This privacy notice explains what personal information we collect, how we use it, and the choices you have. Written in plain language wherever possible.
This privacy notice for OKRs Tool ("we," "us," or "our") describes how and why we collect, store, use, and share ("process") your information when you use our services ("Services"), such as when you visit okrstool.com or any website of ours that links to this privacy notice, or engage with us in other related ways including any sales, marketing, or events.
Questions or concerns? Reading this notice will help you understand your rights and how we handle your personal data. If you disagree with our policies, please do not use our Services. If you still have questions, please contact us at info@okrstool.com.
We collect personal information that you voluntarily provide when you register on the Services, express interest in obtaining information about us or our products, participate in activities on the Services, or otherwise contact us.
Personal information provided by you may include:
Sensitive information. We do not process sensitive information.
Social media login data. We may provide you with the option to register using your existing social media account (e.g., Facebook, X). If you choose to register this way, we collect certain profile information from the social media provider, as described in "Social logins" below.
All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our Services. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting.
The information we collect includes:
We process your personal information for a variety of reasons, including:
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We may rely on the following:
In most cases, OKRs Tool is the data controller of the personal information you provide directly. If your company has a contract with us, we may instead act as a data processor — your organization is the data controller and we process data strictly on their behalf and under their instructions.
When acting as a processor, we operate under a Data Processing Agreement (DPA). You can request a copy by contacting us at info@okrstool.com.
We rely on a small number of trusted sub-processors (cloud infrastructure, analytics providers) to help deliver the Services. All sub-processors are contractually bound to GDPR-compliant standards. A current list is available here.
We may process your information if you have given express or implied consent. You can withdraw consent at any time. In some exceptional cases, we may be legally permitted to process information without consent (for investigations, fraud prevention, business transactions, legal compliance, etc.).
We may share your personal information in the following situations:
We may use cookies and similar tracking technologies (web beacons, pixels) to gather information when you interact with our Services. Some maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties to use online tracking technologies for analytics and advertising. To the extent these are deemed a "sale" or "sharing" under applicable US state laws, you can opt out as described in "US state privacy rights".
We may share your information with Google Analytics to track and analyze use of the Services. The Google Analytics Advertising Features we may use include Demographics and Interests Reporting, Display Network Impressions Reporting, and Remarketing. To opt out, visit Google's opt-out page. For more information on Google's privacy practices, see the Google Privacy & Terms page.
Our Services offer the ability to register and log in using third-party social media account details. Where you do this, we receive certain profile information from the social media provider — typically including your name, email address, and profile picture, plus other information you've made public on that platform.
We use this information only for purposes described in this privacy notice. Please note we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend reviewing their privacy notice.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for longer than the period in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or — if not possible (e.g., backup archives) — securely store and isolate it from any further processing until deletion is possible.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process — including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and infrastructure hosted on SOC 2-compliant providers.
However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed 100% secure. Although we will do our best to protect your personal information, transmission is at your own risk. You should only access the Services within a secure environment.
Security breach notification. If a data breach occurs that affects your personal information, we will notify you without undue delay — and within 72 hours where legally required.
Your OKRs remain your property. Our role is to safeguard them, not to use them.
This section documents how OKRs Tool accesses, uses, stores, and protects data from Google services in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
When you connect a Google account, OKRs Tool may request access to the following Google APIs:
We only request these scopes when you explicitly initiate a feature that requires them, and only the minimum scope needed for that feature.
We use Google user data only to deliver the specific feature you have requested. For example:
We do not use Google user data for advertising, profiling, AI/ML training, analytics, or any purpose other than delivering the feature you requested at the moment of the request.
We do not sell, transfer, or share Google user data with any third party. We do not share Google user data with advertisers, data brokers, AI/ML training providers, or analytics platforms. The only parties that touch Google user data are (a) you, the authenticated user, and (b) our application servers, solely for the purpose of completing your requested action.
OKRs Tool does not store Google user data. When you trigger a feature that needs Google data, we fetch it live from Google's servers using your authenticated OAuth token, complete the requested action, and discard the data immediately. We do not maintain a cache, database table, or backup of any Google Calendar or Google Sheets content.
The only Google-related information we do store is:
All stored credentials and identifiers are encrypted in transit (TLS 1.2+) and at rest. Access is restricted to authenticated users and a small number of authorized engineering staff under role-based access controls.
Because we don't store Google user data, there is nothing to retain or delete on our end beyond the OAuth tokens and identifiers described above. To revoke our access to your Google data, you can:
OKRs Tool's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not use Google user data to develop, improve, or train generalized AI/ML models.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at contact@okrstool.com.
In some regions you have certain rights under applicable data protection laws, including the right to: (i) request access and obtain a copy of your personal information, (ii) request rectification or erasure, (iii) restrict processing, (iv) data portability where applicable, and (v) not be subject to automated decision-making. You may also have the right to object to processing.
If you are in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or UK data protection authority. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
If we are relying on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before its withdrawal.
You can unsubscribe from our marketing communications at any time by clicking the unsubscribe link in our emails or contacting us. We may still communicate service-related messages (account updates, check-in reminders, critical platform notices).
You can review or change information in your account by logging into your account settings. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain some information to prevent fraud, troubleshoot problems, assist with investigations, enforce legal terms, or comply with legal requirements.
If you have questions about your privacy rights, email us at info@okrstool.com.
Most web browsers include a Do-Not-Track ("DNT") feature you can activate. At this stage, no uniform technology standard for DNT has been finalized, so we do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will inform you in a revised version of this privacy notice.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Real name, alias, postal address, IP address, email, account name | NO |
| B. California Customer Records | Name, contact, education, employment, financial information | NO |
| C. Protected classifications | Gender, age, race, ethnicity, marital status | NO |
| D. Commercial information | Transaction history, financial details, payment information | NO |
| E. Biometric information | Fingerprints, voiceprints | NO |
| F. Internet/network activity | Browsing history, search history, online behavior | NO |
| G. Geolocation data | Device location | NO |
| H. Audio/electronic information | Images and recordings created in connection with our business | NO |
| I. Professional information | Job title, work history, professional qualifications | NO |
| J. Education information | Student records, directory information | NO |
| K. Inferences | Inferences drawn to create a profile or summary | NO |
| L. Sensitive personal information | — | NO |
You have rights under certain US state data protection laws. These rights are not absolute, and in some cases we may decline a request as permitted by law:
To exercise these rights, contact us by visiting okrstool.com/login, emailing info@okrstool.com, or using the contact details at the bottom of this notice.
Under certain US state laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not provide proof of valid authorization.
Upon receiving your request, we will need to verify your identity. We will only use personal information provided in your request to verify identity.
If we decline your request, you may appeal by emailing info@okrstool.com. We will inform you in writing of any action taken or not taken in response to the appeal. If your appeal is denied, you may submit a complaint to your state attorney general.
California Civil Code Section 1798.83 permits California residents to request information about categories of personal information disclosed to third parties for direct marketing purposes. To make such a request, contact us using the details below.
We collect and process your personal information under the obligations of Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. You have the right to request access to or correction of your personal information at any time. If you believe we are unlawfully processing your information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.
You have the right to request access to or correction of your personal information at any time. If you are unsatisfied with how we handle a complaint, contact the Information Regulator (South Africa) at enquiries@inforegulator.org.za.
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top. If we make material changes, we may notify you by prominently posting a notice or by directly sending you a notification. We encourage you to review this privacy notice frequently.
If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO):
Email: dpo@okrstool.com
Phone: +372 5661 4404
Post:
OKRs Tool
Data Protection Officer
Jahu 1-95
Tallinn, 10115
Estonia
If you are a resident in the European Economic Area, we are the "data controller" of your personal information. We have appointed Steven Macdonald to be our representative in the EEA. You can contact them directly regarding our processing of your information at dpo@okrstool.com or by post to the same address above.
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, contact us at info@okrstool.com.