Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how Azmyra, operated by The Product Owner (“we”, “us”, “our”), collects, uses, and protects your information when you use our AI-powered product management platform at ai.theproductowner.org (the “Service”).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed password. If you sign in via Google or Microsoft, we receive your name, email, and profile picture from the OAuth provider.

Product Data

Data you enter into Azmyra — including initiatives, meeting transcripts, risks, personas, competitors, roadmap items, and vision statements — is stored in our database and associated with your account.

Integration Credentials

If you connect third-party services (Jira, Confluence, Slack, Notion, Linear, GitHub), we store the necessary authentication tokens. These credentials are encrypted at rest using AES-256-GCM encryption before being written to the database.

LLM API Keys

You may provide API keys for third-party AI providers (OpenAI, Anthropic, Groq, or others). These keys are stored only in your browser’s local storage and are never transmitted to or stored on our servers. They are sent directly from your browser to the respective AI provider’s API.

Usage Data

We collect basic usage information such as pages visited, features used, and error logs to improve the Service. We do not use third-party analytics trackers.

2. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To connect with third-party integrations you authorize (Jira, Slack, etc.)
  • To process your data through AI agents for summaries, risk analysis, and recommendations
  • To send transactional emails (account verification, password reset)
  • To improve the Service based on aggregated, anonymized usage patterns

3. Third-Party Services

Azmyra integrates with the following categories of third-party services:

  • AI/LLM Providers (OpenAI, Anthropic, Groq): Your prompts and product data may be sent to these providers when you use AI features. We use your own API keys — we do not proxy through our accounts. Refer to each provider’s privacy policy for their data handling practices.
  • Productivity Tools (Jira, Confluence, Slack, Notion, Linear, GitHub): Data is fetched from and sent to these services only when you explicitly authorize the connection. We access only the scopes you approve.
  • Authentication Providers (Google, Microsoft): Used only for sign-in. We receive your name and email.
  • Cloud Infrastructure (Google Cloud Platform): Our Service runs on Google Cloud Run in the us-central1 region. Data is stored in a Google Cloud SQL PostgreSQL database.

4. Data Storage and Security

  • All data is encrypted in transit (TLS/HTTPS) and at rest
  • Integration credentials are encrypted using AES-256-GCM with a dedicated encryption key
  • Passwords are hashed using bcrypt with a work factor of 12
  • LLM API keys are stored only in your browser and never reach our servers
  • Database backups are encrypted and retained for disaster recovery

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days, except where retention is required by law.

6. Your Rights

You have the right to:

  • Access your data — all product data is visible in the application
  • Export your data — contact us at the email below
  • Delete your data — you can delete your account from the Settings page, which removes all associated data
  • Revoke integration access — disconnect any third-party service at any time from Settings
  • Withdraw consent — stop using the Service at any time; your locally stored LLM keys are removed by clearing browser storage

7. Cookies

We use only essential cookies required for authentication (session token). We do not use advertising or tracking cookies.

8. Children’s Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date.

10. Contact

For privacy-related inquiries, data export requests, or to exercise your rights, contact us at:
privacy@theproductowner.org

© 2026 Azmyra / The Product Owner. All rights reserved.