Manager Toolkit logo

Data Privacy and GDPR

How we handle your data, your rights, and our compliance approach.

Last updated April 2026

Manager Toolkit is committed to protecting your personal data and respecting your privacy rights. This article explains our approach to data privacy and how we align with GDPR principles.

Our Approach to GDPR

We follow the core principles of the General Data Protection Regulation (GDPR), regardless of where you are located. This means we collect only the data we need, we are transparent about how it is used, and we give you control over it.

Lawful basis

We process your data based on legitimate interest (providing the service you signed up for) and, where applicable, your explicit consent.

Data minimisation

We only collect data that is necessary to deliver Manager Toolkit. We do not harvest data for advertising or profiling.

Purpose limitation

Your data is used solely to provide and improve the Manager Toolkit service. It is never used for unrelated purposes.

Storage limitation

We retain your data for as long as your account is active. When you delete your account, all data is permanently removed.

Your Rights

Under GDPR and equivalent regulations, you have the following rights over your data:

  • Right of access - You can view all of your management data within the application at any time.
  • Right to rectification - You can edit any of your records, including catchups, actions, meetings, and other items.
  • Right to erasure - You can delete your account and all associated data permanently from the settings page.
  • Right to data portability - You can request a full export of your data by contacting support.
Account deletion is permanent and cannot be undone. All teams, catchups, actions, targets, surveys, retrospectives, and other records will be removed entirely.

Third-Party Processors

Manager Toolkit uses a small number of trusted third-party services to operate:

  • Cloudflare - hosting, CDN, and database infrastructure
  • Clerk - authentication and user management
  • Stripe - payment processing for Pro subscriptions
  • Resend - transactional email delivery
  • PostHog - product analytics and error tracking

None of these processors have access to the content of your management data (catchups, actions, meeting notes, etc.) beyond what is strictly necessary to provide their service.

AI and Your Data

Your management data is never used to train AI models. When you use AI-powered features (Pro only), your data is processed to generate insights for you alone. The results are not stored or used beyond your session.

AI processing happens on demand when you request a summary, suggestion, or analysis. Your data is sent to the AI provider solely for that request and is not retained by the provider for training or any other purpose. If you prefer not to use AI features at all, you can disable them entirely from your feature toggles.

Questions or Requests

If you have questions about your data or wish to exercise any of your rights, please contact our support team. We aim to respond to all data-related requests within 30 days.

You do not need to provide a reason for exercising your rights. Whether you want to access, correct, or delete your data, we will process your request promptly and keep you informed throughout.

Was this article helpful?