white.space
BigPlannerSign in

Privacy Policy

Last updated: 18 March 2026

1. Who we are

BigPlanner is a programme management tool operated by white.space (white.space). References to “we”, “us”, or “our” in this policy refer to white.space. Our contact email is john.fitzsimons@white.space.

2. What data we collect

  • Account information — your name and email address, provided when you register or sign in with Google.
  • Organisation data — organisation name, and the role you hold within that organisation on BigPlanner.
  • Integration credentials — Jira, Confluence, and Slack API tokens and configuration that you provide on the Integrations page. These are encrypted at rest using AES-256-GCM and are never shared with third parties beyond the respective services.
  • Synced Atlassian data — programme names, epic summaries, issue titles, sprint names, and team/assignee information pulled from your connected Jira instance. This data is stored in your organisation's database partition.
  • Usage data — standard server logs (IP address, browser, pages visited, timestamps). We do not use third-party analytics trackers.

3. How we use your data

  • To operate and deliver the BigPlanner service to you and your organisation.
  • To authenticate you (via credentials or Google OAuth).
  • To sync data from your connected Atlassian and Slack workspaces on your behalf.
  • To send Slack notifications that you or your organisation have configured.
  • To diagnose errors and improve the service.

We do not sell your data. We do not use your data for advertising.

4. Google OAuth

If you choose to sign in with Google, we receive your Google account name, email address, and profile picture from Google. We use this solely to authenticate you and create or link your BigPlanner account. We do not access your Google Drive, Gmail, Calendar, or any other Google services beyond basic profile information.

BigPlanner's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data sharing

We share your data only with the following third-party services, solely to operate BigPlanner:

  • Supabase — our database host (PostgreSQL). Data is stored in the EU region.
  • Vercel — our hosting provider. Your requests are processed on Vercel's infrastructure.
  • Atlassian (Jira / Confluence) — we read data from your connected Atlassian instance using credentials you provide.
  • Slack — we send notifications to channels you configure using a bot token you provide.

We do not share data with any other third parties.

6. Data retention

We retain your data for as long as your account is active. If you wish to delete your account and all associated data, contact us at john.fitzsimons@white.space and we will delete all personal data within 30 days.

7. Security

Integration credentials are encrypted at rest with AES-256-GCM. Passwords are hashed with bcrypt (cost factor 12). All traffic is served over HTTPS. Session tokens use NextAuth JWT with a cryptographically secure secret.

8. Your rights

You have the right to access, correct, or delete your personal data at any time. Contact us at john.fitzsimons@white.space.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by a prominent notice in the app.