Open App

Privacy Policy

How StorySizer collects, uses, and protects personal data.

Effective date: 27 April 2026

1. Introduction

This Privacy Policy explains how StorySizer ("StorySizer", "we", "us", or "our") collects, uses, stores, and protects personal data when you use the StorySizer web application (the "Service"). StorySizer is a tool designed to support the estimation of user stories in story points through a guided questionnaire intended to help users rely on more objective parameters rather than rough intuition.

2. Data Controller

Francesco Maria Falini
Email: francescomaria.falini@gmail.com

3. Personal Data We Collect

a. Account and authentication data: your email address and basic account data provided through Google Single Sign-On.

b. User-generated content: user stories submitted to the Service, answers provided in the estimation questionnaire, and story point estimates generated, saved, or associated with your account.

c. Support and crash-report information: information you voluntarily submit through the crash-report or contact form and any additional details you include in your message.

d. Technical and operational data: basic technical logs that may be generated by the website or hosting environment for security, maintenance, and troubleshooting purposes.

4. How We Collect Data

  • Directly from you, when you log in with Google SSO.
  • When you use the Service and submit stories, questionnaire responses, and estimates.
  • When you contact us through the crash-report or support form.

5. Purposes of Processing

  • Provide access to the Service.
  • Authenticate users through Google SSO.
  • Store and display your user stories, questionnaire answers, and estimates.
  • Maintain user-specific memory and estimation history.
  • Operate, maintain, debug, and improve the Service.
  • Respond to support requests, bug reports, or crash reports.
  • Comply with legal obligations, where applicable.
  • Protect the security and integrity of the Service.

6. Legal Bases for Processing

  • Performance of a contract: to provide the Service you request and enable its core functionality.
  • Legitimate interests: to maintain security, prevent abuse, debug issues, and improve the Service.
  • Legal obligation: where processing is necessary to comply with applicable law.
  • Consent: where consent is specifically required by law for a particular processing activity.

7. Data Storage and Infrastructure

At the moment, the Service is hosted on bare metal infrastructure. In the future, if the Service grows, infrastructure may be migrated to a cloud provider. If that happens, this Privacy Policy may be updated accordingly to reflect the categories of service providers involved.

8. Data Sharing

We do not sell your personal data.

  • Authentication providers, such as Google, to enable login.
  • Technical service providers involved in hosting, maintenance, or infrastructure.
  • Legal or public authorities, when required by law or to protect our rights.

9. International Transfers

If personal data is transferred outside the European Economic Area in the future, we will take appropriate steps required by applicable data protection law, including the use of lawful transfer mechanisms where necessary.

10. Data Retention

We retain personal data for as long as reasonably necessary to provide the Service, maintain your account and saved estimations, respond to support issues, comply with legal obligations, resolve disputes, and enforce our rights.

You may request deletion of your account data by contacting francescomaria.falini@gmail.com. We will review and process such requests in accordance with applicable law.

11. Your Rights

Depending on applicable law, including the GDPR, you may have the right to:

  • Access your personal data.
  • Request rectification of inaccurate data.
  • Request deletion of your data.
  • Request restriction of processing.
  • Object to certain processing.
  • Request data portability, where applicable.
  • Lodge a complaint with a competent supervisory authority.

To exercise your rights, contact: francescomaria.falini@gmail.com.

12. Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Business and Confidential Content Disclaimer

StorySizer may be used to enter content related to software development activities, including user stories and estimation parameters. Users are solely responsible for the content they choose to submit to the Service. You should not submit confidential, sensitive, classified, or proprietary business information unless you are fully authorized to do so and are satisfied that such use is appropriate for your organization. StorySizer is provided as a general-purpose estimation tool, and we make no representation that the Service is suitable for storing confidential company information.

14. Children

The Service is not specifically directed to children. If you believe that personal data of a child has been submitted to the Service without appropriate authorization, please contact us and we will review the request and, where appropriate, delete the relevant data.

15. Open Source and Free Service

StorySizer is currently offered free of charge and is intended to be open source. This does not affect your privacy rights, but it does mean the Service may evolve over time, and this Privacy Policy may be updated as features change.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on the website and update the effective date above. Continued use of the Service after changes become effective means you acknowledge the updated Privacy Policy.

17. Cookies and Similar Technologies

This section also serves as our cookie policy for the storysizer.org website. The authenticated application available at app.storysizer.org is covered by a separate notice.

The storysizer.org marketing website does not use analytics, advertising, profiling, or tracking cookies. We do not embed third-party tracking pixels, marketing tags, or social plugins that set persistent identifiers on your device.

We rely only on technical storage that is strictly necessary to deliver the website and respect your interface preferences:

  • Theme preference (browser localStorage): we store your light/dark theme choice locally in your browser so the website remembers it on subsequent visits. This information stays on your device and is not transmitted to us.
  • Security and anti-bot cookies set by our hosting provider (Cloudflare): our infrastructure provider may set strictly necessary cookies (such as __cf_bm and cf_clearance) to protect the website against automated abuse and to ensure availability. These are technical cookies used for security purposes.

Under the EU ePrivacy framework and the Italian Data Protection Authority guidelines, the technologies listed above qualify as strictly necessary or as user-preference technical storage and therefore do not require prior consent. No cookie banner is displayed because we do not deploy any non-essential tracking technology.

You can always block, delete, or restrict cookies and local storage through your browser settings. Disabling them may affect your theme preference being remembered and, in some cases, the protective measures applied by our hosting provider. If we ever introduce analytics, marketing, or other non-essential technologies, we will update this section and request your consent through an appropriate banner before activating them.

18. Contact

Francesco Maria Falini
francescomaria.falini@gmail.com