Privacy Policy

Effective Date: October 20, 2025

This Privacy Policy describes how we (“we,” “our,” or “us”) collect, use, and protect your personal data when you use Teampath, available at https://teampath.io (the “Service”).

“We,” “our,” and “us” refers to the owner and operator of the Service:

UBOTS sp. z o.o. ul. Księcia Witolda 49/15 50-202 Wrocław, Poland, EU VAT ID: PL8952230065

We are committed to protecting your privacy and handling your data transparently in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Our Privacy Principles

Teampath is built on trust and respect for team members’ privacy. We explicitly commit to:

• Never monitoring keyboard activity, mouse movements, or screen captures
• Never tracking time spent on applications or websites outside of explicitly integrated work tools
• Never implementing any form of invasive computer surveillance
• Only collecting work signals from tools you explicitly connect to the Service

All activities displayed in Teampath come exclusively from integrated work tools and are visible to authorized users within your organization.

2. Information We Collect

2.1 Account and User Information

Name, email address, company name, organizational structure, and authentication information including credentials needed to access the Service.

2.2 Integration Data

When you connect third-party tools to Teampath, we collect work-related data from those tools including tasks, pull requests, commits, code reviews, meetings, and related activities.

2.3 Payment Information

Billing details and VAT/tax numbers. Credit card information is processed by third-party payment systems operators and not stored by us.

2.4 Technical Information

IP address, browser type, device information, and error logs.

3. Purpose of Processing

We process your personal data to:

3.1 Service Provision and Improvement

Provide, maintain, and improve the Service, including aggregating work activities from integrated tools, communicate with you about the Service, provide customer support, send important updates, analyze Service usage, identify and fix technical issues, and develop new features.

3.2 Billing, Compliance, and Security

Process subscription payments, generate invoices, meet accounting and tax obligations, protect against unauthorized access, and detect and prevent fraud or abuse.

3.3 Marketing

Marketing emails are sent only with prior opt-in consent. You can unsubscribe at any time.

3.4 Automated Decision-Making and Profiling

The Service uses automated processes to aggregate and analyze work activity data (such as task completion, code reviews, and meeting patterns). These processes are designed to support management decisions, not to make decisions automatically.

We do not make automated decisions that produce legal effects or similarly significantly affect individuals (such as performance evaluations, promotions, or terminations) without human involvement and oversight. All analytics and insights require human interpretation and decision-making.

You have the right to object to automated processing of your data. Contact us at contact@teampath.io to exercise this right.

3.5 Legal Bases (GDPR)

Depending on the context, Teampath acts as (a) Data Controller for user account, billing, and analytics data, or (b) Data Processor when handling your employees’ data on your behalf. As a customer organization, you are the Data Controller for your employees’ work activity data from integrated tools and team member information. We process this data only according to your instructions. We process data based on contract performance, legitimate interests, legal obligations, and consent (for marketing, which you can withdraw at any time).

3.6 Customer Responsibilities

You are responsible for ensuring lawful processing of your employees’ data. Depending on your specific use case, you may need to conduct a Data Protection Impact Assessment (DPIA).

4. Data Sharing

You control how your employees’ data is shared within your organization. Our sharing with service providers is strictly limited to what is necessary for service delivery.

4.1 Within Your Organization

Data is shared with users who have been explicitly invited to your organization’s Teampath account.

4.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service, including hosting, payment processing, communication, support, and analytics. All providers undergo compliance checks and are contractually required to process data solely on our instructions, implement appropriate security measures, and comply fully with GDPR, including signing Data Processing Agreements. Data shared is limited to what is necessary for their support roles. Cross-border data transfers are conducted under appropriate safeguards such as Standard Contractual Clauses.

4.3 Legal Requirements

We may disclose data when required by law, including compliance with legal processes, court orders, or governmental requests, and to protect our rights, prevent fraud, or address security issues.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data Security and Breach Notification

We implement appropriate technical and organizational measures following industry standards to protect all personal data we process. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify affected individuals where required, in accordance with applicable data protection laws.

6. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

6.1 Active Accounts

While your account is active, we retain all data necessary to provide the Service.

6.2 After Account Termination

After you terminate your account, we retain different types of data for varying periods:

• Service data: Retained for up to 90 days, then permanently deleted
• Backup data: May persist in backup systems for up to 90 days after service data deletion (180 days total from account termination), then permanently deleted
• Billing and accounting records (invoices, payment records): 7 years to comply with tax and accounting obligations
• Legal compliance data: As required by applicable laws and regulations

6.3 Data Deletion Requests

You can request deletion of your data at any time by contacting us at contact@teampath.io. Note that billing and accounting records may need to be retained to comply with legal obligations.

7. User Rights

Under GDPR, CCPA, PIPEDA, and other applicable data protection laws, you have the right to:

• Access your personal data and receive information about how we collect, use, and disclose it
• Rectify inaccurate or incomplete personal data
• Erase your personal data, subject to legal retention obligations
• Restrict processing in certain circumstances
• Data portability - receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests or for direct marketing
• Opt-out of the sale of personal information (we do not sell personal information)
• Withdraw consent at any time where processing is based on consent
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at contact@teampath.io. We will respond within 30 days. For complex requests, we may extend this period by up to 2 additional months, in which case we will inform you within the first month and explain the reasons for the extension. You also have the right to lodge a complaint with your local data protection authority (for EU residents), the California Attorney General (for California residents), the Office of the Privacy Commissioner of Canada (for Canadian residents), or your applicable local privacy authority.

8. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service.

8.1 Essential Cookies

Required for authentication, session management, and basic Service functionality. Disabling these cookies will prevent you from using the Service.

8.2 Analytics Cookies

Help us understand how the Service is used and identify areas for improvement. You can control these through your browser settings.

9. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Other legally recognized transfer mechanisms

10. Children’s Privacy

The Service is designed for use by businesses and their employees in a professional context. It is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Effective Date” at the top of this document. We encourage you to review this Privacy Policy periodically.