Privacy Policy

⌘K
  2. Home
  4. Docs
  6. Virto Kanban Board App
  8. Licensing
  10. Privacy Policy

Privacy Policy

This privacy policy was updated on November 24, 2025​

1. Introduction

Virtosoftware UAB, a legal entity established in Lithuania, along with its group companies (collectively “VirtoSoftware”, “we”, “us”, and “ours”), is committed to protecting your privacy.

This Privacy Policy describes our practices concerning the information that we collect through https://www.virtosoftware.com and any other websites operated by us (the “Websites”), our social media pages, email communications, and through our software applications for Microsoft 365 (collectively, the “Services”).

This Privacy Policy describes how VirtoSoftware processes Personal Data in its capacity as a controller (i.e., VirtoSoftware decides what Personal Data to collect and how it is used) or as a processor (i.e., VirtoSoftware only processes data as per the controller’s instructions). By using the Services, you agree to this Privacy Policy.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data, such as collection, recording, use, or storage.
  • Controller: The entity that determines the purposes and means of processing Personal Data.
  • Processor: The entity that processes Personal Data on behalf of the Controller.
  • Data Subject: The individual to whom Personal Data relates.
  • GDPR: General Data Protection Regulation (EU) 2016/679.

3. What Personal Data do we collect and process?

When you use our Services, visit our Websites or Social Media Pages, VirtoSoftware may collect information, which may include Personal Data.

When you subscribe to and use our Service(s), we may collect your:

  • Contact information such as name, email address, mailing address, phone number, company name, and job title
  • Billing information such as credit or debit card number, bank/wire transfer details, PayPal details, billing address, and zip code
  • Feedback information such as name and email address when you provide feedback or request customer support
  • Unique identifiers such as username, account number, password, and information collected through cookies and similar technologies

We and our service providers may collect Personal Data in a variety of ways. Such information may be collected from you through the Services, for example, when you sign up for a newsletter, register for Services or a demo version, respond to a survey, fill out a form on our Website, open a support ticket, or leave comments on forums or blogs. We may receive your Personal Data from other sources, such as public databases, joint marketing partners, and social media platforms.

For the purposes of the General Data Protection Regulation (GDPR), VirtoSoftware is the controller for the information you have submitted to us.

4. What do we use your Personal Data for?

We and our service providers use Personal Data for legitimate business purposes, including the following:

  • To provide you the Service(s) and fulfill your requests
  • To send you communications from the Service(s)
  • To assess the needs of your business to determine or suggest suitable Service(s)
  • To send you the requested information about the Service(s)
  • To respond to customer service requests, inquiries, questions, and concerns
  • To administer your account and provide you with related customer service
  • To send periodic emails with important notices or information about the Services (updates, bug fixes, etc.)
  • To personalize your experience with the Services by presenting products and offers tailored to you
  • To send you promotional and marketing communications that we believe may be of interest to you
  • To send administrative information to you, such as changes to our terms, conditions, and policies
  • To facilitate billing and payment transactions for the use of our Service(s)
  • For data analysis, such as to improve the efficiency of our Services
  • To enhance, improve, or modify our Services
  • To collect feedback to improve our website, customer service, identify usage trends, determine the effectiveness of our promotional campaigns, etc.
  • To develop new products and services
  • To be efficient in fulfilling our legal, regulatory, and contractual duties and for fraud and security monitoring purposes

We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest. Our legitimate interest is the interest of ours as a business in conducting and managing VirtoSoftware to enable us to provide you with the Services and offer the best experience. We will provide personalized services and/or send promotional and marketing communication either with your consent or because we have a legitimate interest.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.

Under GDPR, we process Personal Data based on the following legal bases:

  • Article 6(1)(b) – Contractual Necessity: Where processing is necessary to provide the Services you have requested
  • Article 6(1)(c) – Legal Obligation: Where processing is required by applicable law or regulation
  • Article 6(1)(f) – Legitimate Interest: Where processing is necessary for our legitimate business interests, including improving our Services, conducting analytics, and preventing fraud
  • Article 6(1)(a) – Consent: Where you have provided explicit consent for specific processing activities

6. To whom do we disclose your Personal Data?

Your Personal Data may be disclosed:

  • To our affiliates for the purposes described in this Privacy Policy
  • To our third-party service providers who provide services such as website hosting, data analysis, billing and/or payment processing, order fulfillment, information technology, and related infrastructure provision, online advertising services, customer service, helpdesk solutions, email delivery, auditing, and other services
  • By you, on message boards, chats, blogs, and other services to which you are able to post information and content (including, without limitation, the forums and our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users and the general public
  • Other uses and disclosures: We may also use and disclose your Personal Data as we believe to be necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so: (a) to comply with applicable law; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others. In addition, we have a legitimate interest in using, disclosing, or transferring your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)

A current list of our third-party service providers is available upon request by contacting support@virtosoftware.com.

7. Cookies and Other Tracking Technologies

For further details on the cookies and similar technologies we use, please see our Cookie Policy.

8. Processing Customer Information (VirtoSoftware as a Data Processor)

We manage specific data, which may include Personal Data, relating to our Customers’ customers or end-users (“Customer Information”) on behalf of our Customers. We only process Customer Information as stated in the Terms of Service, Privacy Policy and in accordance with our Customers’ instructions. Under GDPR guidelines, we act as the processor, not the controller, of the Customer Information.

VirtoSoftware neither owns nor controls the use of any of the Customer Information stored or processed by a Customer or end-user via the Service. Only the Customer or end-users have the authority to access, retrieve, and control the use of such Customer Information. VirtoSoftware has limited knowledge of what Customer Information is actually being stored or made accessible by a Customer or end-user via the Service and does not directly access such Customer Information except when necessary to provide Services (including responding to support requests, delivering development work, maintenance, updates, etc.), as otherwise authorized by Customers or as required by law.

Our Customers are the “controllers” of Customer Information, which means they oversee how such data is collected and utilized, as well as the determination of the purposes and means of processing such data. They are responsible for complying with applicable data protection laws.

As processors of Customer Information on behalf of our Customers, we adhere to our Customers’ instructions concerning the Customer Information in line with the functionality of our Service(s). In doing so, we have established reasonable technical and organizational measures against unauthorized processing and against loss, destruction of, or damage to, Customer Information.

A Data Processing Agreement (DPA) compliant with GDPR Article 28 is available to all Customers. This DPA outlines our obligations as a data processor, including security measures, sub-processor management, and data subject rights procedures. The DPA is incorporated into our standard service terms.

If you are seeking access to or wish to correct, update, modify, or delete Personal Data, which forms part of the Customer Information processed by us as a data processor on behalf of our Customer, you should direct your inquiry to our Customer, i.e., the controller. If you are a Customer of our Service(s) and wish to raise a request on behalf of your end-users in connection with Customer Data, you can open a ticket on the support portal of the relevant Service.

9. Data Subject Rights

If you are an individual residing in the EEA, you have the following data protection rights concerning Personal Data collected and processed by VirtoSoftware as the data controller:

  • Right to Access: You can request access to any data that qualifies as your Personal Data at any time. This includes the right to be informed if we process your Personal Data, what categories of Personal Data are being processed, and our purpose for processing it.
  • Right to Rectification: If you believe your Personal Data is inaccurate or incomplete, you have the right to request its correction. We have a legal obligation to keep your Personal Data accurate and up-to-date.
  • Right to Erasure: You can request the deletion of your Personal Data.
  • Right to Object: You can object to certain processing activities involving your Personal Data, such as direct marketing.
  • Right to Restrict Processing: You may request that we limit the processing of your Personal Data.
  • Right to Data Portability: If your Personal Data is being processed automatically with your consent or based on a mutual contractual relationship, you may request that we provide you with your Personal Data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: If the processing is based on your consent, you can withdraw this consent at any time without adverse effect.
  • Right to Lodge a Complaint: If you believe we are not processing your Personal Data in accordance with the law, you can file a complaint with the State Data Protection Inspectorate at vdai.lrv.lt.

Please note that you will need to provide sufficient information for us to handle your request concerning your rights outlined in this section of the Privacy Policy. We may ask for additional information for authentication purposes and to evaluate your request before responding.

Our contact details are provided below in this Privacy Policy. We will respond to your request consistent with applicable law within thirty (30) days.

10. Retention of Personal Data

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) whether we have a legal obligation to which we are subject; or (iii) what is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

11. Protection of Your Information

We have implemented reasonable technical and organizational measures to maintain the safety of your Personal Data. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. It is important for you to protect against unauthorized access to your password(s) and computer or device and to log off when using any shared computer.

12. Data Breach Notification

In the event of a confirmed data breach affecting your Personal Data, we will notify you without undue delay and provide information necessary for you to meet your own notification obligations under applicable law. Our notification will include a description of the breach, the data affected, and the measures we have taken to address it.

13. Disclosure of Information Outside the EEA

Your Personal Data may be stored and processed in any country where we have facilities or engage service providers. By using the Services, you consent to the transfer of information to countries outside of your country of residence, including the United States and EMEA countries, which may have data protection rules that differ from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.

For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data.

14. Signing in Using Sign-in Services

You can log in to some of our Services using sign-in services such as GitHub, Google, Facebook, and others. These services will authenticate your identity and provide you the option to share certain Personal Data with us, such as your name and email address.

Occasionally, at our discretion, we may include or offer third-party links, products, or services on our Websites. This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. These third-party websites and services have separate and independent privacy policies. We encourage you to be aware when you leave our Services and to read the privacy policies of each website that collects Personal Data.

16. Use of Services by Children and Minors

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under sixteen (16).

17. Automated Decision-Making

VirtoSoftware does not engage in automated decision-making that produces legal or similarly significant effects on individuals.

18. California Privacy Rights

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). To exercise your rights, please contact us at the address provided below.

19. Changes to our Privacy Policy

We may change this Privacy Policy at any time. The date at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

20. How to Contact Us

VirtoSoftware welcomes any questions or comments you may have regarding our Privacy Policy. Should you have any questions or concerns about our privacy policy, please contact us:

Email: support@virtosoftware.com
Address: VirtoSoftware UAB, Penta Technopolis, Ozo g. 12A, Vilnius, Lithuania 08200
Phone: +1 (877) 892-7775
Data Protection Officer: dpo@virtosoftware.com

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija):

Website: vdai.lrv.lt
Address: L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania.

By using the Service, you agree to the terms of this Privacy Policy.

How can we help?