Privacy Policy
Effective date: 1 July 2026
This Privacy Policy explains how Team Manager (“we”, “our”, “the Service”), operated at interaction.hk, collects, uses, and protects personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”).
1. Personal data we collect
When you use Team Manager we collect:
- Account data — your name and email address, provided at sign-up.
- Usage data — projects, tasks, deadlines, and notes you create inside the Service.
- Technical data — IP address, browser type, and session logs, collected automatically for security and debugging.
We do not collect payment card details, government ID numbers, or sensitive personal data as defined under the PDPO.
2. Purpose of collection
We collect personal data solely to:
- Provide and operate the Team Manager service (task scheduling, project management).
- Send transactional emails — account confirmation, password reset, deadline reminders — using your email address.
- Monitor service reliability and investigate errors.
- Comply with applicable laws.
We will not use your personal data for direct marketing without your separate explicit consent.
3. Third-party data processors
We engage the following sub-processors, each bound by data processing agreements. Your data may be transferred to and stored in the United States or other jurisdictions outside Hong Kong as a result — see Section 4 on cross-border transfers.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | USA (AWS) |
| Resend | Transactional email delivery | USA |
| Netlify | Web hosting and server functions | USA |
| Sentry | Error monitoring | USA |
4. Cross-border data transfers
As noted above, your personal data is stored and processed in the United States by our sub-processors. We have taken contractual steps to ensure those processors provide a standard of protection substantially similar to that required under the PDPO, including the use of standard contractual clauses and appropriate technical safeguards (encryption in transit and at rest).
5. Data retention
We retain your personal data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except where retention is required by applicable law or for legitimate dispute-resolution purposes.
6. Security
We implement technical and organisational measures to protect your personal data, including TLS encryption in transit, AES-256 encryption at rest, row-level security on the database, and access controls that restrict data to its owner. No system is completely secure; we encourage you to use a strong, unique password.
7. Your rights under the PDPO
Under the PDPO you have the right to:
- Access the personal data we hold about you (Data Access Request).
- Correct any inaccurate personal data (Data Correction Request).
- Delete your account and associated personal data.
To exercise these rights, email privacy@interaction.hk. We will respond within 40 days as required by the PDPO. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD).
8. Cookies and session data
We use strictly necessary cookies to maintain your authenticated session. We do not use advertising cookies or third-party tracking cookies.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email to registered users at least 14 days before they take effect. The effective date at the top of this page always reflects the current version.
10. Contact
For privacy-related enquiries, please contact us at privacy@interaction.hk.
This policy is written in English. In case of any inconsistency between the English version and any translation, the English version shall prevail.