devices you use to access our website or app.

3.1.4 Usage Data

Information about how you use our website and app.

3.1.5 Marketing and Communications Data

Your preferences in receiving marketing from us and our third parties, and your communication preferences.

3.2 Non-Personal Data

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. This data does not reveal your identity.

3.3 Special Categories of Data

We do not collect any Special Categories of Personal Data about you, such as details about your race, ethnicity, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, or health.

3.4 If You Fail to Provide Personal Data

If you fail to provide personal data when requested, we may not be able to perform a contract we have or are trying to enter into with you (e.g., to provide you with our products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

4. How We Collect Your Data

4.1 Data You Provide Directly

You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email, or otherwise.

4.2 Data Collected Through Automated Technologies

As you interact with our website and app, we collect Technical Data about your equipment, browsing actions, and patterns. We use cookies and other similar technologies for this purpose.

4.2.1 Cookies and Tracking Technologies

We use cookies to improve your experience on our website and app. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

4.2.2 Server Logs

We collect log file information when you use our website and app. This includes information such as your web request, IP address, browser type, referring/exit pages and URLs, and how you interact with links on the service.

4.3 Data from Third Parties

We may receive personal data about you from various third parties, including:

4.3.1 Business Partners

We may receive information about you from our business partners, such as analytics providers and advertising networks like Google Analytics.

4.3.2 Publicly Available Sources

We may collect information about you from publicly available sources.

5. How We Use Your Data

5.1 Legal Bases for Processing

We will only process your personal data when the law allows us to do so. Most commonly, we will use your personal data:

5.1.1 Consent

Where we have obtained your consent to process your personal data for certain activities.

5.1.2 Contractual Necessity

Where we need to process your personal data to perform a contract we have entered into with you.

5.1.3 Legitimate Interests

Where we need to process your personal data for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override these interests.

5.1.4 Legal Obligations

Where we need to process your personal data to comply with our legal obligations.

5.2 Purposes for Data Use

We use your personal data to provide you with our products and services, personalize and improve your experience, communicate with you about our products and services, and for other legitimate business purposes.

5.2.1 Service Delivery

We use your personal data to provide our services, process transactions, and respond to your inquiries.

5.2.2 Improving Our Products

We use your personal data to analyze usage trends and perform data analysis to improve our products and services.

5.2.3 Customer Support

We use your personal data to provide customer support, including resolving technical issues and responding to inquiries.

5.2.4 Marketing and Communication

We use your personal data to communicate with you about our products and services, provide you with marketing materials, and tailor advertisements to your interests.

Where you act on behalf of an organization that uses or has used our products or services (including organizations that have previously paid for our products or services but are no longer active customers), we may also use limited business information about that organization – such as its name, trade name, and logo – to identify it as a current or past customer on our website (for example, in “social proof” or customer logo sections) and in similar marketing materials.

We will not disclose any confidential information in connection with this use and will limit it to identifying your organization as a customer. To the extent that this involves personal data, we rely on our legitimate interests in promoting and developing our business, balanced against your rights and freedoms. You may object to this use at any time by contacting us at info@agileccpm.com or privacy@agileccpm.com, in which case we will use commercially reasonable efforts to remove your organization’s name and logo from future digital marketing materials and from our website within a reasonable period. This will not require us to recall or destroy physical or archived materials that have already been printed, distributed, or stored.

5.3 Marketing Preferences and Opt-Outs

You can opt-out of receiving marketing communications from us at any time. You can exercise your opt-out rights by following the unsubscribe instructions in the marketing emails we send you or by contacting us.

6. Disclosure of Your Data

6.1 Internal Disclosures

We may share your personal data with other entities within agileCCPM for purposes consistent with this privacy policy.

6.2 External Disclosures

6.2.1 Service Providers

We may share your personal data with third-party service providers who provide services on our behalf, such as data analysis, payment processing, customer service, and other services.

6.2.2 Legal and Regulatory Requirements

We may disclose your personal data as required by law or in response to valid requests by public authorities, such as to meet national security or law enforcement requirements.

6.2.3 Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, your personal data may be part of the transferred assets.

7. International Data Transfers

Our principal business activities are conducted within the United States. As such, should your residence be outside the U.S., it is essential to acknowledge and consent to the likelihood of your personal data being transported to, retained, or processed within the U.S. by our company and the third-party providers that host our services. It should be noted that the laws governing personal information in the U.S. may not extend the same degree of protection as those in your native country.

7.1 Data Transfers Outside Your Jurisdiction

Your personal data may be transferred to, stored, or processed in a country that is not regarded as providing the same level of protection for personal data as the laws of your home country. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected.

7.2 Safeguards for International Transfers

For transfers of personal data outside of the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards, or obtain your consent.

8. Data Security

8.1 Security Measures for our apps on Atlassian Marketplace

We follow strict security rules of Atlassian Marketplace for its app. Futhermore, we do not have any data egress from Atlassian and support data residency in alignment with the host product, qualifying us for Runs on Atlassian program. This means that your Atlassian data stays with Atlassian. If our app in the Atlassian Marketplace needs to store data, we store only the anonymized accountId in Atlassian.

8.2 Security Measures in Place

We have implemented appropriate technical and organizational measures designed to protect the security of any personal data we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure.

8.3 Reporting a Data Breach

In the event of a data breach, we will strive to notify you within 72 hours of discovery and provide appropriate information related to the breach.

9. Data Retention

9.1 Retention Periods

We retain personal data for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process it.

9.2 Deleting Your Data

In some circumstances, you can ask us to delete your data. Please see section 10.2.3 for more information.

10. Your Rights

10.1 Overview of Your Legal Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. These may include the right to access, correct, or delete your data, restrict or object to data processing, request data portability, and withdraw consent.

10.2 Exercising Your Rights

10.2.1 Accessing Your Data

You have the right to request access to your personal data that we hold.

10.2.2 Correcting Your Data

You have the right to have any inaccurate personal data we hold about you corrected and to have incomplete data completed.

10.2.3 Erasing Your Data

You have the right to request that we erase your personal data under certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.

10.2.4 Restricting Data Processing

You can ask us to suspend the processing of your personal data in certain circumstances, for example, if you want us to establish the data's accuracy or the reason for processing it.

10.2.5 Data Portability

In certain circumstances, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller without hindrance.

10.2.6 Objecting to Data Use

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data.

10.3 Timeframe for Responses

We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, it may take us longer, but we will notify you and keep you updated.

10.4 No Fee Typically Required

We will not charge a fee for you to exercise your rights in relation to your personal data, unless your request for access is unfounded or excessive, in which case we will charge a reasonable fee in such circumstances.

10.5 Verification of Identity

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

10.6 Special Rights for Residents of Certain Jurisdictions

10.6.1 California Residents (CCPA/CPRA Rights)

California residents are entitled to certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include:

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and whether it has been shared or sold.

Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., legal obligations or security purposes).

Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information, as defined by California law. Please note that we do not currently sell or share personal information as defined under the CCPA and CPRA.

Right to Correct: If you believe the personal information we have about you is inaccurate, you may request that we correct it.

Right to Limit Use of Sensitive Personal Information: If we collect "sensitive personal information" (as defined under California law), you can request that we limit its use and disclosure.

To exercise these rights, or if you have any questions, you can contact us at: privacy@agileccpm.com. We will verify your identity as part of processing your request.

10.6.2 Nevada Residents

Under Nevada Revised Statutes Chapter 603A, Nevada residents have the right to opt out of the sale of certain types of personal information. While we do not currently sell personal information as defined under Nevada law, you may still submit a request to opt out of future sales, should our practices change.

To submit an opt-out request, or if you have any questions, please contact us at: privacy@agileccpm.com.

10.6.3 EU/EEA Residents (GDPR Rights)

If you are located in the European Union (EU) or European Economic Area (EEA), you are entitled to certain rights under the General Data Protection Regulation (GDPR). These rights include:

Right of Access: You can request information about the personal data we hold about you and how we process it.

Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to certain legal exceptions.

Right to Restrict Processing: You can ask us to limit the processing of your personal data under certain circumstances.

Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and you can ask us to transmit this data to another controller where technically feasible.

Right to Object: You may object to our processing of your personal data for direct marketing or other purposes based on legitimate interests.

Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority in your country if you believe your rights under the GDPR have been violated.

To exercise your GDPR rights, or if you have any questions, please contact us at: privacy@agileccpm.com. We will verify your identity as part of processing your request.

11. Cookies and Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They are used to track, save, and store information about the user's interactions and usage of the website.

11.2 Types of Cookies We Use

We use different types of cookies on our website and app, including essential cookies, performance cookies, functionality cookies, and targeting/advertising cookies.

11.2.1 Essential Cookies

11.2.2 Performance and Analytics Cookies

11.2.3 Functional Cookies

11.2.4 Targeting/Advertising Cookies

11.3 How We Use Cookies

We use cookies to improve your experience on our website and app, to provide personalized content, to analyze our traffic, and for advertising purposes.

11.4 Managing Your Cookie Preferences

You can typically remove or reject cookies via your browser settings.

11.5 Do Not Track Signals

We do not currently respond to 'do not track' signals and similar settings or mechanisms.

12. Third-Party Services and Integrations

12.1 Atlassian Marketplace App Integrations

Our Atlassian marketplace app, agileCCPM, may integrate with other Atlassian services or third-party apps. This Privacy Policy does not apply to these third-party services or apps, and we encourage you to read the privacy policies of any third-party services or apps you use.

12.2 Links to Third-Party Websites and Services

Our website and app may contain links to other websites, services, and applications that are not owned or controlled by us. This Privacy Policy does not apply to these third-party services, and we cannot take responsibility for the content, privacy policies, or practices of these third-party services.

12.3 Third-Party Data Sharing Policies

We do not sell, rent, or otherwise disclose your personal data to third parties for their marketing and advertising purposes without your consent.

13. Changes to This Privacy Policy

13.1 When We May Update This Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

13.2 How We Notify You of Changes

We will update the “effective date” at the top of this Privacy Policy. If we make fundamental changes to this Privacy Policy, we will provide you with notice of the changes, such as by sending an email, providing notice through our website or the app, or updating the "effective date" at the top of this Privacy Policy.

14. How to Contact Us

14.1 General Inquiries

For general inquiries, you can contact us at info@agileccpm.com.

14.2 Privacy-Specific Inquiries

For inquiries related to this Privacy Policy or our privacy practices, you can contact us at privacy@agileccpm.com.

15. Glossary of Terms

15.1 Key Definitions

15.1.1 Personal Data

Any information relating to an identified or identifiable natural person.

15.1.2 Data Controller

The entity that determines the purposes and means of the processing of personal data.

15.1.3 Data Processor

The entity that processes personal data on behalf of the data controller.

15.1.4 Third Parties

Entities, other than the data subject, data controller, data processor, and persons who, under the direct authority of the data controller or processor, are authorized to process personal data.

15.1.5 Cookies

Small text files that are placed on your device by a web server when you access our website. They are used to store and receive identifiers and other information on devices.

15.2 Legal Basis Definitions

15.2.1 Consent

You have given clear consent for us to process your personal data for a specific purpose.

15.2.2 Contractual Necessity

The processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.

15.2.3 Legal Obligations

The processing is necessary for us to comply with the law.

15.2.4 Legitimate Interests

The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data that overrides those legitimate interests.

Privacy Policy for AITOC, INC DBA agileCCPM

Table of Contents

1. Introduction

2. Who We Are and How to Contact Us

3. What Data We Collect

4. How We Collect Your Data

5. How We Use Your Data

6. Disclosure of Your Data

7. International Data Transfers

8. Data Security

9. Data Retention

10. Your Rights

11. Cookies and Tracking Technologies

12. Third-Party Services and Integrations

13. Changes to This Privacy Policy

14. How to Contact Us

15. Glossary of Terms

1. Introduction

1.1 Overview of the Privacy Policy

1.2 About agileCCPM and Our Products (Website and Atlassian Marketplace App)

1.3 Key Definitions

2. Who We Are and How to Contact Us

2.1 Identity of the Data Controller

2.2 Contact Information for Privacy Queries

2.3 Updates to This Privacy Policy

2.4 Third-Party Links and Services

3. What Data We Collect

3.1 Categories of Personal Data

3.1.1 Identity Data

3.1.2 Contact Data

3.1.3 Technical Data

3.1.4 Usage Data

3.1.5 Marketing and Communications Data

3.2 Non-Personal Data

3.3 Special Categories of Data

3.4 If You Fail to Provide Personal Data

4. How We Collect Your Data

4.1 Data You Provide Directly

4.2 Data Collected Through Automated Technologies

4.2.1 Cookies and Tracking Technologies

4.2.2 Server Logs

4.3 Data from Third Parties

4.3.1 Business Partners

4.3.2 Publicly Available Sources

5. How We Use Your Data

5.1 Legal Bases for Processing

5.1.1 Consent

5.1.2 Contractual Necessity

5.1.3 Legitimate Interests

5.1.4 Legal Obligations

5.2 Purposes for Data Use

5.2.1 Service Delivery

5.2.2 Improving Our Products

5.2.3 Customer Support

5.2.4 Marketing and Communication

5.3 Marketing Preferences and Opt-Outs

6. Disclosure of Your Data

6.1 Internal Disclosures

6.2 External Disclosures

6.2.1 Service Providers

6.2.2 Legal and Regulatory Requirements

6.2.3 Business Transfers

7. International Data Transfers

7.1 Data Transfers Outside Your Jurisdiction

7.2 Safeguards for International Transfers

8. Data Security

8.1 Security Measures for our apps on Atlassian Marketplace

8.2 Security Measures in Place

8.3 Reporting a Data Breach

9. Data Retention

9.1 Retention Periods

9.2 Deleting Your Data

10. Your Rights

10.1 Overview of Your Legal Rights

10.2 Exercising Your Rights

10.2.1 Accessing Your Data

10.2.2 Correcting Your Data

10.2.3 Erasing Your Data

10.2.4 Restricting Data Processing

10.2.5 Data Portability