Privacy Policy

Effective Date: December 1, 2025
Last Update: April 14, 2026

My Commitment to Privacy

Hi, my name is Richard Mouser, the human behind AgileViz, LLC, operating out of Dime Box, Texas, United States of America. I am the Data Controller and Data Protection officer, so the buck stops with me.

I give up a great deal of convenience to protect my privacy by:

  • Exclusively using a privacy focused browser.
  • Maintaining a minimal presence on social media.
  • Disabling many features of my smart phone.
  • Giving up services that don’t respect my privacy.

I do that for my own privacy, and I do the same for you on AgileViz.

Here are a few examples of how AgileViz is built to protect your data and your privacy:

  • Your Azure DevOps data is never stored anywhere, only securely retrieved and sent to your browser.
  • Processing of your data is only done on Microsoft servers and locally in your browser.
  • I collect the absolute minimum personal information required to deliver and improve the service.
  • All personal information is encrypted when stored.
  • Open Source fonts are self hosted to avoid tracking by Google and others.
  • Referrer policy is set to ‘strict-origin-when-cross-origin’ for the entire site.
  • I only use privacy respecting cloudflare Web Analytics.

Contact me regarding this policy or your personal information at any time via the contact form.

Information Collected

Information you provide directly:

  • Name, email address, and message when you fill out the contact form.
  • Email address (optional) when you submit a feedback form or bug report, so I can follow up or notify you of a fix.
  • Name and email address when you sign up for notifications about new blog posts and guides. A double opt-in confirmation email is sent before any notifications are delivered.
  • Billing information when you purchase a license. Credit cards are processed exclusively by Stripe Checkout, my system never touches credit card details.

Automatically collected information:

  • Microsoft login email address when you log in to AgileViz for the first time, starting a trial.
    • Your email is run through a one-way deterministic hash function before it is stored with the start date of your trial period.
    • This allows me to record the date of first login for each email address (to manage the trial period), while protecting your email address (the stored hash cannot be decrypted to reveal your email address).
  • Anonymized usage data (page views, feature usage, errors) are collected anonymously through Cloudflare’s privacy-first web analytics.
  • Session storage is used to maintain your login session.
  • Browser local storage is used to remember your preferences in subsequent sessions.

I do not use cookies, trackers, or fingerprinting technologies.

I process your personal data under the following lawful bases:

  • Contractual necessity — Account creation, trial management, payment processing, and service delivery. Processing is necessary to provide the service you signed up for.
  • Consent — Content notifications (you explicitly opt in via double opt-in and can withdraw at any time by unsubscribing). Contact, feedback, and bug report form submissions (you choose to submit, and email is optional on feedback and bug report forms).
  • Legitimate interest — Anonymized analytics for service improvement, and security measures (anti-spam, rate limiting). These are proportionate to the service and do not override your rights.

How Your Information is Used

  • To manage your free trial period.
  • To create and manage your paid account.
  • To process payments and send receipts (via Stripe).
  • To respond to support or contact form inquiries.
  • To send notifications about new blog posts and guides you have opted in to.
  • To send important service updates (rare).
  • To diagnose problems you report via the bug report form. You may optionally include sanitized diagnostic data with your report — you can review this data before it is sent. Diagnostic data is only used to resolve your reported issue and is deleted upon resolution. You may request deletion at any time.
  • To understand how the application is used so I can improve it (your information is fully anonymized).

AI-Powered Analysis

AgileViz includes an optional AI analysis feature that generates flow-efficiency insights from your chart data. When you use this feature:

  • What is sent: Aggregate flow statistics (percentiles, item counts, WIP averages, throughput rates), column names, your team name, and your answers to the analysis questionnaire. Your Azure DevOps organization and project names are not sent.
  • What is never sent: Work item titles, descriptions, assigned-to names, or any other individual work item content.
  • Who processes it: Analysis requests are processed by Anthropic (maker of Claude) via their API. Anthropic’s data usage policy does not use API inputs for model training. See Anthropic’s privacy practices for details.
  • No storage: Neither AgileViz nor Anthropic stores your analysis data after the response is generated. Your questionnaire answers are saved in your browser’s local storage so you don’t have to re-enter them.

Information I Do Not Collect

  • Your Azure DevOps data (work items, area paths, iteration paths, board details, etc.). This data is processed in your browser and is never stored or logged anywhere.
  • I do not use your data for profiling, targeted advertising, or marketing purposes, and I do not share your data with third parties for advertising.

Sharing of Personal Information

I do not sell, rent, or share your personal information with third parties except for the service providers listed below. I will never sell your personal information.

Service Providers (Sub-Processors):

Data Retention & Deletion

  • Account data I hold (names, email hashes, preferences) is automatically deleted 30 days after your subscription ends. Billing data held by Stripe is subject to Stripe’s data retention policy; I do not store billing or payment information in my systems.
  • Notification subscription data is deleted immediately when you unsubscribe, using the link in any notification email or via one-click unsubscribe in supported email clients.
  • Anonymized usage data (Cloudflare Web Analytics) is retained for up to 12 months for service improvement.
  • You may request deletion of your personal data at any time — simply use the contact form. I will respond within 30 days and delete it promptly, even when not legally required to do so.

Data Security

I use industry-standard measures including HTTPS everywhere, secure headers via Cloudflare, and regular security reviews. Personal information (names and email addresses) is encrypted at rest using AES-256-GCM. License email addresses are stored as one-way HMAC-SHA256 hashes, making them impossible to reverse.

Because Azure DevOps data is never stored in my systems, the stored personal data is limited to names, email addresses, and billing information. Names and email addresses are encrypted at rest as described above. Billing data is handled exclusively by Stripe and never touches my systems. See Security page for more details.

Data Breach Notification

In the unlikely event I discover a breach involving your personal information, I will notify affected users within 72 hours of discovery.

Your Rights

You have the right to:

  • Access the personal data I hold about you.
  • Correct inaccurate data.
  • Delete your personal data.
  • Object to or restrict processing based on legitimate interest.
  • Data portability — receive your data in a portable format (where applicable).
  • Withdraw consent at any time for consent-based processing (such as content notifications) without affecting the lawfulness of prior processing.
  • Non-discrimination — exercising your privacy rights will never affect your access to or pricing of the service.

Contact me for any of the above via the contact form. I will respond within 30 days.

For European Economic Area (EEA) Residents

If you are located in the EEA, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed in violation of applicable law. A list of supervisory authorities is available at edpb.europa.eu.

I rely on Standard Contractual Clauses and other approved mechanisms with my sub-processors to ensure an adequate level of protection for international data transfers.

For California Residents

Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale or sharing of personal information. I do not sell or share your personal information as defined by the CCPA. To exercise your rights, use the contact form.

For Texas Residents

Under the Texas Data Privacy and Security Act (TDPSA), you have the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of the sale of personal data, targeted advertising, and profiling that produces legal or significant effects. I do not sell your personal data, engage in targeted advertising, or profile you. To exercise your rights, use the contact form.

Children’s Privacy

This service is not directed to individuals under the age of 18, and I do not knowingly collect personal information from children under 18.

Changes to This Policy

I will email all active subscribers and post a prominent notice on the site if I make material changes to this policy. Non-material changes (clarifications, typo fixes) may be made without notice.

Governing Law

This policy is governed by the laws of the State of Texas, United States.

Contact Me

For any questions or requests regarding your personal information or this privacy policy, please use the contact form or write to:

Richard Mouser
P.O. Box 32
Dime Box, TX 77853
United States

Feedback