Trello Privacy Policy

What this policy covers

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with Trello (for example, attending Trello events), unless a different privacy policy is displayed. This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

When we refer to "Trello," "we," or "us" in this policy, we mean Trello, Inc., which controls the information Trello collects when you use the Services. Trello offers collaborative tools, including our web, desktop, and mobile products, which help you stay organized and communicate with others. We also own and operate a number of websites and offer related services, like support. We refer to all of these products, together with our other services and websites as "Services" in this policy.

Relationship with Atlassian and managed accounts

In 2017 we joined the Atlassian product family.1 Sometimes we receive information from and share information with Atlassian Pty Ltd, Atlassian, Inc. and their corporate affiliates (together "Atlassian"). We have included specific explanations and examples in this Privacy Policy to help you better understand when we do that and your choices regarding that sharing. For more information about how Atlassian uses information about you, please see Atlassian's privacy policy.2

Where we provide the Services under contract with an organization (for example your employer), that organization controls the information processed by the Services. For more information, please see Notice to End Users below.

What information we collect about you

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.

Information you provide to us

We collect information about you when you input it into the Services or otherwise provide it directly to us.

Information we collect automatically when you use the Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Information we receive from other sources

We receive information about you from other Service users, from third party services, from the Atlassian product family and related companies, and from our business and channel partners.

How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

How we share information we collect

We make collaboration tools, and we want them to work well for you. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.

Sharing with other Service users

When you use the Services, we share certain information about you with other Service users.

Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.

Sharing with affiliated companies

We share information we collect with affiliated companies and, in some cases, with prospective affiliates. Affiliated companies are companies owned or operated by Atlassian. The protections of this privacy policy apply to the information we share in these circumstances.

How we store and secure information we collect

Information storage and security

We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We will respond to requests about this within a reasonable timeframe.

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within a reasonable timeframe.

Your Choices:

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by enabling a Power-Up, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

How we transfer information we collect internationally

International transfers of information we collect

We collect information globally and primarily store that information in the United States. We transfer, process and store your information outside of your country of residence, to wherever we, Atlassian or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.

Privacy Shield Notice

Trello, Inc. and the U.S.-based Atlassian corporate affiliates (Atlassian, Inc., Atlassian Network Service, Inc., and Dogwood Labs, Inc.) participate in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the Privacy Shield Principles regarding the collection, use, and retention of information about you that is transferred from the European Union or Switzerland (as applicable) to the U.S. We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy policy and is received from the European Union, the European Economic Area, and Switzerland.

Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

To learn more about the Privacy Shield Program, and to view our certification, please visit our public Privacy Shield listing.15

We encourage you to contact us as provided below should you have a Privacy Shield-related (or general privacy-related) complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider16 (free of charge). Through this third-party dispute resolution provider, we have also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) in relation to unresolved complaints (as further described in the Privacy Shield Principles). You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.

Under certain conditions, more fully described on the Privacy Shield website,17 including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Other important privacy information

Notice to End Users

Our products are intended for both personal use and use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the end-users and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy.

Even if the Services are not currently administered to you by an organization, if you are a member of a team administered by an organization, or if you use an email address provided by an organization (such as your work email address) to access the Services, then the administrator of that team or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.

Board, team, and enterprise administrators are able to restrict your access to and privileges within the respective board, team or enterprise the administrator controls. In some cases, enterprise administrators can also:

If you do not want an administrator to be able to assert control over your account or use of the Services, you should deactivate your membership with the relevant board, team or enterprise or remove any email addresses containing a domain owned or controlled by the administrator entirely from your account. Once an administrator asserts control over your account or use of the Services, you may no longer be able to withdraw membership or change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

Our policy towards children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.18

Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.

Contact Us

Your information is controlled by Trello, Inc. If you have questions or concerns about how your information is handled, please direct your inquiry to Trello Inc., as set forth below or, if you are a resident of the European Economic Area, please contact our EU Representative.

TRUSTe

Footnotes:

1https://www.atlassian.com/software

2https://www.atlassian.com/legal/privacy-policy

3https://www.atlassian.com/legal/cookies

4https://www.atlassian.com/software

5https://community.atlassian.com/t5/Trello/ct-p/trello

6https://trello.com/inspiration

7https://www.atlassian.com/software

8https://www.atlassian.com/trust/privacy/guidelines-for-law-enforcement

9https://www.atlassian.com/trust/privacy/transparency-report

10https://www.atlassian.com/software

11https://help.trello.com

12https://trello.com/contact

13https://help.trello.com

14https://www.atlassian.com/legal/cookies

15https://www.privacyshield.gov/participant?id=a2zt00000004FK0AAM&status=Active

16https://feedback-form.truste.com/watchdog/request

17https://www.privacyshield.gov/welcome

18https://trello.com/contact