Privacy Policy

Account data — When you register, we collect your name, work email address, and a hashed password. If your organisation uses SSO, we receive your name and email from your identity provider.

Profile and usage data — As you use Munera we store the tasks you create and assign, skill profiles you configure, project memberships, comments, and settings you choose (notification preferences, capacity hours, etc.).

Technical data — We automatically log request metadata (IP address, browser user-agent, timestamps) for security auditing and rate-limiting. We do not use this data for advertising.

Integration data — If you connect Jira, Linear, Slack, or GitHub, we store the OAuth tokens or API keys you provide (encrypted at rest) and sync only the task and issue data necessary for the integration to function.

Payment data — We do not store payment card details. All billing is handled by our payment processor (Stripe) and subject to their privacy policy.

We use the data we collect exclusively to:

• Provide, maintain, and improve the Munera platform
• Authenticate users and enforce access controls
• Run AI-powered task analysis and assignment recommendations
• Send transactional notifications (task assignments, due-date reminders, digest emails) that you can configure or disable at any time
• Detect and prevent security threats, abuse, and fraud
• Comply with legal obligations

We do not sell your data to third parties, use it for behavioural advertising, or share it outside the purposes listed above.

Task descriptions and skill profiles you enter are sent to our AI provider (OpenAI) to power task analysis and assignment suggestions. OpenAI processes this data as a data processor on our behalf and is contractually prohibited from using your inputs to train their models. We send only the minimum data required for each request.

Predictive analytics (burnout risk, capacity forecasting, completion predictions) run on-platform using anonymised aggregate data from your organisation only.

All data is stored on infrastructure within the EU (eu-west-1, Ireland) region. Munera employs the following security controls:

• Passwords hashed with Argon2id
• Secrets and integration credentials encrypted with AES-256 (Fernet)
• TLS 1.2+ enforced for all data in transit
• RDS PostgreSQL encrypted at rest
• API keys stored as Argon2 hashes; only the 8-character prefix retained for lookup
• httpOnly cookies for session tokens; CSRF protection via SameSite policy
• Comprehensive audit logging for all administrative actions

For self-hosted deployments, you are responsible for the security of your own infrastructure. We publish hardening guidance in the Security documentation.

We share data only in these limited circumstances:

• Service providers — AWS (hosting), OpenAI (AI analysis), SendGrid (email delivery), Stripe (billing), and Sentry (error monitoring) act as data processors under contractual data protection agreements.
• Your integrations — Data you sync to Jira, Linear, or Slack is transmitted to those third-party services under your direction.
• Legal requirements — We may disclose data if required by law, court order, or to protect the rights, safety, or property of Munera or others.
• Business transfer — In the event of a merger or acquisition, we will give advance notice before any data is transferred to a new entity.

We retain your account and project data for as long as your organisation's subscription is active. When an account is deleted or a subscription is cancelled, personal data is purged within 30 days and backups are rotated within 90 days.

Audit logs are retained for 12 months to support compliance requirements. You may request earlier deletion — see Your rights below.

Munera uses strictly necessary cookies only:

• access_token — httpOnly session cookie. Expires after your configured session duration.
• refresh_token — httpOnly refresh cookie used to renew sessions silently.

We do not use tracking, analytics, or advertising cookies. No third-party cookies are set by the Munera application.

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the data we hold about you.
• Rectification — Correct inaccurate or incomplete data.
• Erasure — Request deletion of your personal data.
• Portability — Receive your data in a machine-readable format.
• Restriction — Ask us to limit how we use your data.
• Objection — Object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@munera.app. We will respond within 30 days. If you are in the EU/EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Munera is a professional platform intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this policy periodically. When we make material changes we will notify you by email and display a banner in the application at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

For privacy questions, data requests, or to report a concern, please contact us: