Privacy Policy

BAS Trust Systems AS ("we," "us," "our") operates BAS TrustDesk at bastrustdesk.com. This Privacy Policy explains how we collect, use, and protect your personal data with a commitment to full transparency and security.

1. Data Controller

BAS Trust Systems AS, Norway. Contact: [email protected]

2. What Data We Collect

Account Data

Name, email address, password, organisation name, and role (Admin, Manager, Viewer).

Service Data

• Strategy documents you upload (PDF, DOCX, PPTX)
• Extracted Jobs To Be Done, hypotheses, and strategic themes
• Execution data ingested from connected tools (Jira, GitHub, Azure DevOps) via read-only OAuth connectors
• Alignment scores, confidence levels, and gap detection results

Analytics Data

• Pages visited, features used, session duration (PostHog)
• UTM parameters, scroll depth, time on page
• Browser type, device type, operating system

4. Read-Only Guarantee

BAS TrustDesk never writes back to your connected tools. All connectors are read-only by design. We do not modify, create, or delete data in Jira, GitHub, Azure DevOps, or any other connected tool.

5. Legal Basis for Processing (GDPR)

• Contract performance: Processing account and strategy data to deliver the service.
• Legitimate interest: Analytics to improve the platform behavior.
• Consent: Explicit opt-in for marketing communications.

6. Your Rights Under GDPR

You have the right to access, rectify, erase, restrict, port, object, and withdraw consent at any time. Requests sent to [email protected] will receive a response within 30 days.

9. Data Security

We employ JWT authentication, encryption in transit (TLS 1.3) and at rest (AES-256), multi-tenant workspace isolation, and rigorous role-based access control.