Teambit Privacy Policy

Last update: March 20, 2025

Introduction

At Teambit ("Teambit," "we," "our," or "us"), operated by Pack SpA, we are committed to safeguarding the privacy and security of the client organizations and users who rely on our software development intelligence platform. This Privacy Policy explains in detail how we collect, process, store, transfer, and protect data across all our services, which include our web platform, integrations with third-party software, APIs, support channels, and marketing tools. By accessing or using any of our services, you acknowledge that you have read and understood this Privacy Policy, and you consent to our practices as described herein.

1. Compliance and Legal Bases

We adhere to internationally recognized data protection and privacy standards to ensure the responsible handling of personal and organizational data. Our compliance includes, but is not limited to:

  • ISO/IEC 27001:2022: Our organization maintains a certified Information Security Management System (ISMS) that ensures a structured approach to securing sensitive information through systematic risk management practices, continuous auditing, and employee awareness training.
  • General Data Protection Regulation (GDPR): For users and organizations based in the European Union (EU), European Economic Area (EEA), and the United Kingdom, we process data in accordance with the GDPR. The lawful bases for processing include:
    • Consent: When individuals have given us explicit permission to process their data for one or more specific purposes.
    • Contractual necessity: When data processing is required to fulfill our contractual obligations.
    • Legitimate interest: When processing is necessary for our operational efficiency, product improvement, or fraud prevention, provided these interests do not override individual rights.
    • Legal obligation: When we are legally obligated to retain or disclose data to comply with applicable laws.
  • SOC 2 Type II: We undergo annual third-party audits to validate the implementation and operating effectiveness of our controls for security, availability, confidentiality, and privacy over an extended period.

These compliance measures provide a framework to ensure that personal and organizational data is handled securely, transparently, and in line with international best practices.

2. Data We Collect

To operate our platform effectively and deliver maximum value to our clients, we collect a range of data types through various channels:

2.1 Data from Integrations:

Our platform integrates with several third-party services, including but not limited to GitHub, GitLab, Bitbucket, Azure DevOps, Jira, Linear, ClickUp, Slack, and Google Workspace. The data we collect from these integrations may include:

  • Source code metadata: Branch names, commit hashes, author information, pull request content, comments, and review status.
  • Project management data: Issue details, task progress, story points, sprint metrics, labels, and assignment history.
  • Messaging platforms: Team structure, channel membership, mention activity, and message frequency (not the message content).
  • SSO Providers: Authentication tokens, names, email addresses, and user profile pictures for verification and session management.

These integrations are essential for enabling our core features, including developer productivity metrics, workflow automation, and team health dashboards.

2.2 Automatically Collected Data:

We collect certain data automatically from devices used to access our platform to ensure secure, smooth, and optimized service delivery:

  • IP address, geographical location derived from IP, device type, operating system version, and browser details
  • Pages visited, time spent on each section, interaction patterns, and navigation paths
  • Authentication logs, error reports, timestamps, and session identifiers
  • Cookies, local storage, and session data used to retain user preferences and track behavioral patterns

This data helps us identify trends, resolve usability issues, ensure security, and personalize the user experience.

2.3 Registration and Communication Data:

When users register for our services, sign up for a newsletter, attend a webinar, or contact support, we may collect:

  • Full name, business email address, phone number, organization name, and job title
  • Preferences regarding communication channels and content types
  • Messages exchanged with our team, including support tickets, requests, or survey responses

We use this data to manage user accounts, provide tailored support, deliver relevant content, and continuously improve user satisfaction.

2.4 Customer and Access Data:

When providing services to client organizations, we process data on behalf of those clients. This includes:

  • User activity within the platform (e.g., logins, changes made, time spent on dashboards)
  • Internal user roles, access permissions, and integration configurations
  • OAuth tokens, API usage logs, access timestamps, and audit trails

All access and customer data is subject to strict role-based access controls and encrypted in transit and at rest.

3. How We Use Data

We use the data collected for a variety of business and technical purposes:

  • Service delivery: To authenticate users, operate integrations, render dashboards, and generate reports
  • Security and compliance: To detect unauthorized access, prevent abuse, and comply with legal frameworks
  • Product improvement: To understand user behavior and usage patterns and optimize features
  • Customer support: To respond to inquiries, diagnose issues, and offer personalized assistance
  • Marketing and communication: To send newsletters, product updates, and promotional materials (with opt-out options)
  • Analytics and insights: To generate performance benchmarks, capacity planning models, and anonymized trend analyses

We do not use personal or customer data for advertising or sell it to third parties under any circumstances.

4. Data Sharing

We treat data with the highest level of confidentiality and only share it under controlled conditions:

  • Vetted service providers: Third-party partners who assist in hosting, analytics, support, or communication—each bound by data processing agreements and confidentiality obligations
  • Corporate affiliates: Internal teams and legal entities within Pack SpA that support operational delivery
  • Client administrators: Authorized personnel within your organization with admin privileges may access usage and performance data
  • Legal authorities: Governmental or law enforcement agencies when required to comply with legal obligations, court orders, or regulatory requirements
  • Business transitions: In the event of a merger, acquisition, or reorganization, data may be part of the transferred assets with prior notice and appropriate safeguards

We do not permit subcontractors to use your data for their own benefit or resell any collected information.

5. International Transfers

As a global organization, we may process or transfer data to jurisdictions outside your country of residence. Where applicable, we:

  • Rely on Standard Contractual Clauses (SCCs) or equivalent instruments for transfers from the EEA, UK, or Switzerland
  • Maintain internal data transfer agreements and audit logs
  • Require third-party processors to comply with GDPR-equivalent protections
  • Ensure all transfers are minimized and monitored for regulatory compliance

If you have questions about how your data is transferred or would like to receive a copy of applicable safeguards, please contact us.

6. Security Measures

We implement technical and organizational measures aligned with leading security frameworks:

  • Encryption: TLS for data in transit; AES-256 for data at rest
  • Identity and access management: RBAC and centralized credential storage
  • Monitoring: Real-time intrusion detection, anomaly detection, and log aggregation tools
  • Resilience: Regular backups, automated failover systems, and disaster recovery protocols
  • Employee training: All staff undergo annual security awareness training and operate under strict confidentiality agreements

In the event of a data breach, we will notify affected parties within 72 hours, as required by GDPR and other applicable regulations.

7. Data Retention

We retain data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • User account data: Retained for the duration of the client contract; deleted within 60 days of termination unless legally required to retain it
  • Archived data: Infrequently accessed historical data may be archived securely or anonymized
  • Log data: Maintained for operational and auditing purposes, typically for up to 12 months
  • Support and communication records: Retained for quality assurance and dispute resolution

Clients may request early deletion or data export at any time, subject to verification and applicable law.

8. Your Rights

We are committed to enabling individuals to exercise their data protection rights. Depending on your jurisdiction, these rights may include:

  • Right to access: Know what personal data we hold and how we use it
  • Right to rectification: Request corrections to inaccurate or incomplete data
  • Right to erasure: Ask us to delete your personal data under certain conditions
  • Right to restrict processing: Temporarily limit how we process your data
  • Right to object: Oppose certain types of data processing based on our legitimate interests
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to withdraw consent: Opt-out of marketing or withdraw consent for optional data uses
  • Right to lodge a complaint: Contact a supervisory authority if your rights are not respected

To exercise any of these rights, please email us at contact@teambit.dev. We will verify your identity and respond within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking tools to enhance functionality and gather analytics:

  • Essential cookies: Required for authentication and secure navigation
  • Performance cookies: Measure usage statistics and feature adoption
  • Functionality cookies: Remember user settings and preferences
  • Analytics cookies: Track engagement to improve UX via tools like PostHog and Google Analytics

You may manage your preferences through your browser settings or opt out using the cookie management tool provided in our platform. Some features may not function properly if cookies are disabled.

10. Children’s Privacy

Our platform and services are designed for professionals and organizations, not individuals under 16 years of age. We do not knowingly collect, use, or disclose personal data from children. If we become aware that a minor has provided us with personal data without parental consent, we will take immediate steps to delete such data.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect technological changes, new legal requirements, or changes in our services:

  • Material updates will be announced via email
  • The "Last Updated" date at the  bottom of the page indicates the most recent revision
  • Continued use of our services after such updates constitutes acceptance of the revised terms

We encourage users to review this page periodically.

12. Contact Information

For any questions, feedback, or to exercise your rights, please contact us via one of the following channels:

  • Email:contact@teambit.dev
  • Support Page: https://teambit.dev
  • Mailing Address: Antonio Bellet 193, Providencia, Santiago, Chile

We are committed to addressing your privacy concerns in a timely and transparent manner.

Last updated:  March 20, 2025