Privacy Policy

Your data, handled with care.

Effective date: March 20, 2026  ·  Last updated: March 20, 2026

Bordly is a team workspace tool. We collect only what we need to run the product, never sell your data, and give you straightforward control over what you share with us.

On this page
Who we areWhat we collectHow we use itHow we store itThird-party servicesYour rightsCookiesChildren's privacyChanges to this policyContact us

1. Who we are

Bordly ("we", "us", "our") operates the website at bordly.app and the Bordly web application. We provide team workspace software including kanban boards, personal task management, and team journaling.

If you have any questions about this policy, contact us at our contact page or email privacy@bordly.app.

2. What we collect

Information you provide directly

  • Account information: your email address and display name when you sign up.
  • Profile data: an optional profile photo and avatar colour you set in your account settings.
  • Workspace content: tickets, tasks, journal entries, comments, and file attachments you create inside Bordly.
  • Communications: messages you send us via the contact form.

Information collected automatically

  • Authentication tokens: session tokens managed by our authentication provider (Supabase) to keep you signed in.
  • Usage data: basic interaction data such as which workspace you last visited (stored locally in your browser, never sent to our servers).

What we do not collect

  • We do not collect payment information directly — payments are handled entirely by our payment processor.
  • We do not collect precise location data.
  • We do not track your activity across other websites.
  • We do not build advertising profiles.

3. How we use your information

We use the information we collect to:

  • Create and manage your account and workspace.
  • Deliver the core functionality of Bordly (boards, tasks, journal, notifications).
  • Send transactional emails (sign-in confirmation, password reset, team invite notifications).
  • Respond to support requests and contact form submissions.
  • Detect and prevent abuse, fraud, and security incidents.
  • Improve the product based on aggregate, anonymised usage patterns.

We do not use your content (tickets, tasks, notes) to train AI models or for any purpose other than delivering the service to you.

4. How we store and protect your data

All Bordly data is stored in Supabase, which runs on AWS infrastructure. Data is encrypted in transit (TLS) and at rest. Supabase enforces Row Level Security (RLS) on all tables, meaning each user can only access data they are authorised to see.

File attachments (profile photos, ticket attachments, workspace logos) are stored in Supabase Storage, which uses S3-compatible object storage with private bucket policies where applicable.

We retain your data for as long as your account is active. If you delete your workspace, all associated data (teams, tickets, tasks, journal entries) is permanently deleted from our database. If you would like your account fully removed, contact us and we will process it within 30 days.

5. Third-party services

We use a small number of third-party services to operate Bordly:

ServicePurposeData shared
SupabaseDatabase, authentication, file storageAll user and workspace data
VercelHosting and CDNRequest metadata (IP, headers) — standard web serving
Google FontsTypography (Geist font)IP address on font request

We do not sell your data to any third party. We do not use advertising networks or data brokers.

6. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to correct inaccurate data.
  • Deletion: ask us to delete your account and associated data.
  • Portability: request your data in a machine-readable format.
  • Objection: object to certain uses of your data.

To exercise any of these rights, contact us via our contact page. We will respond within 30 days. We may ask you to verify your identity before processing a request.

If you are in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

7. Cookies and local storage

Bordly uses the following browser storage:

  • Authentication cookies: set by Supabase to maintain your signed-in session. These are essential and cannot be disabled.
  • localStorage: we store your last-active workspace ID locally so the app reopens to the right workspace. This never leaves your device.
  • sessionStorage: used temporarily to pass invite tokens through the authentication flow. Cleared immediately after use.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

8. Children's privacy

Bordly is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users via email or an in-app notice. Your continued use of Bordly after a change constitutes acceptance of the updated policy.

10. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: