Privacy Policy

Introduction

Your privacy matters to us. Cheers is operated by Acumen Insights Group (ABN 63 574 909 931). Cheers is built to help teams celebrate each other - not to collect more data than we need. We believe you should always know what information we have and why.

This Privacy Policy explains what we collect when you use Cheers, how we use it, and the rights you have over your data. We've tried to keep it clear and jargon-free.

Information We Collect

Here's what we collect and why - we've kept this list specific so you know exactly what we store.

Workspace Information

• Slack team ID, team name, and team domain
• Bot OAuth token (securely stored and never exposed in API responses)
• Total workspace user count

User Information

• Slack user IDs (unique per workspace)
• Email address (from Slack authentication and support/contact forms)
• Display name and avatar URL (from your Slack profile)
• User role within Cheers (Standard, Manager, or Admin)
• Count of cheers you have given and received

Message & Interaction Data

• Message timestamps and thread timestamps
• Channel IDs where cheers occur
• Slack user IDs of message senders, mentioned users, and emoji reactors

Worth noting: We only track the metadata around cheers (like timestamps and who was mentioned) - we never read or store your actual message content.

Rewards & Redemptions

• Reward configurations (title, description, point value, images)
• Redemption requests (user ID, reward details, approval status, request reason)

Configuration & Settings

• Custom emoji preferences
• Keywords for cheer recognition
• Channel settings for reports and reward requests
• Report scheduling preferences
• Notification settings

Usage & Analytics Data

We use a two-tier analytics model:

• Anonymous aggregate analytics (no consent required): We collect non-identifiable, aggregate event counts (e.g., how many times a feature is used) that cannot be linked to any individual user. This data is not personal data under GDPR.
• Identified analytics (requires your consent): When you accept analytics via the consent banner on the dashboard, we attribute usage events to your account using composite identifiers to improve the product. You can accept or decline at any time.
• Daily activity reports (cheers given/received per user)
• Monthly active users (for billing purposes)
• Error logs for debugging and service improvement

Billing & Subscription Information

• Subscription tier (Free, Trial, Pro, or Enterprise)
• Trial expiration dates
• Stripe customer ID and subscription ID
• Billing period dates
• Monthly active user counts for usage-based billing

Payment Information

Payment processing is handled entirely by Stripe, which is PCI-DSS compliant. We store only Stripe customer and subscription IDs. We never see or store your credit card details.

How We Use Your Information

We use the information we collect to:

• Provide and maintain the core recognition and rewards functionality
• Authenticate users via Slack OAuth
• Calculate usage-based billing for Pro and Enterprise plans
• Generate analytics, reports, and insights for your team
• Manage rewards and process redemption requests
• Send notifications and scheduled reports
• Improve our service and fix bugs
• Provide customer support
• Comply with legal obligations

Data Storage and Security

Here's how we keep your data safe:

• Hosting: Data is hosted on Google Cloud SQL with enterprise-grade security
• Encryption: All data is encrypted in transit using TLS and at rest using AES-256 encryption
• Access Control: Users can only access their own workspace data, enforced through secure authentication, workspace membership validation, and role-based access control
• Payment Security: All payment processing handled by Stripe with PCI-DSS compliance
• Authentication: Secure OAuth 2.0 integration with Slack
• Sensitive Tokens: Bot tokens and API keys are handled as restricted credentials and are never exposed in API responses
• Accountability: We log when our team accesses workspace data for support, so there's always a record

Data Retention

Active Data Retention

While your workspace is active, we keep the data needed to power Cheers for your team:

• User profiles, cheers history, and recognition data
• Rewards configuration and redemption history
• Settings and billing information
• Analytics and reports

Slack User Profile Cache: Cached Slack user profiles are automatically deleted after 24 hours and refreshed as needed.

Upon App Uninstallation

Currently, we retain your data after app uninstallation to allow for easy reinstallation. To permanently delete your workspace data, please contact us at the email address provided below. We will:

• Delete all production data within 30 days of your request
• Purge backup data within 14 days after production deletion

Individual User Deletion Requests

Individual users can request deletion of their personal data by contacting us. We will process deletion requests within 30 days.

Data Sharing and Third-Party Services

We don't sell, rent, or trade your personal data. We only share data with the trusted service providers we need to run Cheers:

Your Rights

You're in control of your data. Here's what you can do:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Export: Receive your data in a portable, machine-readable format
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent for identified analytics at any time via the consent banner on the dashboard, or contact us for other data processing

To exercise any of these rights, please contact us at the email address provided in the Contact Information section below. We will respond to your request within 30 days.

Cookies and Tracking

Cheers uses minimal cookies and local storage for essential functionality:

• Authentication Cookies: Session cookies to keep you logged in
• Analytics Consent: We store your analytics preference in localStorage so we remember your choice across sessions. You can change this at any time via the consent banner on the dashboard.
• No Advertising Cookies: We do not use third-party tracking or advertising cookies
• No Cross-Site Tracking: We do not track your activity across other websites

Children's Privacy

Cheers is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete such information promptly.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that all such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify workspace administrators via email or in-app notification
• For significant changes, provide prominent notice in the app

We'll always let you know about significant changes so you can make informed decisions about using Cheers.

Contact Information

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us: