Privacy Policy

Effective March 8, 2026

This Privacy Policy describes how Dragon Planner LLC, an Iowa limited liability company (“Dragon Planner,” “we,” “us,” or “our”), collects, uses, stores, and protects your information when you use the Dragon Planner platform (the “Service”), accessible at dragonplanner.com.

This Privacy Policy is incorporated into and subject to our Terms and Conditions. By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, you may not access or use the Service.

We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by email or through the Service. Your continued use of the Service after such notification constitutes acceptance of the updated Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information necessary to identify you and manage your access to the Service. This includes your name, email address, and any profile information you choose to provide. Authentication is handled through our third-party identity provider (currently WorkOS AuthKit), and we receive identity data from that provider as part of the sign-in process.

2.2 Customer Data

You create and submit content to the Service as part of your normal use, including work items (Initiatives, Epics, Stories, Tasks, Bugs, and Subtasks), comments, project names, workspace names, sprint configurations, and any other content you enter. We refer to all user-created content as “Customer Data.” You retain ownership of your Customer Data as described in our Terms and Conditions.

2.3 Billing Information

If you subscribe to a paid plan, payment processing is handled by Stripe. Dragon Planner does not store your full payment card details. Stripe may collect your payment card number, billing address, and related billing information directly. Stripe’s use of your information is governed by Stripe’s own privacy policy.

2.4 Usage Data

We automatically collect certain information about how you interact with the Service, including:

  • Feature usage patterns (which areas of the Service you use and how frequently)
  • MCP tool call logs (the type and frequency of MCP requests, not the content of your work items)
  • Error logs and diagnostic data
  • Login timestamps and session information
  • Browser type, operating system, and device information
  • IP address

2.5 Server-Side Operational Telemetry

We use internal observability tools (such as Grafana, Prometheus, Tempo, and Alloy) to collect server-side metrics, logs, and traces. This data is used exclusively for monitoring system health, diagnosing errors, and maintaining the reliability and performance of the Service. Operational telemetry is not used for marketing, advertising, or profiling purposes and is not shared with any third party.

2.6 Cookies and Session Data

The Service uses session cookies to maintain your authenticated session after you sign in. These are strictly functional cookies required for the Service to operate. We do not use advertising cookies, tracking cookies, or third-party analytics cookies on the application.

Our marketing site (dragonplanner.com) may use cookies in connection with third-party advertising platforms to measure the effectiveness of our advertising campaigns. If we do so, we will update this section to describe which cookies are in use and provide you with the ability to manage your preferences.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To operate, maintain, and deliver the features and functionality of Dragon Planner, including processing your work items, managing sprints, and facilitating team collaboration.
  • Authentication and Security: To verify your identity, manage your session, enforce role-based access controls, and protect against unauthorized access.
  • Plan Enforcement: To enforce the limits of your subscription plan, including seat counts, workspace limits, MCP connection limits, and rate limits.
  • Billing: To process payments, manage subscriptions, and handle plan changes and proration.
  • Communications: To send you transactional emails (account confirmations, password resets, billing receipts, plan expiration notices, trial reminders) and, where you have opted in or as permitted by applicable law, product update newsletters and announcements about the Service.
  • Improvement: To understand how the Service is used, diagnose technical issues, and improve features, performance, and reliability.
  • Legal Compliance: To comply with applicable laws, respond to legal process, and enforce our Terms and Conditions.

4. What We Do Not Do With Your Information

Dragon Planner does not sell, rent, or trade your personal information or Customer Data to third parties.

Specifically:

  • We do not sell your data to data brokers or any other third party.
  • We do not use your Customer Data to train machine learning or AI models.
  • We do not serve advertisements within the Service or allow third-party advertisers to access your data.
  • We do not share your data with third-party advertisers for targeted advertising purposes.

We may advertise the Service on third-party platforms (such as Google Ads or Reddit). These advertisements are general promotions of Dragon Planner and are not based on your personal information or usage of the Service.

5. MCP Integration and AI Data Flows

5.1 How MCP Works

Dragon Planner exposes its functionality to AI assistants (such as Claude by Anthropic) through the Model Context Protocol (MCP). MCP connections are initiated from your local machine or environment. When you use an AI assistant with Dragon Planner, the assistant sends authenticated API requests to Dragon Planner’s MCP server on your behalf.

5.2 What Data Flows Where

Dragon Planner’s MCP server processes your requests and returns data to your AI assistant. Dragon Planner does not independently send your Customer Data to Anthropic or any other AI provider. The data flow is between your AI assistant (running in your environment) and Dragon Planner’s MCP server. Any data that your AI assistant processes is subject to that AI provider’s own terms and privacy policy, which you should review separately.

5.3 Cross-Tool Orchestration

Your AI assistant may connect to multiple MCP servers simultaneously (for example, Dragon Planner and another tool). Any orchestration between these tools occurs in your environment, through your AI assistant. Dragon Planner does not communicate with, connect to, or transfer data to any external tool or service as part of MCP operations. Dragon Planner may store a plain text reference key (such as a Jira issue number) on a work item for your convenience. This is a user-provided string with no integration or synchronization behind it.

6. Third-Party Service Providers

To operate the Service, your data may be processed by the following third-party infrastructure and service providers:

  • Hetzner: Cloud hosting infrastructure. Our servers and database are hosted on Hetzner’s infrastructure in their data center facilities.
  • Cloudflare: Content delivery, DDoS protection, DNS, and TLS termination. Web traffic to the Service passes through Cloudflare’s network.
  • Resend: Transactional email delivery. When we send you an email, it is delivered through Resend’s infrastructure.
  • WorkOS: Authentication and identity management. When you sign in, your authentication is processed through WorkOS AuthKit.
  • Stripe: Payment processing for paid subscriptions. Your payment information is collected and processed directly by Stripe. Dragon Planner does not store your full payment card details.

These providers are used solely for operational purposes. We require that our service providers maintain appropriate security measures and process your data only as necessary to provide their services to us. We do not share your Customer Data with these providers beyond what is necessary for them to perform their function.

We may update this list of providers as our infrastructure evolves. Material changes will be reflected in updates to this Privacy Policy.

7. Data Retention

7.1 Active Accounts

We retain your Account Information and Customer Data for as long as your account is active and as needed to provide the Service. Usage data and operational telemetry are retained for a reasonable period necessary for the purposes described in this Privacy Policy (typically no longer than 12 months for detailed logs, though aggregated metrics may be retained longer).

7.2 Account Termination

Upon termination of your account (whether by you or by us), we will make your Customer Data available for export for thirty (30) days, after which we may permanently delete it. Account Information may be retained for a reasonable period following termination for legal compliance, dispute resolution, and enforcement of our Terms and Conditions.

7.3 Aggregated Data

We may create aggregated, anonymized, or de-identified data derived from Customer Data or your use of the Service (“Aggregated Data”). Aggregated Data does not identify you or any individual user. We may retain and use Aggregated Data indefinitely for any lawful business purpose, including analytics, benchmarking, and improving the Service.

8. Data Security

We implement technical and organizational measures designed to protect your information, including:

  • Encryption in transit via TLS for all connections to the Service
  • Multi-tenant data isolation at the application layer
  • Role-based access controls and permission scoping within the Service
  • Authentication via a dedicated third-party identity provider (WorkOS AuthKit)
  • Redis-based token caching with time-limited TTLs for MCP authentication
  • Infrastructure secured via private networking and restricted SSH access

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data.

9. Your Rights and Choices

9.1 Access and Export

You may access your Customer Data at any time through the Service. You may export your Customer Data through the Service’s available export functionality or by contacting us at [email protected].

9.2 Correction

You may update your Account Information through the Service at any time. If you believe any information we hold about you is inaccurate, you may contact us to request correction.

9.3 Deletion

You may delete your account by contacting us at [email protected]. Upon account deletion, we will follow the data retention practices described in Section 7. You may also delete individual work items, projects, and workspaces through the Service at any time.

9.4 Email Communications

You may opt out of non-transactional email communications (such as product update newsletters) at any time by using the unsubscribe link included in those emails or by contacting us. You cannot opt out of transactional emails necessary for the operation of your account (such as billing receipts, security alerts, and plan expiration notices).

9.5 Cookies

Because the Service uses only functional session cookies required for authentication, there is no option to disable them while using the Service. If our marketing site uses advertising or measurement cookies in the future, we will provide a mechanism to manage your cookie preferences on that site.

10. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at [email protected] and we will take steps to delete such information.

11. International Data Transfers

Dragon Planner is operated from the United States and our infrastructure providers may process data in various locations. If you access the Service from outside the United States, you understand and consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

12. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Because Dragon Planner does not sell personal information and does not use personal information for targeted advertising based on your activity across other websites or services, many CCPA provisions regarding opt-out of sale and sharing do not apply. However, California residents may contact us to exercise their rights to know, delete, and correct personal information as described in Section 9.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or applicable law. We will notify you of material changes by email or through the Service prior to the changes taking effect. The “Effective Date” at the top of this Privacy Policy indicates when it was last updated. Your continued use of the Service after notification of changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Dragon Planner LLC
Email: [email protected]
Website: dragonplanner.com