Privacy Policy
1 Introduction
Quettabyte Innovation LLC (“Company”, “we”, “us”, “our”) operates the following products and services:
- PMO Architect (PMOA) — AI-powered enterprise PMO governance and portfolio management platform
- LIME — Governance automation and multi-platform sync engine (component of PMOA)
- FENX — Jira to Azure DevOps Migration Engine
- BUILD — Automated project workspace provisioning for Azure DevOps and Jira
- BUILD for Partners (BFP) — Partner-tier platform enabling consulting firms and PMO practices to provision client project workspaces using the BUILD engine
This Privacy Policy explains how we collect, use, and protect your information across all QILLC products. We are committed to protecting your privacy and being transparent about our data practices.
2 Information We Collect
| Data Type | Purpose | Storage |
|---|---|---|
| Email address | Account communications, support | Encrypted |
| Organization name | Service configuration | Encrypted |
| Azure DevOps OAuth tokens | API access for automation | Azure Key Vault |
| Jira Personal Access Token (PAT) | API access for Jira governance | Azure Key Vault |
| Project configurations | Phase Gate setup | Encrypted |
PMOA does NOT store:
- Your Azure DevOps work items or tasks
- Your project documents or attachments
- Your team member personal information
- Your Azure DevOps passwords
- Your Microsoft/Entra credentials
| Data Type | Purpose | Storage |
|---|---|---|
| Email address | Account communications, support | Encrypted |
| Organization name | Service configuration | Encrypted |
| Jira Personal Access Token (PAT) | Read access to Jira work items and boards | Azure Key Vault |
| Azure DevOps OAuth tokens | Write access to ADO organization | Azure Key Vault |
| Migration scope selection | Project keys, board types, item ranges | Encrypted |
FENX reads and temporarily processes work item data from your Jira instance during migration. This data is processed in memory and written to Azure DevOps. FENX does not retain work item content after migration is complete.
Data temporarily processed includes:
- Work item titles, descriptions, comments, and custom fields
- Work item status, priority, assignee, and metadata
- Attachments and linked files associated with work items
- Board configurations, column layouts, and workflow state definitions
- Sprint and iteration data
FENX stores the following migration session metadata, retained for 90 days after migration completion:
- Migration session ID, status, and timestamps
- Item counts (total, copied, failed)
- Error logs and retry records
- Scope selection (project keys, board types, item ranges)
- Subscription tier selected
| Data Type | Purpose | Storage |
|---|---|---|
| Email address | Account communications, support | Encrypted |
| Organization name | Service configuration | Encrypted |
| Azure DevOps OAuth tokens | Write access to ADO organization | Azure Key Vault |
| Jira Personal Access Token (PAT) | Write access to Jira organization | Azure Key Vault |
| Wizard configuration | Project setup inputs (boards, WITs, columns, fields) | Encrypted |
| Microsoft Marketplace subscription token | License validation | Encrypted |
BUILD collects your wizard configuration to provision your workspace. This configuration is processed and written to your Azure DevOps or Jira organization. BUILD does not retain workspace configuration data after provisioning is complete.
BUILD stores the following provisioning session metadata, retained for 90 days after provisioning completion:
- Provisioning session ID, status, and timestamps
- Project and board counts (total, provisioned, failed)
- Error logs and retry records
- Subscription tier and license token (masked)
| Data Type | Purpose | Storage |
|---|---|---|
| Partner company name | Account identification and billing reconciliation | Encrypted |
| Partner consultant email addresses | SSO authentication and access control | Encrypted |
| Authorized email domains | Domain-based access control for partner consultants | Encrypted |
| Microsoft Marketplace subscription ID | Billing and subscription management | Encrypted |
| Azure DevOps OAuth tokens (client’s) | Write access to client’s ADO organization | Azure Key Vault |
| Jira OAuth tokens (client’s) | Write access to client’s Jira organization | Azure Key Vault |
| Wizard configuration inputs | Client project setup (boards, WITs, columns, fields) | Encrypted |
| Deployment history | Usage tracking, billing reconciliation, audit trail | Encrypted |
BFP provisions client workspaces using the BUILD engine. Wizard configuration data is processed and written to the client’s Azure DevOps or Jira organization. BFP does not retain client workspace configuration data after provisioning is complete.
BFP stores the following partner account data for the duration of the subscription:
- Partner company name and display name
- Subscription tier and included project count
- Projects used and overage rate
- Authorized email domains for SSO access
- Deployment history (client name, platform, status, date)
- Microsoft Marketplace subscription ID and status
| Data Type | Purpose |
|---|---|
| Webhook event logs | Audit trail, troubleshooting |
| Error logs | Service reliability |
| Usage metrics | Service improvement |
3 How We Use Your Information
We use your information to:
- Deploy and maintain QILLC services in your Azure DevOps, Jira, or Monday.com organization
- Execute migration jobs (FENX), provision workspaces (BUILD and BFP), or run governance automation (PMOA/LIME)
- Manage partner access and subscription billing (BFP)
- Report usage to Microsoft Marketplace for metered billing (BFP)
- Provide customer support
- Send service-related communications
- Improve product features and reliability
- Comply with legal obligations
We do NOT:
- Sell your information to third parties
- Use your information for advertising
- Share your credentials with anyone
- Access your data beyond what the product requires
4 Platform Access
PMOA accesses your Azure DevOps organization to:
- Create and modify process templates
- Configure workflow states and fields
- Set up teams and area paths
- Register and manage webhooks
- Update work item fields during automation
- Read work item comments for governance validation
FENX accesses your Jira instance (read only via PAT) and your Azure DevOps organization (write via OAuth) to:
- Read work items, boards, sprints, and attachments from Jira
- Create work items, boards, and process templates in Azure DevOps
- Configure board columns and workflow states in Azure DevOps
BUILD accesses your Azure DevOps organization or Jira organization (write only) to:
- Create projects and teams
- Configure board columns and workflow states
- Create and configure work item types and custom fields
- Set up area paths and iteration paths
- Apply process template settings
BUILD does not read existing work items, projects, or organizational data beyond what is required to validate the provisioning target.
BFP accesses the client’s Azure DevOps organization or Jira organization on behalf of the partner consultant (write only) to:
- Create client projects and teams
- Configure board columns and workflow states
- Create and configure work item types and custom fields
- Set up area paths and iteration paths
- Apply process template settings
BFP accesses the client’s platform using OAuth credentials authorized by the partner consultant during the setup wizard. Access is scoped to the specific client organization being provisioned. BFP does not retain client OAuth tokens after provisioning is complete.
BFP also authenticates partner consultants via Microsoft or Google SSO using the partner firm’s authorized corporate email domain.
- All access is through official REST APIs
- Azure DevOps access uses OAuth tokens you authorize
- Jira access uses a Personal Access Token (PAT) you generate in your Atlassian account
- Access is limited to the organization and projects you configure
- You control access by revoking tokens at any time
| Product | Platform | How to Revoke |
|---|---|---|
| PMOA / LIME | Azure DevOps | Azure DevOps → User Settings → Authorizations |
| PMOA / LIME | Jira | Atlassian Account Settings → Security → API Tokens |
| FENX | Azure DevOps | Azure DevOps → User Settings → Authorizations |
| FENX | Jira | Atlassian Account Settings → Security → API Tokens |
| BUILD | Azure DevOps | Azure DevOps → User Settings → Authorizations |
| BUILD | Jira | Atlassian Account Settings → Security → API Tokens |
| BUILD for Partners | Azure DevOps | Azure DevOps → User Settings → Authorizations |
| BUILD for Partners | Jira | Atlassian Account Settings → Security → API Tokens |
| BUILD for Partners | Partner SSO | Contact shonda@quettabyteinnovation.com to remove domain access |
5 Data Security
We protect your data through:
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.2+)
- Azure Key Vault for credential storage
- Regular security audits
- Access controls and logging
- Secure cloud infrastructure (Microsoft Azure)
6 Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Retained while subscription/account is active |
| PMOA/LIME credentials | Deleted within 90 days of account cancellation |
| FENX OAuth tokens (ADO) | Deleted within 30 days of migration completion or account closure |
| FENX PAT tokens (Jira) | Deleted within 30 days of migration completion or account closure |
| FENX work item content | Not retained after migration completes |
| FENX session metadata | 90 days after migration completion |
| BUILD OAuth tokens (ADO) | Deleted within 30 days of provisioning completion or account closure |
| BUILD PAT tokens (Jira) | Deleted within 30 days of provisioning completion or account closure |
| BUILD workspace configuration | Not retained after provisioning completes |
| BUILD session metadata | 90 days after provisioning completion |
| BFP partner account data | Retained while subscription is active; deleted within 90 days of cancellation |
| BFP deployment history | Retained for 12 months after subscription cancellation for billing reconciliation |
| BFP client OAuth tokens | Deleted within 30 days of provisioning completion |
| BFP client workspace configuration | Not retained after provisioning completes |
| Audit/error logs | 12 months |
| Backups | 30 days |
7 Third-Party Services
| Service | Used By | Purpose |
|---|---|---|
| Microsoft Azure DevOps | PMOA, LIME, FENX, BUILD, BFP | Project management platform |
| Atlassian Jira | PMOA, FENX, BUILD, BFP | Source migration / provisioning platform |
| Monday.com | PMOA, LIME | Alternative project management platform |
| Microsoft Azure | All products | Cloud infrastructure provider |
| Microsoft Marketplace | PMOA, FENX, BUILD, BFP | Subscription billing and license management |
| Microsoft Entra ID (Azure AD) | BFP | Partner consultant SSO authentication |
| Google OAuth | BFP | Partner consultant SSO authentication |
8 Your Rights
| Right | How to Exercise |
|---|---|
| Access your data | Contact us at shonda@quettabyteinnovation.com |
| Correct your data | Update in product settings or contact us |
| Delete your data | Contact us — we will complete within 30 days |
| Export your data | Contact us |
| Opt out of communications | Unsubscribe link in emails |
9 Cookies and Tracking
Our products use essential cookies for:
- Authentication (keeping you logged in)
- Security (preventing unauthorized access)
- Session state management
We may use privacy-respecting analytics to understand feature usage, error rates, and performance metrics.
We do NOT use:
- Third-party advertising trackers
- Cross-site tracking
- Behavioral profiling
- Marketing or remarketing cookies
10 Children’s Privacy
QILLC products are not intended for children under 13. We do not knowingly collect information from children. If you believe a child has provided us information, please contact us immediately.
11 International Data
Quettabyte Innovation LLC is based in the United States. All data is processed and stored in Microsoft Azure infrastructure located in the United States. If you access our products from outside the US, your information may be transferred to and processed in the US.
For EU/EEA users: We process data under legitimate business interests for providing services. You may request deletion of your data at any time.
If your organization has data residency requirements outside the United States, please contact us at shonda@quettabyteinnovation.com before purchasing.
12 California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information we collect
- Right to delete personal information
- Right to opt out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
13 Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be communicated via email at least 30 days before taking effect.
14 Contact Us
Quettabyte Innovation LLC
Email: shonda@quettabyteinnovation.com
Website: quettabyteinnovation.com
Data Protection Contact: Shonda Nelson
15 Summary
What We Do
- Store credentials encrypted
- Process automation events (PMOA/LIME)
- Execute migrations (FENX)
- Provision workspaces (BUILD)
- Enable partner workspace provisioning (BFP)
- Protect your data
- Delete data per retention schedule
What We Don’t Do
- Store your work items (PMOA/LIME)
- Sell your data
- Share your credentials
- Access more than needed
- Use advertising trackers
- Retain config/content after job completes
- Retain client OAuth tokens after provisioning (BFP)
By using any Quettabyte Innovation LLC product, you acknowledge that you have read and understood this Privacy Policy.