Privacy Policy

pendi (the “Service”) is operated by Martin Coll, registered in Argentina as a monotributista responsable, with operational headquarters in the Ciudad Autónoma de Buenos Aires (CABA).

We are the data controller for the information you provide while using the Service. For any privacy-related question, write to [email protected].

Account data. Email address, hashed password, display name, and your preferred locale. We use Argon2 / bcrypt for password hashing; we never see your password in cleartext.

Product data. Task titles, descriptions, comments, sprint metadata, tags, attachments (if any), and billing information you submit. This is the content you create to run your team — we treat it as yours.

Telemetry. Basic auth events (sign-in, password reset), high-level page views and request logs. We do not run third-party analytics or advertising trackers.

We process account and product data to perform the contract you entered into when you signed up. Security logs and fraud prevention rely on our legitimate interest in keeping the Service operable. Marketing emails — if we ever send them — require your prior consent and you can withdraw it at any time.

We rely on the following providers to deliver the Service:

• Railway — application hosting and managed databases (US / EU regions).
• Stripe or Mercado Pago — payment processing. The active provider depends on your billing region and is disclosed at checkout.
• Resend / Postmark — transactional email (sign-up, password reset, receipts).
• Anthropic / OpenAI — used only when you explicitly opt into an AI feature. We do not send your task content to any LLM by default.

We add or change sub-processors as the Service evolves. Material changes are announced in advance (see §10).

Under Argentina’s Ley 25.326 de Protección de Datos Personales you can request access, rectification, cancellation, or opposition (ARCO) with respect to your personal data, and request a portable copy in a structured format.

Most of these are available self-serve from your account settings. For anything else, email [email protected] and we’ll respond within ten business days.

Account data is retained until you cancel, plus a 30-day grace period during which you can restore the account. After that, the account and its product data are deleted from primary storage.

Encrypted backups are kept for an additional 30 days for disaster recovery and are then purged. Task data within a live account is retained until you manually delete it.

All traffic is served over TLS. Passwords are hashed with Argon2 or bcrypt. Where the storage provider supports it, data is encrypted at rest. Two-factor authentication is available and we recommend turning it on.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

Some sub-processors host data outside Argentina — Railway operates in the US and EU, Stripe and Anthropic in the US. Article 12 of Ley 25.326 allows these transfers when carried out by recognised providers with adequate protection. We rely on standard contractual terms and the providers’ own compliance certifications.

We use a small, fixed set of cookies. No third-party trackers.

• session — authentication. Required to stay signed in.
• NEXT_LOCALE — remembers the language you picked.

That’s the whole list. If you clear them you’ll be signed out and the site will revert to its default language.

When we change the substance of this policy we’ll email registered users and show a banner inside the product before the change takes effect. Editorial corrections (typos, link fixes) ship without notice.

Martin Coll · CABA, Argentina · [email protected]

See also our Terms of Service.