Privacy Policy

Last Updated: January 15, 2026

1. Introduction

Limita ("we", "our", or "us") provides time tracking and project estimation capabilities for project management platforms like Trello. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Power-Up and services.

By using Limita, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information from Trello

When you install and use Limita, we collect:

  • Board and workspace identifiers
  • Card information (names, IDs, list positions)
  • Member information (usernames, member IDs)
  • OAuth tokens for authenticated access to your Trello data

2.2 Time Tracking Data

We collect and store:

  • Active timer information (start times, card associations, member assignments)
  • Historical time ranges (logged hours, dates, durations)
  • Project estimates and custom fields
  • User preferences and settings
  • Client information for billable hours tracking

2.3 Billing Information

For paid subscriptions:

  • Business information (company name, tax ID, address)
  • Payment information is processed directly by Stripe (we do not store credit card details)
  • Subscription status and billing history

2.4 Technical Information

  • IP addresses and user agent information
  • WebSocket connection data for real-time synchronization
  • API usage metrics and performance data
  • Error logs and diagnostic information (via Sentry)

3. How We Use Your Information

We use collected information to:

  • Provide and maintain time tracking functionality
  • Synchronize data in real-time across your team members
  • Generate time tracking reports and analytics
  • Process subscriptions and billing
  • Enforce one-timer-per-member rules and business logic
  • Improve and optimize service performance
  • Detect and prevent technical issues and abuse
  • Comply with legal obligations

4. Data Storage and Security

4.1 Infrastructure

  • Hosting: Hetzner (Germany/EU) - all data stored in EU data centers
  • Database: PostgreSQL 17 with Row-Level Security (RLS) for multi-tenant isolation
  • Encryption in Transit: TLS/HTTPS for all data transmission
  • Encryption at Rest: LUKS2 full disk encryption with AES-256 for all database and observability volumes
  • CDN: Cloudflare for DNS and content delivery

4.2 Third-Party Services

  • Sentry: Error tracking and monitoring (EU region only)
  • PagerDuty: Incident management (EU region only)
  • Stripe: Payment processing (PCI-DSS compliant)

4.3 Security Measures

  • JWT authentication with JWKS validation
  • Rate limiting (IP and per-member)
  • Parameterized SQL queries to prevent injection attacks
  • Internal security audits performed at regular intervals
  • Automated backups with disaster recovery procedures

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We only share data in the following circumstances:

  • With Your Team: Time tracking data is shared with other members of your workspace
  • Service Providers: Third-party services listed above that help us operate our service
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Time tracking data: Retained for the lifetime of your subscription plus 90 days
  • Billing information: Retained for 7 years for tax and accounting purposes
  • Logs and diagnostic data: Retained for 90 days

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your personal data
  • Restrict: Request restriction of processing

To exercise these rights, contact us at [email protected]

8. Cookies and Tracking

We do not use cookies or browser local storage. Authentication is handled through JWT tokens provided by Trello. No third-party tracking or advertising technologies are used.

9. Children's Privacy

Limita is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

All data is stored and processed within the European Union (Hetzner Germany). For third-party services operating outside the EU, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance.

12. Contact Us

For questions about this Privacy Policy or our data practices: