Ganttra V2

Ganttra Privacy Policy

Last Updated: May 16, 2026
Operator: Stoney Bottom Studios LLC
Contact: [email protected]

This Privacy Policy explains how Stoney Bottom Studios LLC, doing business as Ganttra ("Ganttra," "we," "us," or "our"), collects, uses, discloses, protects, and retains information when you access or use the Ganttra website, web application, mobile application, documentation, APIs, support services, subscriptions, and related services (collectively, the "Service").

This Privacy Policy is intended to be read together with the Ganttra Terms of Service and, where applicable, the Ganttra End User License Agreement.

1. Scope

This Privacy Policy applies to information we process in connection with the Service.

This Privacy Policy does not apply to third-party websites, services, integrations, marketplaces, payment processors, identity providers, hosting providers, analytics providers, or other third-party services that are not owned or controlled by Ganttra. Those third parties are responsible for their own privacy practices.

If you use Ganttra through an organization, workspace, employer, contractor, client, or other account administrator, that organization may control or have access to your account, workspace activity, project data, files, and related content. In that context, the organization is responsible for its own privacy and compliance obligations.

2. Our Role

Depending on the context, Ganttra may act as:

  • a service provider or processor for project data, files, schedules, assignments, comments, imports, exports, and other content submitted to the Service by or on behalf of a customer; and
  • an independent business or controller for account administration, billing, website usage, security, legal compliance, product analytics, and communications.

Customers are responsible for ensuring they have all rights, permissions, notices, consents, and legal bases required to upload, submit, process, disclose, or instruct Ganttra to process Customer Content through the Service.

3. Information We Collect

3.1 Information You Provide

We may collect information you provide directly, including:

  • name, email address, username, password credentials or authentication identifiers, organization name, role, and account preferences;
  • workspace, team, administrator, invite, permission, and user management information;
  • project plans, schedules, activities, tasks, dependencies, milestones, calendars, assignments, comments, notes, tags, resource information, attachments, imported files, exported files, and related project metadata;
  • billing contact information, subscription plan information, tax information, invoice information, and transaction records;
  • support requests, survey responses, feedback, bug reports, and communications with us;
  • information you provide when you participate in product research, beta features, demos, or promotional activities.

We do not intentionally request sensitive personal information unless it is necessary to provide the Service or is otherwise authorized by law or written agreement. You should not upload Social Security numbers, government identification numbers, protected health information, payment card numbers, financial account credentials, export-controlled data, criminal-history information, biometric identifiers, or similarly sensitive information unless your agreement with Ganttra expressly permits that use.

3.2 Customer Content

"Customer Content" means content, data, files, documents, schedules, project records, comments, imports, exports, and other materials submitted to or generated within the Service by or on behalf of a customer or authorized user.

Customer Content may include personal information if you or your organization chooses to include it. Examples may include names, email addresses, job titles, assignments, availability, project roles, comments, and information contained in uploaded files.

We process Customer Content to provide, maintain, secure, support, troubleshoot, and improve the Service and as otherwise instructed by the customer or permitted by agreement.

3.3 Information Collected Automatically

When you use the Service, we and our service providers may automatically collect:

  • IP address, device identifiers, browser type, operating system, device type, app version, language settings, and approximate location derived from IP address;
  • log data, event data, crash reports, diagnostics, performance data, error reports, and security logs;
  • pages or screens viewed, referring pages, session duration, clicks, feature usage, search queries within the Service, and other usage information;
  • cookie identifiers, local storage identifiers, and similar technologies.

3.4 Mobile and Device Permissions

If you use a Ganttra mobile application, your device may request permission to access certain device features, such as files, photos, camera, notifications, or location. We only collect information from these permissions when you enable them and use related features. You can manage device permissions through your device settings.

3.5 Payment Information

Payment card and payment method details are processed by third-party payment processors. Ganttra does not store full payment card numbers. We may receive limited billing information from payment processors, such as billing contact details, payment status, subscription plan, transaction identifiers, invoices, and partial payment method details.

3.6 Information From Third Parties

We may receive information from third parties, including:

  • account administrators and workspace owners;
  • identity providers and single sign-on providers;
  • payment processors;
  • analytics, hosting, logging, customer support, and security providers;
  • integrations or connected services authorized by you or your organization;
  • public or commercially available sources where permitted by law.

4. How We Use Information

We use information to:

  • provide, operate, maintain, host, synchronize, and secure the Service;
  • create and manage accounts, users, workspaces, permissions, subscriptions, and billing;
  • process uploads, imports, exports, schedules, project views, comments, notifications, and collaboration workflows;
  • provide support, troubleshooting, training, onboarding, product updates, service notices, and administrative messages;
  • monitor Service performance, reliability, integrity, and security;
  • detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, security incidents, violations of our terms, and harmful activity;
  • improve, test, develop, and analyze the Service, including product analytics and diagnostics;
  • communicate with you about features, updates, events, offers, and other information, where permitted by law;
  • comply with legal, regulatory, tax, accounting, security, and contractual obligations;
  • enforce our agreements and protect the rights, safety, and property of Ganttra, users, customers, and others.

5. AI-Assisted, Automated, and Scheduling Features

The Service may include automated, algorithmic, analytical, or AI-assisted features that help users create, review, analyze, summarize, validate, organize, estimate, or improve project schedules and related information.

Where these features are enabled, Customer Content and related usage information may be processed to provide the requested functionality, produce outputs, improve reliability, prevent abuse, and maintain security.

Ganttra does not represent that automated outputs are complete, accurate, compliant, or suitable for any particular project, contract, bid, deadline, safety requirement, legal requirement, engineering requirement, financial decision, or professional purpose. Users are responsible for reviewing outputs before relying on them.

Unless separately agreed in writing or enabled by customer instruction, Ganttra does not permit third-party AI providers to use Customer Content to train their general-purpose foundation models.

6. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, pixels, SDKs, and similar technologies to:

  • keep you signed in;
  • remember preferences;
  • secure the Service;
  • measure performance and usage;
  • diagnose errors;
  • improve features;
  • support analytics and, where permitted, marketing.

You can manage cookies through your browser settings. Some cookies are necessary for the Service to function and cannot be disabled without affecting core functionality.

We do not currently respond to all browser "Do Not Track" signals because there is no consistent industry standard for those signals. Where required by applicable law, we will honor legally recognized opt-out preference signals.

7. How We Disclose Information

We may disclose information as described below.

7.1 Within Workspaces

Information submitted to a workspace may be visible to workspace owners, administrators, authorized users, collaborators, invitees, and others with access permissions. Workspace administrators may be able to access, export, modify, restrict, or delete user accounts and Customer Content.

7.2 Service Providers and Subprocessors

We may disclose information to vendors, service providers, contractors, and subprocessors that perform services for us, such as hosting, storage, authentication, infrastructure, analytics, logging, customer support, communications, billing, payment processing, security, incident response, and AI-assisted functionality.

These parties are authorized to process information as necessary to provide services to us and are expected to protect information according to contractual and legal obligations.

7.3 Integrations and Customer-Directed Disclosures

If you or your organization enables an integration, export, API connection, webhook, or third-party service, we may disclose information as directed by you or your organization. Ganttra is not responsible for the privacy or security practices of third-party integrations once information is transmitted to them.

7.4 Legal, Safety, and Compliance

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, regulation, legal process, subpoena, court order, governmental request, or enforceable legal obligation;
  • enforce our agreements;
  • protect the rights, property, security, or safety of Ganttra, customers, users, or others;
  • detect, prevent, or respond to fraud, abuse, security incidents, or technical issues;
  • preserve evidence or defend legal claims.

7.5 Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, corporate reorganization, sale of assets, bankruptcy, receivership, diligence process, or similar business transaction.

7.6 Aggregated or De-Identified Information

We may use and disclose aggregated, anonymized, or de-identified information that does not reasonably identify you or your organization.

8. Sale or Sharing of Personal Information

We do not sell personal information for money.

We also do not knowingly sell or share personal information of children under 16.

Some analytics, advertising, or similar technologies may be considered a "sale," "sharing," or "targeted advertising" under certain state privacy laws. Where applicable, we will provide required notices and opt-out mechanisms.

9. Data Retention

We retain information for as long as reasonably necessary to provide the Service, maintain accounts and subscriptions, comply with legal obligations, resolve disputes, enforce agreements, protect security, maintain business records, and fulfill the purposes described in this Privacy Policy.

Customer Content is generally retained while the applicable account or workspace remains active, unless deleted by authorized users, deleted by administrators, or otherwise subject to a separate agreement. Deleted information may remain in backups, logs, archives, or disaster recovery systems for a limited period until overwritten or deleted according to our retention practices.

We may retain certain information for longer periods where required or permitted by law, including for tax, accounting, audit, fraud prevention, security, legal, and compliance purposes.

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, disclosure, alteration, and destruction.

These safeguards may include access controls, authentication, encryption in transit, monitoring, logging, vendor controls, backups, and security review processes.

No method of transmission, storage, hosting, or electronic processing is completely secure. We cannot guarantee absolute security.

11. Alabama Data Security and Breach Notification

Ganttra is operated by Stoney Bottom Studios LLC in Alabama, United States.

If Ganttra determines that a security incident triggers notification obligations under applicable law, including Alabama Code § 8-38-1 et seq. where applicable, we will provide notices required by law to affected individuals, regulators, customers, or other parties.

Customers and users must promptly notify Ganttra at [email protected] if they believe their account credentials, workspace, Customer Content, device, integration, or use of the Service has been compromised or accessed without authorization.

12. Your Privacy Choices

Depending on your location and applicable law, you may have rights to:

  • access personal information;
  • correct inaccurate personal information;
  • delete personal information;
  • receive a copy of personal information in a portable format;
  • opt out of certain processing for targeted advertising, sale, sharing, or profiling;
  • limit certain uses of sensitive personal information;
  • withdraw consent where processing is based on consent;
  • appeal a decision regarding a privacy request.

You may submit a request by contacting [email protected].

We may need to verify your identity or authority before processing a request. If you use the Service through an organization, we may refer your request to that organization or require that you contact the organization directly.

We will not discriminate against you for exercising privacy rights that apply to you.

13. Authorized Agents

Where permitted by law, you may authorize another person or entity to submit a privacy request on your behalf. We may require proof of authorization and may ask you to verify your identity directly with us.

14. Communications Preferences

You may unsubscribe from promotional emails by using the unsubscribe link in those emails or by contacting us. Even if you opt out of promotional messages, we may still send transactional, administrative, security, billing, legal, and service-related messages.

15. International Users

Ganttra is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States and other jurisdictions where we or our service providers operate.

Where required, we rely on appropriate legal bases and transfer mechanisms for international data transfers.

16. EEA, UK, and Similar Privacy Rights

Where applicable, individuals in the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with similar privacy laws may have additional rights, including rights to access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

Where applicable, our legal bases for processing may include performance of a contract, legitimate interests, compliance with legal obligations, consent, and protection of vital interests.

17. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Users must be at least 18 years old, or the age of legal majority in their jurisdiction, to create an account unless use is authorized and administered by an organization under a separate written agreement.

If you believe a child has provided personal information to Ganttra without proper authorization, contact us at [email protected], and we will take appropriate steps to delete the information where required by law.

18. Customer Responsibilities

Customers are responsible for:

  • determining what personal information they submit to the Service;
  • providing privacy notices to their users, employees, contractors, clients, and other individuals as required by law;
  • obtaining consents and permissions required for Customer Content;
  • configuring access controls and user permissions;
  • reviewing and managing integrations;
  • responding to privacy requests relating to Customer Content where the customer controls that information;
  • complying with applicable employment, privacy, data protection, construction, procurement, project, recordkeeping, and professional obligations.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new "Last Updated" date.

If we make material changes, we will provide notice as required by law, which may include notice through the Service, email, or other reasonable means. Continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

20. Contact

Stoney Bottom Studios LLC
Alabama, United States
[email protected]