Privacy Policy
This Privacy Policy explains how Clearstack Labs ("we", "us", "our") collects, uses, and protects information about you when you use JobTick ("the Service"). By using the Service you agree to this policy.
1. Information we collect
Account data. When you register, we collect your name, email address, and a hashed password. We never store your password in plain text.
Billing data. Payments are processed by Stripe. We store only a Stripe customer ID and subscription status — we never see or store your full card number, CVC, or expiry date.
Usage data. We collect information about how you use the Service: job monitor events (heartbeat pings, alert triggers, deploy syncs), dashboard activity, and API requests. This data is necessary to provide the Service.
Technical data. We log IP addresses, browser type, and request metadata for security, debugging, and abuse prevention. These logs are retained for 30 days.
Contact data. If you contact us via the contact form or email, we store your name, email, and the content of your message to respond to you.
Cookies. We use a single session cookie to keep you signed in. We do not use advertising or tracking cookies.
Analytics. We use SimpleAnalytics for privacy-first, cookieless website analytics. SimpleAnalytics collects only aggregate, anonymous data (page views, referrers, browser type) and does not track individual users, store personal data, or use cookies. No consent banner is required. See simpleanalytics.com/privacy.
2. How we use your information
- To create and manage your account
- To provide the job monitoring service (detect silent failures and send alerts)
- To process payments via Stripe
- To send transactional emails: trial reminders, alerts, billing notifications
- To respond to support requests
- To detect and prevent fraud and abuse
- To comply with legal obligations
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Legal bases for processing (GDPR)
If you are in the European Economic Area, we process your data under the following legal bases:
- Contract performance — processing your account data and billing information to deliver the Service you subscribed to.
- Legitimate interests — security logging, fraud prevention, and product improvement.
- Legal obligation — retaining billing records as required by applicable law.
- Consent — where we ask for it explicitly (e.g. marketing communications, if any).
4. Data storage and transfers
Your data is stored on servers within the European Union. We use the following sub-processors:
- Stripe (payment processing) — stripe.com/privacy
- Resend (transactional email) — resend.com/legal/privacy-policy
- Hetzner (infrastructure, EU region) — hetzner.com/legal/privacy-policy
- SimpleAnalytics (privacy-first analytics, no personal data collected) — simpleanalytics.com/privacy
We require all sub-processors to maintain appropriate security and data protection standards.
5. Data retention
We retain your account data for as long as your account is active. After account deletion, personal data is purged within 30 days, except where retention is required by law (e.g. billing records for 7 years under EU accounting regulations).
Job monitor data (pings, alerts, run history) is retained according to your plan's history window (60 days on Indie, 365 days on Studio, 2 years on Agency) and deleted 30 days after account closure.
6. Your rights
Under GDPR and applicable law, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (the "right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — ask us to stop processing your data in certain circumstances
- Objection — object to processing based on legitimate interests
- Withdrawal of consent — where processing is based on consent, withdraw it at any time
To exercise any right, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
7. Security
We use industry-standard security measures: HTTPS everywhere, bcrypt password hashing, rate limiting, and regular dependency audits. However, no system is completely secure. We will notify you promptly in the event of a breach affecting your personal data.
8. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
9. Changes to this policy
We may update this policy from time to time. We will notify registered users by email of material changes and update the effective date above. Continued use of the Service after changes constitutes acceptance.
10. Contact
For privacy-related questions or to exercise your rights, contact us at [email protected] or via our contact page.
Data controller: Clearstack Labs · Company no. 307539380 · VAT ID LT100019619510 · Jonažolių g. 7-95, Vilnius LT-04138, Lithuania.