Effective date: May 5, 2025

At Gain Momentum, LLC (“Momentum,” “we,” “us,” or “our”), we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we handle personal and other data through our software-as-a-service platform (the Service). By using the Service, you agree to the practices described in this policy.

Also note that your use of the Service is at all times subject to our Terms of Service.

1. What This Privacy Policy Covers

This Privacy Policy covers how we collect, use, share, and protect personal data and other information when you use the Service. “Personal data” means information that can identify you, such as your name or email address. We also collect non-personal data, like anonymized usage statistics, to improve the Service. Examples are provided throughout the Privacy Policy, but note that they are not intended to represent an exhaustive list.

This Privacy Policy applies only to data we control. Momentum integrates with third-party services such as Jira, and we are not responsible for the data practices of such companies which we don’t own or control. Please review the privacy policies of third parties for details on how they handle your data.

2. Categories of Personal Data We Collect

The following list includes categories of the types of personal data we collect:

Profile Data: Data you provide to create and manage your account on the Service. Examples include first and last name, email address, company name.

Jira Integration Data: Data accessed or processed through your authorized connection to Jira to enable functionality of the Service. Examples include project names, task descriptions, task comments, Jira user IDs.

Payment Data: Information needed to process payments for the Service. Examples include payment card type, last 4 digits of payment card, billing address, phone number, email address.

Device and Usage Data: Information about how you interact with the Service to improve performance and user experience. Examples include IP address, device type, operating system, browser type, pages visited, feature usage metrics.

3. How We Collect Personal Data

We collect personal data in the following ways:

Directly From You: When you sign up for the Service, authorize access to third party services, or contact us for support.

Automatically: We collect usage data through cookies, server logs, and analytics tools when you use the Service. Essential cookies enable core functionality, while non-essential cookies are supportive (e.g., for analytics). You can manage cookie preferences in your browser.

Through Third Party Integrations: After you authorize the Service to access third party data by, for example, providing an API token, logging in via OAuth, or installing an app.

From Third Parties: We may receive limited data from service providers (e.g., payment processors) to facilitate our operations.

4. How We Use Personal Data

We use personal data to:

• Provide, maintain, and improve the Service.

• Process payments and manage your account.

• Communicate with you, such as sending service updates or responding to inquiries.

• Analyze usage trends to enhance functionality and user experience.

• Comply with legal obligations or protect our rights.

5. How We Share Personal Data

We may share personal data as follows:

With Third Party Integrations: Limited data is shared with third parties, such as Atlassian for Jira integration, to enable integrations and provide relevant functionality in the Service.

With Service Providers: We use trusted third parties to support our operations. For example, for hosting, analytics, support, payment processing.

For Legal Reasons: We may disclose data if required by law, such as to comply with a court order or protect our rights.

Business Transfers: If Momentum is involved in a merger or acquisition, your data may be transferred as part of the transaction.

We do not sell your personal data.

6. Data Security and Retention

We are committed to safeguarding your personal data and take reasonable steps to protect it from unauthorized access, use, or disclosure. We implement physical, technical, organizational, and administrative security measures tailored to the type of data we collect and how we process it. These measures include encrypting data both in transit and at rest, restricting access to authorized personnel only, and conducting regular security reviews to address potential risks. You can help protect your data by choosing a strong password, securing your sign-on credentials, limiting access to your devices, and logging out after using the Service. While we strive to maintain robust security, no method of transmitting or storing data online is entirely secure, and we cannot guarantee absolute protection.

We retain your personal data only as long as necessary to provide the Service and fulfill our obligations to you. For example, we keep account information and integration data while your account is active to ensure seamless functionality, such as syncing tasks or projects with Jira. Once your account is closed, we delete your personal data within 90 days, unless we are required to retain it longer to comply with legal obligations, resolve disputes, or enforce our agreements. In such cases, we retain only the minimum data needed and, where possible, anonymize or aggregate it so it is no longer personally identifiable.

7. Personal Data of Children

The Service is not intended for users under 16 years old. As such, we do not knowingly solicit or collect personal data from children. If we learn such data has been collected, we will delete it promptly. Contact us if you believe we have collected a child’s data.

8. User Rights

Depending on your location, you may have certain rights to manage your personal data, pursuant to local law. To exercise these rights, please contact us (see “Contact Information”). For third party data, requests may need to be directed to the applicable third party service.

8.1 California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents may:

• Access the personal data we collect, use, or share about you.

• Request deletion of your personal data.

• Opt out of the sale of personal data (note: we do not sell your data).

• Not face discrimination for exercising these rights.

To submit a request, email us (see “Contact Information”) with “CCPA Request” in the subject line, including your name and account email. We may need additional information to verify your identity.

8.2 Residents of Other US States

If you reside in other states with privacy laws (e.g., Nevada, Virginia, Colorado, Connecticut), you may have other rights like opting out of data sales, or accessing or deleting your personal data. Note that we do not sell personal data so no data sales opt-out is needed. To exercise other rights, email us (see “Contact Information”) with your request, including your name and account email.

8.3 EU Residents (GDPR)

If you are a resident of the European Union, United Kingdom, Liechtenstein, Norway, or Iceland, you have rights under the General Data Protection Regulation (GDPR). “Personal data” refers to information that identifies you, and “processing” includes actions like collecting, storing, or sharing it. We process personal data based on lawful grounds, including:

Contractual Necessity: To provide the Service, which requires that certain data be processed so that Momentum can honor its obligations per the Terms of Service.

Legitimate Interests: To improve our services, ensure security, or communicate with you.

Consent: To provide additional services or optional features, in which cases agreement will be explicitly requested at the time of collection.

Legal Obligations: To comply with laws or protect our rights.

You have the following rights regarding your personal data:

• Access: Request details about the personal data we hold and receive a copy.

• Rectification: Correct inaccurate or incomplete data.

• Erasure: Request deletion of your data, subject to legal exceptions.

• Restriction: Limit how we process your data in certain cases.

• Portability: Obtain your data in a machine-readable format or request transfer to another controller.

• Objection: Object to processing for specific purposes, like marketing.

• Withdraw Consent: Revoke consent where applicable, though this may limit service access.

• File a Complaint: Contact your local Supervisory Authority (see EDPB list).

To exercise these rights, email us (see “Contact Information”) with “GDPR Request” in the subject line. We may request verification details to confirm your identity. Note that we may not fulfill requests that are impractical, harm others’ rights, or are not legally required, but we will always respond to explain our decision.

8.4 International Data Transfers

The Service is hosted and operated in the United States through Momentum and our service providers. If you are located outside the US, your personal data may be transferred to, stored, and processed in the US or other countries where our infrastructure or partners operate. These jurisdictions may have data protection laws that differ from those in your country.

To comply with applicable laws, such as the General Data Protection Regulation (GDPR), we implement safeguards to protect your personal data during international transfers, pursuant to: a) Standard Contractual Clauses: Legally binding agreements approved by the European Commission to ensure adequate data protection, a copy of which can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32021D0914; b) Binding Corporate Rules: Where applicable, we or our partners may use internal policies aligned with GDPR standards to govern cross-border data flows; or c) Other Approved Mechanisms: In certain cases, we may rely on industry- or technology-specific codes of conduct or certifications recognized by EU authorities.

By using the Service, you acknowledge the transfer of your personal data to the US and other countries as described. For questions about our transfer practices or to request details about our safeguards, email us (see “Contact Information”).

9. Changes to This Privacy Policy

Momentum may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through the Service. Continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Gain Momentum, LLC

support@gainmomentum.ai

1111B S Governors Ave STE 23889, Dover, DE 19904 US