Privacy Policy
Last updated: July 11, 2026
This policy describes what data the Trailmap extension for Azure DevOps processes, where it is stored, and what leaves your environment. The short version: your work item data never leaves your Azure DevOps organization. The only thing our servers ever see is an anonymous organization identifier used for licensing.
Who we are
Trailmap is developed and operated by Václav Mudra, a sole trader registered in the Czech Republic (European Union), acting as the data controller for the limited data described below. Contact: see the Support page.
What the extension does with your data
Trailmap runs entirely inside your Azure DevOps organization as a sandboxed
browser extension. It reads work items, iterations, teams and backlog
configuration through the official Azure DevOps REST APIs, using the
permissions you grant at install time (vso.work — read work items;
vso.project — read project and team metadata). All reading and
rendering happens in your browser. Trailmap is read-only: it never creates,
modifies or deletes work items.
Where your settings are stored
Saved views and preferences are stored using the Azure DevOps Extension Data Service, which is hosted by Microsoft inside your Azure DevOps organization and governed by your existing Microsoft agreements. We have no access to it.
What our servers receive
| Data | Purpose | Stored where |
|---|---|---|
| Azure DevOps organization ID (a random GUID) and organization name | License and trial validation — determining whether your organization has an active subscription | Our licensing service (Cloudflare Workers, EU jurisdiction applies) |
| License status, trial dates, subscription identifiers | Operating your subscription | Same as above |
No work item titles, descriptions, user names, e-mail addresses or any other project content is ever transmitted to us. The extension contains no analytics or tracking scripts and sets no cookies.
Payments
Subscriptions are processed by Paddle acting as the Merchant of Record. When you purchase a subscription, your billing details (name, e-mail, payment method, billing address) are collected and processed by Paddle under Paddle's privacy policy. We receive only the subscription status and an identifier linking it to your organization — never your payment details.
Data retention and deletion
Licensing records are kept for as long as your organization has an active trial or subscription, and for up to 3 years afterwards for accounting and tax purposes as required by Czech law. You can request deletion of your organization's licensing record at any time via the Support page; we will delete everything not subject to a statutory retention duty within 30 days.
Your rights (GDPR)
If you are in the EU/EEA, you have the right to access, rectify, delete, restrict or object to the processing of your personal data, and the right to data portability and to lodge a complaint with a supervisory authority (in the Czech Republic: ÚOOÚ, uoou.gov.cz). Note that the licensing service processes organization-level identifiers, not personal data, in normal operation; personal data enters the picture only through support correspondence and Paddle billing.
Changes to this policy
We will post any changes on this page and update the date above. Material changes will additionally be announced in the extension's Marketplace changelog.