info
Service messageOpen Beta - Please let us know if you encounter any issues. Join our Discord for support and updates.(Contact support)
← Back to Home·

Privacy Policy

Effective date: 2026-04-28

1. About this policy

Pracboard is a training platform for structured practice. This Privacy Policy explains what personal data we collect, why we collect it, how we handle it, and the measures we take to keep it secure in accordance with the GDPR.

2. Data controller

The data controller for Pracboard is WAZABI.

For privacy-related questions or requests, contact us at contact@pracboard.gg.

Our full legal company details (including CVR and registered address) are listed on our Legal contact page.

3. What personal data we collect

Providing account and identity data is required to create and use a Pracboard account. Some features involve additional data processing depending on how you use the service. For example, billing-related data is only processed if you subscribe to a paid plan, and Google Calendar data is only processed if your team enables the optional integration.

  • Account and identity data: user ID, email address, and account data received from your chosen login provider, such as Discord.
  • Profile and usage data: username (editable), plan status (free/paid), team membership, and activity created within the platform, for example tasks, boards, training-related content, collaboration activity, and certain activity timestamps where needed for service maintenance and lifecycle management.
  • Connected service data (if enabled): if your team enables optional Google Calendar integration, we process the data needed to provide those features. For Google Calendar integration this includes calendar identifiers, calendar metadata, event data necessary to display, create, update, and manage practice events in a connected Google Calendar, and authorization tokens required to maintain that connection securely.
  • Billing and transaction data: if you subscribe to a paid plan, we process billing and subscription-related records as required to manage payments and subscriptions through our payment provider (Stripe).
  • Technical and security data: authentication and session data, strictly necessary cookies, and security-related logs required to operate and protect the service.

Data accessed through Google Calendar integration is used only to provide and support the relevant functionality within Pracboard. We do not use this data for advertising, profiling, resale, or any unrelated purposes.

We do not use third-party advertising or marketing trackers. We may display our own on-platform service messages and product information, such as updates, notices, and important service information.

4. Why we process your data

  • To create and manage your account.
  • To provide and maintain platform functionality.
  • To support training workflows, collaboration features, and team organization.
  • To provide and maintain integrations, including enabling, operating, and allowing disconnection of optional integrations where available.
  • To manage subscriptions and payments.
  • To secure the platform and prevent abuse.
  • To display important service-related announcements.
  • To comply with legal obligations.

If you request account deletion, access to your account may be restricted or terminated before permanent deletion is completed.

5. Legal basis

We process personal data based on the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b)): when you use Pracboard, use optional product features or integrations, or subscribe to a paid plan.
  • Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, system integrity, displaying essential service announcements, and improving platform reliability.
  • Legal obligation (Art. 6(1)(c)): where required under applicable law.

If optional analytics or marketing features are introduced in the future, we will request consent before enabling them.

6. Cookies

We use strictly necessary cookies for authentication, session management, and security. These cookies are required for the service to function.

These cookies do not require consent under applicable law because they are strictly necessary for the service to function.

If non-essential cookies are introduced in the future, consent will be requested before activation.

7. Sharing & processors

We do not sell personal data. We only share personal data where it is necessary to operate the service, provide requested features, or where users choose to share content within the platform.

Personal data may be shared in the following situations:

  • Service providers: we use trusted data processors to operate the platform, including infrastructure, authentication, storage, and payment processing.
  • Within your team: content you create, such as tasks, boards, and training data, and basic profile information, such as username and team membership, may be visible to other members of your team as part of the core functionality of Pracboard.
  • User-controlled sharing: if you choose to share data through platform features, that data may remain available as part of share functionality in order to ensure other users can continue to access it and the system remains consistent. Where appropriate, we aim to remove or minimize the connection to a deleted account.

Some of our service providers may process data outside the EU/EEA.

  • Supabase (authentication and database infrastructure)
  • Cloudflare R2 (secure storage)
  • Discord (OAuth login provider)
  • Google (Google Calendar integration via Google APIs)
  • Stripe (payment processing)
  • Vercel (hosting infrastructure)
  • Render (service and infrastructure hosting)

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

  • Account data: retained while your account is active.
  • Account deletion requests: when you request deletion, your account is placed in a deletion grace period of up to 14 days before permanent deletion is carried out.
  • Billing and payment-related records: retained for as long as required under applicable accounting, tax, and payment rules.
  • Security logs: typically retained for 30–90 days. Some audit, billing, and system integrity logs may be retained longer, up to 12 months, where necessary for fraud prevention, legal obligations, or security-related investigations.
  • Demo and training content: retained while needed to provide the service and collaboration features, unless deleted earlier by the user or as part of account deletion.

Some shared or platform-level assets may be retained after account deletion to preserve shared team content, platform functionality, or other users' references to that content. Where possible, such data is disassociated from the deleted account.

9. Your rights

Under the GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion.
  • Restrict processing.
  • Object to processing based on legitimate interests, where applicable.
  • Data portability.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Danish Data Protection Agency (Datatilsynet) if you believe your personal data is being processed unlawfully.

To exercise your rights, contact contact@pracboard.gg.

10. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects. Automated security mechanisms may be used to prevent fraud and misuse.

11. Children and age requirement

Pracboard is intended for users aged 16 or older and we are not knowingly collecting personal data from a user under 16 years of age. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data.

12. Changes

This Privacy Policy may be updated from time to time. Material changes will be reflected by updating the effective date above. Continued use of Pracboard after such changes take effect means the new version will apply going forward.

13. Data security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, disclosure, or alteration.

These measures include:

  • Encrypted data transmission using HTTPS/TLS.
  • Encryption of stored data where supported by our infrastructure providers.
  • Secure authentication and session management.
  • Access controls and role-based permissions.
  • Use of trusted infrastructure providers with industry-standard security practices.
  • Monitoring and logging of suspicious or abusive activity.

Access to personal data is limited to what is necessary to operate the service. Optional integrations are accessed through secure authorization mechanisms provided by the relevant service, and we do not receive or store user passwords for connected services.

Data processed through third-party integrations, including Google Calendar, is transmitted securely, accessed only through authorized connections, and protected by access controls and restricted internal access in accordance with the security measures described above.

We review and update our security practices where appropriate in light of the nature of the service, the data processed, and relevant operational risks.

Terms of ServiceLegal contact