Privacy Policy

Last updated: January 25, 2026

ClickSimple, Inc. ("Company", "we", "us", or "our") operates MyCTOBot. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this privacy policy carefully. By using MyCTOBot, you consent to the data practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided via Google OAuth)
  • Profile picture URL (if provided via Google OAuth)
  • Password (hashed, if not using OAuth)
Jira Integration Data

When you connect your Atlassian account, we access:

  • Jira board information (board names, IDs)
  • Sprint data (sprint names, dates, status)
  • Issue data (keys, summaries, descriptions, status, priority, assignees)
  • User information (display names, account IDs for assignees and reporters)

We do not store your Atlassian password. Authentication is handled via OAuth 2.0 tokens.

Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Feature usage (analyses run, digests sent, boards configured)
  • Error reports and performance metrics
Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers. We receive:

  • Stripe customer ID
  • Subscription status and billing history
  • Last four digits of payment method (for display purposes)

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Analyze your Jira data and generate digest emails
  • Process Payments: Manage subscriptions and billing
  • Send Communications: Daily digests, service announcements, and support responses
  • Improve the Service: Analyze usage patterns and fix bugs
  • Ensure Security: Detect and prevent fraud or abuse
  • Comply with Law: Respond to legal requests and enforce our terms

3. AI Processing and Code Access

Important: MyCTOBot uses AI to analyze and implement code changes in your repositories.
AI Analysis

Your Jira data is processed by AI (Claude by Anthropic) to generate analysis and recommendations:

  • Data is sent to Anthropic's API for processing
  • Anthropic does not use your data to train their models (per their API terms)
  • AI-generated analysis is stored temporarily for caching purposes
  • You can request deletion of cached analysis at any time
AI Developer Feature (Enterprise)

When you enable the AI Developer feature, you grant MyCTOBot permission to:

  • Read your source code: AI accesses your GitHub repositories to understand your codebase architecture, patterns, and existing implementations
  • Write and modify code: AI creates, edits, and commits code to implement Jira tickets
  • Create branches and pull requests: AI creates feature branches and submits PRs to your repository
  • Access Jira ticket details: AI reads ticket descriptions, comments, and attachments to understand requirements
  • Post updates to Jira: AI comments on tickets with progress updates and completion status
Code Processing

When implementing tickets:

  • Your code is sent to Anthropic's Claude API for analysis and generation
  • Code is processed in Anthropic's secure environment
  • Anthropic does not use your code to train AI models (per their commercial API terms)
  • Generated code is committed to your repository with clear attribution
  • All changes are made via pull requests for your review before merging
Data You Control

You maintain full control over AI Developer:

  • Choose which boards/projects enable AI Developer
  • Select which label triggers AI processing (default: ai-dev)
  • Review all changes before merging pull requests
  • Disconnect GitHub access at any time
  • All code remains in your GitHub repository

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

Service Providers
  • Anthropic: AI processing for analysis and code generation
  • GitHub: Repository access for AI Developer feature
  • Atlassian: Jira integration for ticket management
  • Stripe: Payment processing
  • Mailgun: Email delivery
  • Cloud hosting providers: Infrastructure and data storage
Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you of any such change.

5. Data Storage and Security

  • Data is stored on secure servers in the United States
  • We use encryption in transit (TLS/SSL) and at rest
  • OAuth tokens are encrypted before storage
  • Access to user data is restricted to authorized personnel
  • We conduct regular security assessments

While we implement safeguards, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Account Data: Retained while your account is active
  • Jira Data: Cached temporarily for performance; refreshed on each analysis
  • Analysis Results: Stored for 30 days for reference
  • Logs: Retained for 90 days for debugging and security
  • Billing Records: Retained as required by tax law (typically 7 years)

7. Your Rights and Choices

Access and Portability

You can request a copy of your personal data by contacting support.

Correction

You can update your account information through the settings page.

Deletion

You can request account deletion by contacting support. We will delete your data within 30 days, except as required by law.

Revoke Atlassian Access

You can disconnect your Jira integration at any time through your Atlassian account settings or our settings page.

Email Preferences

You can manage digest frequency and disable email notifications in your board settings.

Do Not Track

We do not currently respond to Do Not Track browser signals.

8. Cookies and Tracking

We use cookies for:

  • Essential Cookies: Session management and authentication
  • Preference Cookies: Remembering your settings

We do not use third-party advertising or tracking cookies.

9. International Data Transfers

Your information may be transferred to and processed in the United States. By using our service, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

MyCTOBot is not intended for children under 18. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@myctobot.ai.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR including:

  • Right of access to your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing is your consent and legitimate business interests.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@myctobot.ai
  • Company: ClickSimple, Inc.

For data protection inquiries in the EU, you may also contact your local data protection authority.

By using MyCTOBot, you acknowledge that you have read and understood this Privacy Policy.