At Yes-But-How Ltd ("Company", "we", "us", or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, share and protect personal data when you access or use Recadence.ai and related services (the "Services"). By using our Services, you acknowledge the practices described in this Privacy Policy.
Your use of the Services is at all times subject to our Terms of Service. Any terms used in this Policy without definition have the meanings given in the Terms of Service, including the Data Classification definitions in Section 1.8 of the Terms of Service (Operational Metadata, User-Generated Notes, Content Data, and Excluded Data).
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information that identifies or relates to a particular individual, and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws. This Privacy Policy does not cover the practices of companies we do not own or control, including Atlassian (the provider of Jira).
| Category | Examples | Third Parties We May Share With |
|---|---|---|
| Profile or Contact Data | Name, email address, job title, and company name of individuals who register for or administer the Service | Service Providers |
| Jira Operational Metadata | Status names, status transition timestamps, sprint configurations, workflow patterns, assignee and reporter identifiers, and similar structural data from Customer's Jira instance | Displayed to authorised Users of Customer's account; anonymised metadata may be processed by AI providers |
| Jira Content Data | Issue descriptions and comments, read locally for categorical classification only (e.g., identifying presence of user stories or acceptance criteria). Not transmitted to external AI providers. File attachments are not accessed; issue icons may be displayed. | Displayed to authorised Users of Customer's account only; not shared externally |
| User-Generated Notes | Free-text notes, action items, annotations, and role classifications submitted by Users within the Service. These fields are intended for operational purposes and should not contain Personal Data. | Displayed to authorised Users; may be processed by AI providers |
| Device and IP Data | IP address, device ID, browser type, operating system | Service Providers |
| Web Analytics | Page interactions, referring webpage, session statistics, and similar usage data collected via Google Analytics 4 on our marketing website (recadence.ai), subject to your cookie consent preferences | Google (Analytics) |
| Payment Data | Billing address, billing email, and payment details as provided to the Company or its invoicing provider | Invoicing and Payment Providers |
| Other Voluntary Information | Information in emails, support requests, or other correspondence you send us | Service Providers |
When you create an account, use our Services, fill out forms, contact us by email or otherwise, or use our interactive tools and features.
When you authorise the Service to connect to your Jira instance, we retrieve project and issue data via the Atlassian APIs using the Integration User credentials provided by Customer. This data is indexed and stored for the purpose of providing the Service. We only retrieve data from projects that Customer has selected for indexing. The Service does not access file attachments or other Excluded Data. Issue descriptions and comments (Content Data) are read locally for categorical classification purposes only and are not transmitted to external AI providers. The Jira Plugin only displays projects to which the given Jira user already has access within Jira.
When Users submit notes, annotations, role classifications, or other inputs within the Service (User-Generated Notes), we collect and store this data. User-Generated Notes are intended for operational purposes and should not contain Personal Data. Customer is responsible for ensuring that its Users do not include Personal Data in User-Generated Notes.
Through cookies and similar technologies when you use our website or Service, including IP address, browser type, device information, pages visited, and usage patterns. Our marketing website (recadence.ai) uses Google Analytics 4 to collect anonymised usage data. Google Analytics cookies are only set when you grant analytics consent via our cookie banner. When consent is not granted, Google Analytics operates in cookieless mode, sending limited, anonymised measurement signals.
Creating and managing your account; processing transactions and billing; providing you with the products, services or information you request; meeting or fulfilling the reason you provided the information; providing support and assistance; improving the Services, including testing, research, internal analytics and product development; personalising the Services and communications; performing fraud protection, security and debugging.
Marketing and selling the Services, subject to your preferences and applicable law.
Responding to correspondence we receive from you; contacting you when necessary or requested; sending you information about the Company or the Services.
Fulfilling our legal obligations; protecting rights, property or safety; enforcing agreements; responding to claims; resolving disputes.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.
Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR), we process Personal Data on the following bases:
We process profile/contact data, Jira Operational Metadata, device data, payment data, and web analytics as necessary to perform under our Terms of Service and provide the Services to you. Failure to provide such data will result in your inability to use some or all of the Services.
We process certain data where we believe it furthers our legitimate interests or those of third parties, including providing, customising and improving the Services; marketing the Services; corresponding with you; and meeting legal requirements. We may also de-identify or anonymise Personal Data to further our legitimate interests.
In some cases, we process Personal Data based on consent you expressly grant at the time of collection. Where processing is based on consent, you have the right to withdraw consent at any time.
We may process Personal Data to comply with a legal obligation, to protect vital interests, or for a task carried out in the public interest.
We share Personal Data with service providers who help us provide the Services or perform business functions on our behalf, including hosting providers, security consultants, analytics providers, support vendors, and invoicing providers. Our current sub-processors are listed in our Data Processing Agreement.
Jira-sourced data that is indexed by the Service is accessible to all authorised Users within the relevant Customer's account (logically segmented by clientId). Users with access to the web administration interface see all indexed data for the Customer's account. The Jira Plugin only displays projects to which the given Jira user already has access within Jira. User-Generated Notes are visible to authorised Users within the Customer's account.
Anonymised Operational Metadata (such as aggregated workflow patterns and timing data) and User-Generated Notes (which should not contain Personal Data) may be transmitted to third-party AI providers located in the United States for the purpose of generating summaries and analytical insights. No Personal Data, Content Data (including issue descriptions and comments), or Excluded Data (including file attachments) is transmitted to AI providers. Customer may request that AI Features be disabled entirely.
We may share Personal Data with third parties in conjunction with legal obligations, including to comply with applicable law, regulation, court order or other legal process, or to protect rights, property or safety.
All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business. We will make reasonable efforts to notify you before your information becomes subject to different privacy and security practices.
We may create aggregated, de-identified or anonymised data from Personal Data. We may use and share such data for lawful business purposes, provided that we will not share it in a manner that could identify you.
The Services use cookies and similar technologies ("Cookies") to enable our servers to recognise your web browser, analyse trends, learn about our user base, and operate and improve our Services.
Essential Cookies: Required for providing features or services you have requested, such as logging into secure areas.
Functional Cookies: Record your choices and settings, maintain preferences, and recognise you when you return.
Performance/Analytical Cookies: Help us understand how visitors use the Services by collecting information about pages visited, session duration, and similar metrics. On our marketing website, we use Google Analytics 4, which sets a _ga cookie when you grant analytics consent. These cookies are only placed after you have given explicit consent via the cookie banner.
When you first visit our website, a cookie banner allows you to accept or reject non-essential cookies. You can change your preferences at any time by clicking "Manage cookies" in the page footer. You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Disabling cookies may affect functionality of the Services.
We maintain appropriate physical, technical, organisational and administrative security measures to protect Personal Data from unauthorised access, use and disclosure. These measures include: storage on servers located in Germany (EU) with strict firewall and network boundaries; encrypted connections via Cloudflare tunnels with no direct internet exposure; IP-restricted SSH access using public-private key authentication; encryption of sensitive data at rest through multiple layers; logical tenant separation by clientId; and internal classification of data into Operational Metadata, Content Data, and Excluded Data to ensure appropriate handling at each level. A summary of our security measures is available upon request.
We retain Personal Data for as long as you have an active account with us or as otherwise necessary to provide the Services. Customer may flush indexed data at any time to remove historical records, including data relating to individuals no longer present in Jira. Upon termination of a Customer's account, we delete all Personal Data and identifiable User Submissions within thirty (30) days unless retention is required by law. Data that has been irreversibly anonymised is not Personal Data and is not subject to deletion obligations.
Security and access logs may be retained for up to twelve (12) months after termination for the protection of the Service, after which they are purged.
We do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Data to us. If we learn that we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at privacy@recadence.ai.
Under the UK GDPR and EU GDPR, you have the following rights with respect to your Personal Data:
Access: You can request information about the Personal Data we hold about you and request a copy.
Rectification: You can request that we correct or supplement any incorrect or incomplete Personal Data.
Erasure: You can request that we erase some or all of your Personal Data from our systems.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
Portability: You can ask for a copy of your Personal Data in a machine-readable format.
Objection: You can object to the further use or disclosure of your Personal Data for certain purposes, such as direct marketing.
Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time.
Right to Complain: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
To exercise any of these rights, please contact us at privacy@recadence.ai.
The Services are hosted on servers located in Germany within the European Union. The Company is established in the United Kingdom, which benefits from an adequacy decision by the European Commission, permitting the free flow of personal data between the EU and UK without additional safeguards. Personal Data and Content Data is processed only in Germany and the United Kingdom and does not leave these jurisdictions.
The Service's AI Features may transmit anonymised Operational Metadata (such as aggregated workflow patterns and timing data) and User-Generated Notes (which should not contain Personal Data) to third-party AI providers located in the United States. No Personal Data, Content Data, or Excluded Data is transmitted to these providers.
When you grant analytics consent on our marketing website, Google Analytics 4 may process anonymised usage data on Google's infrastructure, which may include servers located outside the EU/UK. This processing is based on your explicit consent and you may withdraw it at any time via the "Manage cookies" link in the page footer. Google's privacy practices are described at policies.google.com/privacy.
If, in the future, any transfer of Personal Data outside Germany and the United Kingdom becomes necessary, we will ensure that appropriate safeguards are in place in accordance with the UK GDPR and EU GDPR, including the use of Standard Contractual Clauses or equivalent mechanisms.
The Company is registered in England. Your rights under the UK GDPR are described in Section 10 above. Our supervisory authority is the UK Information Commissioner's Office (ICO).
If you are a resident of the European Economic Area, your rights under the EU GDPR are described in Section 10 above. You may lodge a complaint with your local supervisory authority.
Under the California Consumer Privacy Act (CCPA), California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for direct marketing purposes. We do not sell Personal Data as defined by the CCPA. To submit a request, please contact us at privacy@recadence.ai.
We may update this Privacy Policy from time to time. We will alert you to material changes by placing a notice on our website or by sending you an email. If you use the Services after changes have been posted, you agree to those changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.
If you have any questions or comments about this Privacy Policy, please contact us at:
Company: Yes-But-How Ltd
Email: privacy@recadence.ai
Company Number: 16547746
Registered in: England and Wales
Last updated: 3 March 2026