Home/Privacy Policy

Privacy Policy

Last updated: May 19, 2026

Your privacy matters to us. This policy explains what personal data Issuely collects, why we collect it, how we use it, and your rights regarding that data.

1. Overview

Issuely ("we," "us," "our") operates the website and platform at issuely.in. This Privacy Policy describes how we collect, use, store, and protect personal information when you use our free bug tracker, support ticket system, and agile project management platform.

By using Issuely, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service and delete your account.

2. Data We Collect

We collect the following categories of data:

AAccount Information

  • Name — your display name used across the platform
  • Email address — used for login, notifications, and password reset
  • Password — stored as a one-way bcrypt hash; we never store plain-text passwords
  • Role — your role within your company (Admin, Agent, Customer)
  • Company / organisation name
  • Email verification status

BContent You Create

  • Tickets — subject, description, priority, category, tags, status
  • Comments & replies — customer-facing messages on tickets
  • Internal notes — agent-only notes (not visible to customers)
  • File attachments — files and screenshots uploaded to tickets
  • Sprint data — sprint names, goals, dates, story points
  • Project data — project names, descriptions, membership

CUsage & Technical Data

  • Activity log — ticket status changes, assignments, comments (stored per ticket for audit purposes)
  • Login timestamps — when you log in to detect suspicious activity
  • IP address — collected by the server on each request (not stored in our database)
  • Browser / device type — inferred from User-Agent header (not stored)

DSSO-Provisioned Data

If you are logged in via Single Sign-On from a third-party website, we receive the data included in the JWT token by that website's administrator: typically your email address, name, role, and optionally a project assignment. This data is used solely to create or update your Issuely account.

3. How We Use Your Data

We use the data we collect for the following purposes:

PurposeData Used
Provide and operate the ServiceAccount info, content, activity log
Authenticate and secure your accountEmail, hashed password, session cookie
Send email notifications on ticket updatesEmail address, ticket content
Email verification and password resetEmail address, verification tokens
Enforce our Terms of ServiceAccount info, usage data
Improve and debug the ServiceAggregated usage data (anonymised)
Respond to support requestsEmail address, account info

We do not sell your personal data, use it for advertising, or share it with data brokers.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Within your organisation: Members of your company (Admins and Agents) can view tickets and user information within your company's scope. Customers can only see their own tickets.
  • Email service provider: We use an SMTP service to send transactional emails (ticket notifications, verification emails). This provider processes your email address and the email content on our behalf.
  • Legal obligations: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Issuely, our users, or the public.
  • Business transfer: If Issuely is acquired or merged, your data may be transferred to the new entity subject to the same privacy protections.

5. Cookies & Sessions

Issuely uses a single essential cookie:

auth_token

An HTTP-only, Secure session cookie containing a signed JSON Web Token (JWT) that identifies your logged-in session. This cookie is required for the Service to function and expires after 7 days of inactivity. It cannot be accessed by JavaScript and is transmitted only over HTTPS.

We also use localStorage to store your UI theme preference (light or dark mode). This stores no personal data.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

6. SSO & Third-Party Integration

If your organisation uses Issuely's JWT Single Sign-On feature, the website that redirects you to Issuely is operated by a third party (your company or a software vendor). That website's privacy practices are governed by their own privacy policy, not this one.

When you are redirected to Issuely via SSO, we receive only the data included in the JWT token (typically email, name, role, and project). We use this data to create or update your Issuely account.

Issuely does not use OAuth providers (Google, GitHub, etc.) for authentication. We do not receive data from or share data with those services.

7. Data Storage & Security

Your data is stored on servers located in India. We implement the following security measures:

  • All data in transit is encrypted using TLS/HTTPS
  • Passwords are hashed with bcrypt before storage — plain-text passwords are never stored
  • Session tokens are signed JWTs stored in HTTP-only cookies, inaccessible to JavaScript
  • SSO tokens are short-lived (maximum 10 minutes) to prevent replay attacks
  • Database access is restricted to the application server
  • File attachments are stored on the server with access controlled by authentication

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as your account is active. Specifically:

  • Account data — retained while your account is active and for 30 days after deletion to allow recovery
  • Tickets and content — retained for the lifetime of the company account; deleted when the company account is removed
  • File attachments — deleted when the associated ticket is deleted or when the account is closed
  • Activity logs — retained for 12 months for audit purposes
  • Email verification tokens — automatically expire and are deleted after use or expiry

You can request deletion of your account and associated data at any time (see Your Rights below).

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

👁️Access

Request a copy of the personal data we hold about you.

✏️Correction

Update or correct inaccurate personal information via account settings.

🗑️Deletion

Request deletion of your account and personal data.

📦Portability

Request an export of your data in a machine-readable format.

🚫Objection

Object to processing of your data in certain circumstances.

⏸️Restriction

Request that we restrict how we process your data while a dispute is resolved.

To exercise any of these rights, contact us at info@issuely.in. We will respond within 30 days. Some rights may be limited where we have a legitimate legal basis for processing.

10. Children's Privacy

Issuely is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify registered users by email for significant changes

We encourage you to review this page periodically. Your continued use of Issuely after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Issuely — Data Controller

Email: info@issuely.in

Website: https://issuely.in

We aim to respond to all privacy requests within 30 days.

Also see our Terms of Service

The rules and guidelines for using Issuely.

Terms of Service →