Legal

Privacy Policy

Last updated: January 1, 2025

1. Introduction

Jishu Labs (“we,” “our,” or “us”) operates the Michi platform (michi.jishulabs.com). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our debt-aware sprint planning service. We are committed to protecting your privacy and handling your data with transparency.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, full name, and password (stored as a cryptographic hash). If you sign up via OAuth providers, we receive your name and email from the provider.

2.2 Project Data

We store the roadmaps, sprints, tasks, and project configuration you create within Michi. This includes task titles, descriptions, story points, sprint dates, debt classifications, and team member assignments.

2.3 Integration Data

When you connect Jira or Linear, we access your project data through their APIs using OAuth tokens. We sync backlogs, sprint information, and issue metadata. We never access your source code repositories.

2.4 Usage Data

We collect anonymized usage analytics including page views, feature usage frequency, and performance metrics. This data helps us improve the product and is not tied to individual user accounts.

3. How We Use Your Information

  • Provide and maintain the Michi service, including debt analysis and velocity predictions
  • Sync data between Michi and your connected tools (Jira, Linear)
  • Generate AI-powered roadmaps, sprint recommendations, and cost projections
  • Send transactional emails (account verification, password reset, sprint alerts)
  • Improve our algorithms for velocity prediction and debt impact scoring
  • Respond to customer support requests and feedback
  • Detect and prevent fraud, abuse, and security incidents

4. Data Storage and Security

Your data is stored in Supabase-managed PostgreSQL databases with row-level security (RLS) policies that ensure strict data isolation between organizations. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database backups are performed hourly with 30-day retention.

5. Third-Party Services

We use the following third-party services to operate Michi:

  • Supabase — Authentication, database, and real-time subscriptions
  • OpenAI — AI-powered roadmap generation and sprint recommendations
  • Vercel — Application hosting and edge network
  • Atlassian (Jira) — Project management integration
  • Linear — Issue tracking integration

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal information within 30 days. Anonymized, aggregated analytics data may be retained indefinitely to improve our service.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of your personal data
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data
  • Portability — Request export of your data in a machine-readable format
  • Objection — Object to certain processing of your data

To exercise any of these rights, contact us at privacy@jishulabs.com.

8. Cookies

Michi uses essential cookies for authentication and session management. We do not use advertising cookies or third-party tracking cookies. Analytics cookies are anonymized and can be opted out of in your account settings.

9. Contact

If you have questions about this Privacy Policy, please contact us at privacy@jishulabs.com or write to: Jishu Labs, San Francisco, CA.