Privacy Policy

Last updated: April 2025

FastSLA ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why we collect it, and how we handle it when you use FastSLA.

1. Who we are

FastSLA is a SaaS product that provides SLA tracking on top of issue management systems such as Jira, Azure DevOps, and GitHub Issues. We are the data controller for personal data collected through fastsla.com and app.fastsla.com. Contact us at contact@fastsla.com with any questions.

2. What data we collect

We collect the following categories of data:

• Account data: Name, email address, and password (hashed) when you sign up.
• Issue and webhook data: Issue keys, status, timestamps, and priority forwarded to us via webhooks from your issue management system. We deliberately do not collect issue titles, body text, comments, or attachments — only the structured metadata needed to calculate SLA status.
• SLA configuration data: Project-specific SLA rules, business-hour calendars, and escalation settings you define within FastSLA.
• Usage data: Log data including IP addresses, browser type, and pages visited, used for security monitoring and service improvement.
• Billing data: Subscription plan and invoice history. Payment card details are handled exclusively by our payment processor and are never stored by FastSLA.

3. How we use your data

• To deliver and operate the FastSLA service.
• To calculate SLA breach status, elapsed time, and reporting metrics.
• To send transactional emails (email verification, password reset, SLA breach alerts you configure).
• To respond to support requests.
• To detect and prevent abuse and security incidents.
• To comply with legal obligations.

We do not sell your data. We do not use your data for advertising.

4. Legal basis for processing (GDPR)

• Contract performance: Processing your account and issue data is necessary to deliver the service you have subscribed to.
• Legitimate interests: Security monitoring, fraud prevention, and service improvement.
• Legal obligation: Retaining records as required by applicable law.
• Consent: Where we send optional communications, we rely on consent which you may withdraw at any time.

5. Data retention

Account data is retained for the duration of your subscription and deleted within 90 days of account closure upon request. Issue and SLA data is retained for 12 months of history by default. Logs are retained for 30 days.

6. Data sharing and sub-processors

We use a limited number of sub-processors to operate the service:

• Railway (infrastructure hosting) — servers and database storage.
• Resend (transactional email) — email delivery.
• MongoDB Atlas (database) — if applicable to your deployment.

All sub-processors are contractually bound to handle data securely and in compliance with GDPR where applicable. We do not share your data with any other third parties except where required by law.

7. International transfers

Your data may be processed in the European Union or the United States depending on the infrastructure region of your deployment. Where data is transferred outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

8. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability — receive your data in a machine-readable format.
• Lodge a complaint with your national supervisory authority.

To exercise any of these rights, email contact@fastsla.com. We will respond within 30 days.

9. Security

We use industry-standard security practices including encrypted data transmission (TLS), hashed passwords, and access controls. No system is completely secure; we encourage you to use a strong, unique password and contact us immediately if you suspect unauthorised access.

10. Cookies

fastsla.com uses no third-party tracking cookies. We use a session cookie strictly necessary for authentication in app.fastsla.com. We do not use advertising or analytics cookies.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or an in-app notice. The latest version is always available at this URL.

12. Contact

For any privacy-related questions or requests: contact@fastsla.com