Privacy Policy
Effective Date: March 1, 2026
Contents
- Introduction
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing
- Schedule & Production Data
- Third-Party Service Providers
- Cookies & Tracking
- Data Retention
- Data Security
- Your Rights
- International Data Transfers
- Children's Privacy
- Communication
- Changes to This Policy
- Contact
1. Introduction
Schantt ("we," "us," or "our") operates the production scheduling application at schantt.com (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, and password when you register.
- Team information: Team name and configuration when you create or join a Team.
- Schedule Data: Production data you enter, including stages, machines, product classes, products, processing times, changeover times, transfer times, and generated schedules.
- Contact information: Name, email, and message content when you use our contact form.
2.2 Information Collected Automatically
- Log data: IP address, browser type, operating system, referring URLs, pages visited, and access timestamps.
- Usage data: Feature usage patterns and interactions within the Service to help us understand how the Service is used and identify areas for improvement.
- Cookies: See Section 7 below.
2.3 Payment Information
We do not directly collect or store payment card details. All payment processing is handled by our payment partner, Paddle, who acts as the Merchant of Record. Paddle may collect billing information such as your name, email, billing address, and payment method. Please refer to Paddle's Privacy Policy for details.
3. How We Use Your Information
We use the information we collect to:
- Provide the Service: Create your account, process your Schedule Data, generate schedules, and display results.
- Manage subscriptions: Process billing, enforce plan limits, and manage your account.
- Communicate with you: Respond to your inquiries, send account-related notifications (e.g., subscription confirmations, password resets), and provide technical support.
- Improve the Service: Analyze usage patterns in aggregate to identify bugs, improve features, and optimize performance.
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations: Meet applicable legal, regulatory, or tax requirements.
We do not sell your personal information to third parties. We do not use your Schedule Data for any purpose other than providing the Service to you.
4. Legal Basis for Processing
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:
- Contract: Processing necessary to provide you with the Service you signed up for (account creation, Schedule Data processing, subscription management).
- Legitimate interest: Processing for purposes such as improving the Service, ensuring security, and analyzing aggregate usage — where our interests do not override your fundamental rights.
- Legal obligation: Processing required to comply with applicable laws (e.g., tax records, responding to lawful requests).
- Consent: Where we send optional marketing communications, we rely on your consent, which you can withdraw at any time.
5. Schedule & Production Data
Your Schedule Data (production configurations, scheduling parameters, and generated schedules) is core to the Service. We handle it with particular care:
- Ownership: You retain full ownership of your Schedule Data at all times.
- Access control: Your Schedule Data is accessible only by members of your Team, based on the roles and permissions you configure.
- Sharing: If you use sharing features (e.g., shared Gantt chart links), the shared content becomes accessible to anyone with the link. You control what is shared.
- No training use: We do not use your Schedule Data to train algorithms or models, or share it with other customers.
- Isolation: Each Team's data is logically isolated from other Teams within the Service.
6. Third-Party Service Providers
We use the following third-party service providers to operate the Service. These providers process data on our behalf and are bound by contractual obligations to protect your information:
| Provider | Purpose | Data Processed |
|---|---|---|
| Paddle | Payment processing (Merchant of Record) | Name, email, billing address, payment method |
| Oracle Cloud Infrastructure | Application and database hosting | All Service data (stored in EU — Frankfurt region) |
| Cloudflare | DNS, CDN, DDoS protection, bot verification (Turnstile) | IP address, browser metadata, request data |
We may also use email delivery services for transactional emails (account confirmations, password resets, support replies). We do not share your Schedule Data with any third-party provider.
7. Cookies & Tracking
We use cookies that are necessary for the Service to function. Below are the types of cookies used:
| Cookie | Type | Purpose |
|---|---|---|
| Session cookie | Strictly necessary | Maintains your logged-in session |
| CSRF token | Strictly necessary | Protects against cross-site request forgery attacks |
| Cookie consent | Strictly necessary | Remembers your cookie preferences |
We do not use third-party advertising cookies or tracking pixels. If we introduce analytics cookies in the future, we will update this policy and obtain your consent where required.
You can configure your browser to block or delete cookies. Note that blocking strictly necessary cookies may prevent the Service from functioning properly.
8. Data Retention
- Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
- Cancelled subscriptions: If you cancel a paid Subscription, your account and data remain accessible (at Demo plan limits) unless you request account deletion.
- Account deletion: Upon account deletion, we permanently remove your personal information and Schedule Data within 30 days. Some data may be retained longer where required by law (e.g., billing records for tax compliance, typically 7 years).
- Log data: Server logs are retained for up to 90 days for security and troubleshooting purposes, then automatically deleted.
- Contact form submissions: Retained for up to 12 months after the inquiry is resolved.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Encryption at rest: Database backups and sensitive data are encrypted at rest.
- Access control: Access to production systems is restricted and protected by authentication.
- Infrastructure security: Our hosting provider (Oracle Cloud) maintains physical and network security certifications.
While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authority within 72 hours as required by applicable law.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"). |
| Data portability | Request your data in a structured, commonly used, machine-readable format. |
| Restriction | Request that we limit how we process your data. |
| Objection | Object to processing based on legitimate interest. |
| Withdraw consent | Withdraw consent at any time where processing is based on consent. |
To exercise any of these rights, please contact us. We will respond within 30 days. We may ask you to verify your identity before processing your request.
If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
11. International Data Transfers
Your data is primarily stored and processed in the European Union (Oracle Cloud — Frankfurt, Germany). Some third-party providers may process data outside the EU. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The provider's compliance with applicable data protection frameworks.
12. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.
13. Communication
We may send you the following types of emails:
- Transactional emails (required): Account verification, password resets, subscription confirmations, and important service notifications. These cannot be opted out of while your account is active.
- Product updates (optional): Feature announcements, tips for using the Service, and product news. You can unsubscribe from these at any time via the unsubscribe link in any such email.
We do not send third-party promotional or advertising emails.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered Users via email and update the "Effective Date" at the top of this page. We encourage you to review this policy periodically.
15. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us.