Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Redmine is an open source, self hosted project management and issue tracking web application built with Ruby on Rails. It provides issue tracking, Gantt charts, time tracking, wiki, forums, and multi project support. As a fully self hosted solution with no cloud service or corporate telemetry, Redmine provides maximum data sovereignty and is one of the most privacy friendly project management tools available.
Redmine is a free, open source project management and issue tracking web application written in Ruby on Rails. It supports multiple projects, issue tracking with custom fields and workflows, Gantt charts, time tracking, wiki pages, forums, document management, and role based access control. Redmine is entirely self hosted with no cloud offering from the Redmine project. It is one of the most mature open source project management tools with an extensive plugin ecosystem.
Redmine sets a session cookie (_redmine_session) for authenticated users and optionally a remember me cookie for persistent login. As a self hosted application, all data remains under the organisation''s complete control with no third party data processing. There is no corporate telemetry, analytics collection, or external data transmission. GDPR compliance depends entirely on how the organisation configures and operates the Redmine instance. The legal basis is typically contract performance or legitimate interest for internal project management.
No DPA or transfer safeguards needed as no third party is involved. Configure HTTPS for all connections. Implement strong authentication and RBAC. Enable database encryption at rest. Set up regular encrypted backups. Implement data retention by archiving and deleting old projects. Train team members on data minimisation in issue descriptions. If exposing Redmine publicly, implement cookie consent for the session cookie. Alternatives include YouTrack, Taiga, OpenProject, and Plane (open source).
Websites using Redmine must obtain user consent under GDPR regulations.
DPIA considerations
DPIA recommended when Redmine stores sensitive project data at scale. As a self hosted tool, all data remains under organisational control. Assess: issue content sensitivity, user account data, file attachments, time tracking data, wiki content, and the hosting infrastructure security configuration.
Sample consent text
This site uses Redmine for project management. All data is stored on our own servers under our direct control. Please refer to our privacy policy for information about how your data is processed.
Third-party domains contacted
www.redmine.orgCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _redmine_session | authentication | Session | Rails session cookie for authenticated access. |
| autologin | authentication | 1 year | Persistent login cookie for the remember me feature. |
Redmine uses cookies for user preferences — inform visitors with a consent banner.
_redmine_session (session cookie) and optionally a remember_me persistent login cookie. No third party cookies or analytics.
Not for internal use. If publicly accessible, session cookies may require ePrivacy notice.
Contract performance or legitimate interest. No third party processing involved.
None. Fully self hosted. Data stays wherever you deploy it.
Only if storing sensitive personal data at scale.
HTTPS, strong authentication, RBAC, database encryption, backups, data retention, minimisation training.
YouTrack, Taiga, OpenProject, Plane, Gitea (with issue tracking).
Document _redmine_session and remember_me cookies if publicly accessible. No third party data processing to disclose.