Privacy Policy

Effective: October 4, 2019

Data privacy is important. Please read this carefully.

We respect your privacy. This Privacy Policy explains our privacy practices and how we handle the information we process. When you use Aha! Labs Inc. websites, services, applications, and documentation, you are agreeing to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Privacy Policy.

If you have feedback or suggestions on our Privacy Policy, please email us at

At Aha! Labs Inc. (“Aha!”), we respect and protect the privacy of visitors to our website (together with the other accounts and websites we own or control, the “Aha! Websites”), and our customers who use our on-demand product roadmap and marketing planning solution, tools, and services offered on the Aha! Websites (together with the Aha! Websites, the “Service”). This Privacy Policy (“Policy”) explains how we collect and use (“process”) visitors’ and customers’ information as part of the Service. Any discussion of your use of the Service in this Policy is meant to include your visits and other interactions with the Aha! Websites, whether or not you are a customer or user of our on-demand product roadmap and marketing planning solution.

Aha! strives to follow these concepts when it processes personal information:

  1. Transparency. We tell you what we are collecting. We disclose the subprocessors that we use to provide the Service. We do not give, sell, rent, or loan personal information to third parties.

  2. Purpose limitation. We process personal information for the reasons that we tell you when collecting it (or that you tell us). We collect what is necessary to fulfill that purpose.

  3. Security. We take reasonable and appropriate measures to protect personal information.

  4. Individuals rights. We provide you with access to your personal information and allow you to exercise your rights in that information. Opt-out requests are promptly honored.

What information does Aha! process?

“Personal information” is information or an information set that identifies or could be used by or on behalf of Aha! to identify an individual.

We process the following personal information: name, username, address, email, phone, IP address, LinkedIn url, social media handles, credit card, and payment information. Aha! does not seek to collect any sensitive data through the Service (e.g., health status; political opinions or religious/philosophical beliefs; trade-union membership; or racial or ethnic origin).

“Other information” is any information that is not personal information. Other information includes:

Why does Aha! process personal information?

We need to process personal information to provide the Service

When you register for the Service, we ask for personal information, such as your name, address, phone number, email address, and credit card information.

Depending on the purpose it is collected for, Aha! uses that information to:

In all cases, Aha! has a legal basis for processing personal information and the most common ones are: consent; necessary for the performance of (or at your request prior to entering into) a contract with Aha!; or there is a legitimate interest.

You’ve asked us to

As a customer, you may ask us to process personal information as part of a contractual arrangement (e.g., DPA). In that case, we will only process information for the express purpose that you authorize us to.

When we are legally compelled to disclose it

Aha! may disclose personal information in response to subpoenas, court orders, legal process, lawful requests by public authorities (including to meet national security or law enforcement requirements), or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.

Aha! is not processing your personal data when you link or integrate with a third-party application website

The Service contains links to other websites and allows you to integrate with web applications that are not owned or controlled by Aha! Please be aware that we do not determine and are not responsible for the privacy practices or content of such other sites or applications. Once clicked or enabled, those third parties may share certain information with Aha! We encourage you to be aware when you leave the Service and to check the privacy settings and notices of those third parties to understand what data may be disclosed or processed.

Who does Aha! share personal information with?

Aha! uses subprocessors to assist with the delivery of the Service. These subprocessors have access to personal information only to assist Aha! to process that data as you have authorized. All subprocessors are subject to a check in which Aha! reviews privacy, security, and confidentiality practices. Aha! currently uses the following subprocessors to assist it in providing its on-demand product roadmap and marketing planning solution:

Aha! uses the following subprocessors for other areas of its business, separate from the actual provision of its on-demand product roadmap and marketing planning solution:

How long is personal information retained?

Aha! Labs Inc. will retain personal information we process on behalf of our customers for as long as needed to provide Service to our customers, subject to our compliance with this Policy (and your rights as you choose to exercise them). We may further retain and use this personal information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate interests.

What rights do you have to personal information?

Access, Correction, Objection, and Portability Rights

You have the right to request access to, rectification of errors in, or erasure of your personal information. You also have the right to object to the processing of your personal data and to receive a copy of your personal information in a structured, commonly used, and machine-readable format. For individuals in the EU, you may always lodge a complaint with your local data protection supervisory authority.

If you wish to exercise the above rights, you can update or change the personal information you have provided Aha! by logging into the Service and providing such additional information where applicable. Be advised that there may be legal conditions or limitations on these rights. If you have additional questions about exercising these rights, please contact us at

Opt-Out Rights

If you would like to stop receiving marketing communications from us, either email us at or follow the unsubscribe instructions included in each marketing email.

How seriously does Aha! take its data protection obligations? (Answer: Very seriously)

Security of personal information

Aha! is committed to ensuring the security of your personal information through reasonable and appropriate measures to protect it from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

We utilize precautions to protect the confidentiality and security of the personal information within the Service, by employing technological, physical and administrative security safeguards, such as firewalls and other security procedures. For example, when you enter sensitive information (such as login credentials and all your activity on our Service platform), we encrypt the transmission of that information using transport layer security technology (TLS). These technologies, procedures, and other measures are used in an effort to ensure that your data is safe, secure, and only available to you and to those you authorized to access your data. However, no internet, email, or other electronic transmission is ever fully secure or error-free, so you should take care in deciding what information you send to us in this way.

Privacy Shield notice

Aha! complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States in reliance on Privacy Shield (collectively, “Privacy Shield”). Aha! has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (under both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework) with respect to such information. In cases where Aha! receives personal information under Privacy Shield and subsequently transfer it to a third party subprocessor, Aha! potentially remains responsible if personal information is processed in a manner inconsistent with the Privacy Shield Principles.

If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit

In compliance with the Privacy Shield Principles, Aha! commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Privacy Shield policy should first email Aha! at If a complaint remains unresolved, Aha! has committed to refer such Privacy Shield complaints through the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at Aha! Labs Inc. will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints brought under Privacy Shield. These recourse mechanisms are available at no cost to you.

The Federal Trade Commission has jurisdiction over Aha!'s compliance with this Policy and the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. As a last resort, privacy complaints that remain unresolved after pursuing the above channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission.

No use of Aha! by minors

Aha! does not knowingly collect personal information from individuals below the age of 18. If we learn that we have collected or received personal data from an individual under 18 without verification of parental consent, we will delete that information. If you believe Aha! might have any personal information from or about a child under 18, please contact

California privacy rights

California Civil Code Section § 1798.83 permits users of the Service that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to

When does Aha! update this Policy?

We may change this Policy from time to time. We will post the changes to this page. If we make changes that materially alter your privacy rights, Aha! will provide additional notice. If you disagree with changes to this Policy, you should deactivate your account for the Service. Your continued use of the Service constitutes your agreement to be bound by such changes to this Policy.

Who can you contact with questions about privacy?

To exercise any of the rights mentioned in this Policy or if you have questions regarding this Policy, please email us at

Cookie Notice

To make our website and other communications related to the Service work properly, we sometimes place small text files (cookies) on your device when you use the Service.This Cookie Policy (the “Policy”) provides information about how and when we use cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy.

What is a cookie?

A “cookie” is a small software file stored temporarily or placed on your computer's hard drive. The main purpose of a cookie is to allow a web server to identify your computer and web browser and then tailor web pages and login information to your preferences. Cookies last for one of two time periods:

Cookies help us promptly display the information you need to use the capabilities of the Service and other information which we consider to be of interest to you. Cookies do not typically contain personal information but can be linked to personal information that you have already provided us. By gathering and remembering information about your website preferences through cookies, we can provide a better web and marketing experience.

Does Aha! use cookies?

Yes. When you use the Service, we utilize session cookies, which allow us to uniquely identify your browser while you are logged in and to process your online transactions. Session cookies disappear from your computer when you close your web browser or turn off your computer.

We also utilize persistent cookies to identify you as an Aha! customer, agent, or end user and make it easier for you to log into and use the Service. Persistent cookies remain on your computer after you close your web browser or turn off your computer.

The above-described cookies are further categorized as follows:

What cookies does Aha! use in the Service?

Aha! uses the following cookies in the Service:





Aha! sessions and login




Aha! performance



New Relic

Aha! videos


2 years


Aha! support sessions


Various under 1 year


Aha! billing


Various under 1 year


Aha! analytics


Various under 2 years




Various under 2 years

Google and Aha!



Various, up to 5 years

Crazy Egg*



Various under 2 years




Various under 2 years




Various under 90 days

Facebook and Aha!



Various under 2 years




Various under 2 years




Various under 17 years




Various under 1 years

The Trade Desk

*For more information on the privacy practices of Crazy Egg, click here.

How does Aha! use cookies in its product roadmap and marketing planning solutions?

Aha! restricts the use of marketing cookies in its product roadmap and marketing planning solutions. Aha! does not use marketing cookies on pages that display your product roadmap and marketing planning data. Aha! does use the above Google Analytics cookies on some public pages such as login screens. If consent is required for any of those cookies and consent has not already been received, then the cookie will not be set.

Can cookies be turned off?

You can generally accept or decline the use of cookies through functionality built into your web browser. We obtain consent for placement of non-essential cookies in jurisdictions that require it. To revoke your consent, you should delete the cookies.

If you want to learn more about cookies or how to control or delete them, please visit for detailed guidance. In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here. To learn more about this feature from Crazy Egg, click here. Please note that if you do elect to disable your web browser's ability to accept cookies, you may not be able to access or take advantage of many features of the Service.

It is our hope that you find the display of advertising to you based on your anonymous interests valuable. If you would prefer not to participate in the services offered through these solutions, you can always opt-out of tailored advertising for services that support opt-out by visiting the Network Advertising Initiative (NAI) website by clicking:

How does Aha! respond to Do Not Track signals?

Currently, there is no consensus on what “Do Not Track” means and how to respond to “Do Not Track” signals. For that reason, we do not respond to those signals. Be advised that third parties linked from or integrated with the Service set their own policies regarding responses to Do Not Track signals.

Updates in this version:

Aha! is the world's #1 roadmap software
The world's #1 roadmap software