Taskeract Privacy Policy

Effective Date: April 29, 2025

Thank you for using Taskeract! We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and share it, and your rights with respect to that information. This Policy applies to all users of the Taskeract SaaS platform, website, and related services (collectively, the "Service"). By using Taskeract, you consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use the Service.

Acqusys, LLC ("Taskeract", "we", "us", or "our") is the data controller for personal information collected via the Service. We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as applicable. We aim to be transparent about our privacy practices and help you understand your choices.

1. Information We Collect

We collect personal information that you provide to us directly, information that is collected automatically when you use the Service, and information from third parties (such as social login providers or service partners). The types of information we collect include:

  • Account Information: When you register for Taskeract via a social login (GitHub, Google, Microsoft, Atlassian, etc.), we receive basic profile information from the provider. This typically includes your name, email address, and possibly a profile photo or username, depending on what the provider shares. We store an identifier associated with your third-party account (for example, an OAuth ID or token) to authenticate you. If you create a profile within Taskeract, we may also store any additional profile details you provide (such as a display name or avatar).

  • Contact Information: If you sign up for newsletters (if offered), or contact us for support, we collect the email address and any other contact details you provide. We also keep records of correspondence such as support requests or feedback you send us.

  • Project Content: Taskeract is a project management tool, so any data you input into the platform is collected and stored on our systems. This includes project names, descriptions, feature definitions, user stories, tasks, comments, attachments, or any other content you upload or generate within the Service. This content may include proprietary or sensitive information about your projects or business. We treat all User Content as confidential and do not access or use it for purposes outside of providing the Service (except as needed for security or legal compliance, or as authorized by you). For example, if you write a task description or upload a file, that information is stored to display back to you and to those you share it with (if sharing features exist). It may also be processed by our AI features at your request (see below), but we do not use your content to train our AI models or otherwise exploit it.

  • AI Interaction Data: If you use the AI-assisted features, we will collect the prompts or questions you submit and the AI outputs generated. For instance, if you ask the AI to suggest a task breakdown, the prompt and resulting suggestion are recorded. This is considered part of your Content. We may store these interactions to display to you (e.g., maintaining a history of suggestions) and to improve the feature for you (such as remembering context during a session). However, as stated, this data is not used to train Taskeract's underlying AI model beyond your immediate session, and we only use AI providers who do not train on your data or have a configuration option to not use it for their model training either which we enable. We will not knowingly use an AI provider that trains on your data (or our own data).

  • Web Search Queries: Similarly, if you utilize a feature that performs a web search via Tavily (or another search service), we collect the search query you posed and the results that were returned to the Service. The query is sent to the third-party search provider to retrieve results, and may be logged by that provider. We store the fact that a search was made and the content needed to present you with the AI-generated summary of the search results.

  • Payment Information: If you subscribe to a paid plan, our third-party payment processor (Stripe) will collect your payment details. This includes your credit card number, expiration date, CVV, billing address, and any relevant financial information. Taskeract itself does not receive or store your full credit card details. We do receive limited information about your transactions from Stripe, such as your subscription plan, billing status, the last four digits of your card (for reference), payment method type, payment confirmations, and any errors or declines. We may also collect your billing name and address if needed for invoicing or tax purposes. Stripe, as Merchant of Record, handles the tax calculations and may collect information like your country or EU VAT ID to apply correct tax rates.

  • Usage Data: When you use Taskeract, we automatically collect certain information about your device and how you interact with the Service. This includes:

    • Log and Device Data: Internet Protocol (IP) address, device type (desktop, mobile, tablet), operating system and version, browser type and version, screen resolution, and system language. We also log the dates and times of access, pages or screens viewed, and actions taken (e.g., creating a task, using an AI prompt, changing settings).
    • Analytics Data: Through our analytics provider (PostHog), we gather data on feature usage, user flows, and engagement (for example, how often certain buttons are clicked, how long you spend on a page, where users drop off in a process). This data helps us understand usage patterns and improve the Service's design and functionality. Analytics data is typically aggregated and does not include the actual textual content of your projects, but it may include references to identifiers (like project or task IDs) and user identifiers.
    • Cookies and Similar Technologies: We use cookies and similar tracking technologies to provide and optimize our Service. When you log in, our authentication service (Clerk) uses cookies or local storage to maintain your session. These are essential cookies that keep you logged in as you navigate. PostHog (analytics) may set its own cookie or use a unique identifier to track user sessions and distinguish new vs. returning users. We do not use third-party advertising cookies. You can control cookies through your browser settings, but note that disabling cookies may prevent you from using parts of the Service (for example, you won't be able to stay logged in without cookies).
  • Error and Crash Data: Through Sentry (our error tracking tool), we collect data about errors or crashes that occur while you use the app. This can include device state information at the time of the error, such as which API calls were being made, the code path that failed, your user ID (to group errors by user for debugging), and potentially the data values that triggered the error (we try to avoid sending sensitive content, but something like a task ID or name might be included in an error log if it was part of a failing operation). This information is used solely to diagnose and fix technical issues.

  • Information from Third Parties: Besides the social login info and payment data from our processors, we might receive information about you from other sources: for instance, if you were referred to Taskeract through a promotion or partner, we might receive your name/email from that partner (only if you've consented). Or, if we integrate future services (like an option to import data from another app), with your permission we would receive data from those services. This Policy will be updated if and when any such data sharing occurs.

We do not knowingly collect personal information from children under 13. Taskeract is a general audience service not directed to children. If we learn that a user under 13 has provided personal data, we will delete that information. If you are a parent or guardian and believe your child under 13 has an account, please contact us so we can take appropriate action.

2. How We Use Your Information

We use the collected information for the following purposes, all in support of providing and improving Taskeract and as necessary for the performance of our contract with you or for our legitimate business interests (or, in certain cases, with your consent or to comply with legal obligations):

  • To Provide the Service: We use account and authentication information to log you in and maintain your sessions. The content you input (projects, tasks, etc.) is used to display back to you through the interface, to allow you to organize and retrieve your data, and generally to operate core features of the project management platform. For example, we will store your tasks and allow you to edit or delete them, mark them complete, etc. If you upload a file attachment, we will store and retrieve it for you as needed. Essentially, all user-provided data is processed to make the Service function for you.

  • AI-Powered Features: When you engage an AI suggestion or prompt, we use your provided prompt and relevant context from your current project to query our AI providers' API and obtain an AI-generated response. The information is used transiently to get the result and then to show it to you. We may temporarily log the prompt and result to improve the feature for you (such as to allow undo/redo or to refine future prompts), but these logs are not used to train any machine learning models outside of this scope. Also, the data we send to their API should not be used to train their models. The same applies to web search queries via Tavily - we send the query out, get results, and use them to compose an answer for you. We use your data in this context only to generate the output you requested.

  • Communications: We use your contact information (especially email) to send service-related communications. This includes: confirmations of account creation, subscription receipts or invoices, alerts about important changes or usage (e.g., if you are nearing your AI credit limit or if a payment method is expiring), and security notifications like password reset emails or new device login alerts. We may also send you informational messages about new features or updates to the Service. If you contact us with a support issue, we will use your contact info to respond and any information you give us to help resolve your issue. We do not send marketing emails unrelated to the Service unless you have opted in to a newsletter or similar mailing list, and you can opt-out at any time. Transactional and account-related emails, however, may still be sent as they are necessary for service administration.

  • Analytics and Product Improvement: We analyze usage data (via PostHog and our own analysis) to understand how our Service is used. This helps us troubleshoot problems, identify popular or underused features, improve the user experience, and guide our development decisions. For example, we might look at aggregated data to see if a new feature we launched is being used frequently or to discover at which step users drop off during onboarding. We might perform A/B testing by showing slightly different versions of a feature to different groups and using analytics to determine which version performs better. All such analysis is done on de-identified or aggregated data whenever possible, and is part of our legitimate interest in improving our product.

  • Billing and Account Management: We use payment and transaction data to manage subscriptions, process payments, and keep financial records. For instance, if your subscription is up for renewal, we instruct Stripe to charge your card. If a payment fails, we might notify you to update your payment method. We also use your subscription status to determine what features or limits apply (e.g., how many AI credits you have, or if you should have access to "Pro" or "Ultimate" features). We maintain records of your payments and history for accounting, audits, and to handle any billing disputes.

  • Security and Abuse Prevention: We may use information (like IP addresses, logs, and user activity) to monitor for fraudulent, suspicious, or illegal activity. This can include detecting multiple accounts from the same IP that might indicate spam or abuse, monitoring login locations to detect possible account compromise, or checking content for malware. If we detect abuse of the AI (for instance, attempts to generate disallowed content) or other violations, we use data (such as logs of the offending requests) to investigate and respond (which might include limiting functionality or terminating accounts per our Terms). We also use error logs (from Sentry) and other diagnostics to maintain the security and integrity of the Service—finding and fixing vulnerabilities or bugs that could affect your data.

  • Legal Compliance: We may process and retain your information to comply with legal obligations. For example, for tax laws we keep records of payments and customer locations as required for VAT/Sales tax reporting. If we receive a lawful subpoena or request from law enforcement, we may need to provide certain data (after verifying the request's validity). We also use your data as needed to enforce our Terms of Service (such as investigating potential violations) or to exercise or defend legal claims.

  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of Service to another provider, your information may be disclosed or transferred as part of that transaction, in accordance with applicable privacy laws. In such an event, we would ensure the new owner continues to honor the privacy commitments we have made in this Policy.

  • With Your Consent: In cases where you have explicitly given us consent to use your information in a way not covered by the above bases, we will do so in accordance with that consent. For instance, if someday we wanted to highlight a user success story and you agreed to let us use your name or testimony, that would be a use based on consent. You have the right to withdraw any such consent at any time.

We do not engage in automated decision-making that produces legal or similarly significant effects on you without human involvement. The AI features in Taskeract may automate content generation, but they do not make decisions about you; you control how to use the outputs. We also do not profile you in the sense of predicting behavior or preferences for marketing—any profiling is limited to understanding usage for product improvement, not to target or categorize you beyond your interaction with Taskeract itself.

3. How We Share or Disclose Information

Taskeract is not in the business of selling or renting your personal information to third parties. We share information in the following circumstances:

  • Service Providers (Processors): We share data with third-party companies that provide services on our behalf, as listed earlier (Clerk, Stripe, Tavily, PostHog, Sentry, AI service providers, and potentially cloud hosting or email service providers). These companies are bound by contractual obligations to process personal data only as needed to provide their services to us and to protect your data. For example, Clerk receives and stores your authentication info to manage logins; Stripe receives your payment details to process payments and handle taxes; Our AI providers receive the content of your AI prompts to generate a completion; Tavily receives search queries to return results; PostHog receives usage events for analytics; Sentry receives error data to help us debug. We limit the personal data shared to the minimum necessary. These providers are not allowed to use your data for their own unrelated purposes.

  • Within Taskeract (Collaboration): Currently, Taskeract accounts are single-user (single-seat). We do not share your content with other users unless you explicitly choose to share or collaborate (in which case, we would obviously share it with those you designate). You have the ability to invite other users to your projects, and your content may be shared with other users at your instruction and under your control (for example, if you invite a coworker to view your project). In such cases, those individuals would see the content you choose to share.

  • Business Transfers: As mentioned, if Taskeract is involved in a corporate transaction such as a merger or acquisition, user information might be transferred to the successor or acquiring entity. We would ensure that the new owner is bound by terms at least as protective as this Privacy Policy, and we would notify users of any change in data control and give an opportunity to opt out if required by law.

  • Legal Requirements: We may disclose your information if required to do so by law or in a good-faith belief that such action is necessary to (a) comply with a legal obligation, such as a subpoena, court order, or other legal process; (b) protect and defend our rights or property, or the rights, property or safety of our users or the public; (c) investigate and defend against any third-party claims or allegations; or (d) detect, prevent, or otherwise address criminal activity, security, or technical issues (for instance, we might share information with law enforcement agencies if we believe it's necessary to prevent imminent harm, fraud, or illegal activities). We will attempt to notify you of any legal demands for your data, unless prohibited by law or court order.

  • Your Consent or Direction: We will share your personal information with third parties if and when you explicitly consent to or request such sharing. For example, if in the future you integrate Taskeract with another service (like exporting tasks to another project management tool, or connecting to a Slack or email integration), we would share data with that service at your direction. Or if you ask us to share feedback you provided as a testimonial on our website, we'd publish it with your consent.

  • Aggregated or De-Identified Data: We may share data that has been aggregated or anonymized, so it no longer can be used to identify you. For instance, we might publish blog posts or reports showing overall usage statistics or trends (e.g., "X% of Taskeract users create at least 5 projects in their first month"). Such information will not contain any personal information and is shared in a form that cannot be traced back to individual users.

No Sale of Personal Information: Taskeract does not sell your personal information to third parties for profit or for cross-context behavioral advertising. In the past 12 months, we have not sold any personal data, and we have only shared personal data with service providers for business purposes as described. If this ever changes, we will update this Policy and provide any required notices or opt-out mechanisms.

Third-Party Websites: The Service may include links to third-party websites or services, for example in user documentation or if an AI-generated suggestion includes a reference to an external source. This Privacy Policy does not cover those third-party sites, which have their own privacy practices. If you follow a link to an external site, you should review its privacy policy separately. Taskeract is not responsible for the privacy or security practices of external sites that are not under our control.

4. International Data Transfers

Taskeract is based in the United States, and the majority of our data storage and processing occurs in the U.S. (for example, if our servers or cloud provider are located in the U.S.). If you are accessing the Service from outside the U.S., be aware that your personal information will likely be transferred to, stored, and processed in the United States and possibly other countries. These countries may have data protection laws that are different from those of your country of residence, and in some cases, may not be as protective.

However, when we transfer personal data out of regions like the European Economic Area (EEA), the United Kingdom, or Switzerland, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. This may include implementing Standard Contractual Clauses (SCCs) approved by the European Commission, relying on an adequacy decision (if applicable), or other lawful transfer mechanisms. Our third-party service providers are also required to uphold such protections. For example, Clerk, PostHog, Sentry, etc., have commitments to GDPR compliance and use of SCCs or equivalent measures for data transfers.

By using Taskeract or providing us with your information, you consent to the transfer of your personal information to the U.S. and other jurisdictions as necessary for the purposes described in this Privacy Policy. If you are an EU/EEA or UK user and would like more information about these transfer safeguards, you can contact us as described in the Contact section below. We will happily provide more details or a copy of the relevant contractual protections upon request.

Please note that regardless of where your data is processed, we will protect it as described in this Policy and take reasonable measures to secure it.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, unless a longer retention period is required or permitted by law. Here is how we approach retention for different categories of data:

  • Account Data: If you have an active account, we retain the personal information associated with your account (like your name, email, login data) for as long as your account is in use. If you choose to delete your account or if your account becomes inactive for an extended period, we will initiate deletion of your personal data. Generally, upon account deletion, we aim to remove personal data from active databases within 30 days, unless otherwise required. Some residual data (like in backups or logs) might take slightly longer to purge, but will be deleted periodically in the normal course of operations. We may retain your email address or account identifier in a suppression list to ensure we don't inadvertently recreate your account or send you emails after deletion.

  • User Content: Content you create (projects, tasks, etc.) is retained while your account is active so that you have continuous access to it. If you delete specific content (e.g., delete a project or task), we remove it from our active systems and the content will no longer be accessible to you. Deleted content might remain in encrypted backups for a short period (e.g., backups are rotated every X days) but will be overwritten or deleted in due course. If you delete your entire account, all associated content will be scheduled for deletion. Note that if you shared content with others (in a scenario where collaboration features exist), copies of that content might remain accessible to those other users (since they are also considered owners of that shared data).

  • Transactional Records: We retain payment and transaction records for at least as long as required by tax and accounting laws. In the U.S., this could be 7 years or more. This means that even if you delete your account, we may keep invoice records, payment history, and billing details as needed for legal compliance and financial record-keeping. However, this data will generally not include more personal info than necessary (likely your name, email, subscription details, and transaction amounts).

  • Analytics and Logs: Usage analytics data may be aggregated and retained indefinitely for historical analysis, but it won't be tied to your identity if your account is deleted. Raw event data in PostHog that can be linked to user IDs is typically retained for a shorter period (for instance, we might keep detailed logs for 1-2 years and then anonymize or aggregate older data). Error logs in Sentry are retained to track and fix bugs; they may be kept for a few months to identify recurring issues, then purged. IP addresses and device info in logs are usually kept only for a transient period (a few weeks) unless needed for security analysis.

  • Backups: We perform routine backups of our databases to ensure reliability. These backups are stored securely and separately. They are typically overwritten on a rolling basis. Personal data in backups is thus retained only until the backup is rotated, which is usually a matter of weeks or months at most. We do not use backup data except for disaster recovery or integrity verification.

  • Legal Holds: If we are under a legal obligation to preserve data (for example, if involved in a litigation or if we receive a preservation order from law enforcement), we will retain the specific data required for as long as instructed, and for our own protection, and then delete it when that obligation is lifted.

In summary, we aim to keep your information for no longer than necessary and then securely delete or anonymize it. When we delete personal data, we will ensure it is removed from our active systems and overwritten or erased. We may retain anonymized or aggregated information (which is not personally identifiable) indefinitely for business analysis.

6. Data Security

We take reasonable and appropriate measures to protect the security of your personal information. These measures include administrative, technical, and physical safeguards designed to protect against unauthorized access, disclosure, or destruction of data. Some of the security practices we employ are:

  • Encryption: All communications with the Taskeract Service are encrypted using industry-standard TLS/SSL in transit. This means data transmitted between your device and our servers (and between our servers and third-party services) is encrypted. We also encrypt sensitive data at rest in our databases where feasible. For example, any passwords (if we had them, though we use social login, so those are handled by third parties) would be stored hashed and salted. Any secrets or tokens (like OAuth tokens from social providers) are stored securely.
  • Access Controls: We limit access to personal data to authorized personnel who need it to operate, develop, or support the Service. Taskeract staff and contractors who have access to personal data are subject to confidentiality obligations and undergo training on data protection. Administrative access to our systems requires authentication (e.g., SSH keys, 2FA, VPN access).
  • Monitoring and Auditing: We monitor our systems for suspicious activity and have alerting in place for potential issues. Sentry helps us detect errors that could indicate security issues. We keep audit logs of administrative access and important actions on production systems.
  • Testing and Updates: We regularly update our software dependencies and systems to address security vulnerabilities. We may conduct periodic security assessments or use third-party auditors to test our infrastructure and applications. If we discover any vulnerability, we act promptly to mitigate it.
  • Secure Development Practices: Our development lifecycle includes code reviews, testing, and adherence to coding guidelines that reduce common security bugs (like SQL injection, XSS, etc.). We separate environments (development, staging, production) to limit exposure of real data.
  • Data Isolation: Each user's data is logically separated; proper authorization checks prevent one user from accessing another's data (except in intended collaboration scenarios). The third-party integration credentials (like API keys) are stored securely and not exposed to users.
  • Backup and Recovery: We maintain backups and have disaster recovery plans to prevent data loss. Backups are encrypted and protected. We also have measures to maintain service continuity and quickly restore availability in case of an incident.

Despite all these efforts, no security measure is 100% foolproof. We cannot guarantee absolute security of data, especially given the inherent risks of the Internet. It is important that you also play a part in protecting your information. Please use a strong, unique password for your social login accounts and protect access to your devices and those accounts. Notify us immediately if you suspect any unauthorized access to your Taskeract account or personal data. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law, and we will take all reasonable steps to mitigate the breach.

7. Your Rights and Choices

Depending on your jurisdiction, you have certain rights and choices regarding your personal information. We have outlined key rights for users in different regions below. We will honor all applicable rights requests in accordance with law.

Your Rights Under GDPR (for EEA, UK, and equivalent jurisdictions)

If you are in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdiction with similar data protection laws, you have the following rights with respect to your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it, subject to certain exceptions. We will provide this in a commonly used electronic form.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also update most of your basic account information (like your name or email) directly in your profile settings, if those features are available, or by updating it with your social login provider and reconnecting.
  • Right to Erasure: You can request that we delete your personal data. This is also known as the "right to be forgotten." We will honor such requests to the extent required by law. For example, if you delete your account, we will remove personal info as described above. Note that we may need to retain certain data for legal reasons (e.g., transaction records) and some data may be in backups temporarily. If we have shared your data with processors, we will relay the deletion request to them as well.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances (for example, while we verify your data correction request or if you object to our processing pending our evaluation). Restriction means we will store your data but not actively use it.
  • Right to Object: You have the right to object to our processing of your personal data when the processing is based on our legitimate interests or for direct marketing purposes. If you object on legitimate interest grounds, we will evaluate your request and will stop or adjust processing unless we have compelling legitimate grounds to continue or as needed for legal claims. If you object to marketing emails, we will stop sending you those (you can always use the "unsubscribe" link in such emails).
  • Right to Data Portability: You have the right to obtain your personal data that you provided to us in a structured, commonly used, and machine-readable format, and you can ask us to transmit it to another controller where technically feasible. In practice, for Taskeract, this could mean you can export your project data. We may build an export feature for your convenience; otherwise, you can contact us for assistance.
  • Right not to be subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects. Taskeract does not make such automated decisions about users without human involvement.

To exercise any of these rights, please contact us at privacy@taskeract.com with your request. We may need to verify your identity before fulfilling the request (to ensure it's really you making the request). This verification might involve confirming ownership of your email or asking for additional information as appropriate. We will respond to your request within one month, or inform you if we need more time (we can extend by two further months for complex requests, as allowed by GDPR, but we'll explain why if so). There is no fee for exercising your rights unless the requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (we'll justify any such decision).

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you also have the right to lodge a complaint with your country's data protection supervisory authority. For example, in the UK it's the Information Commissioner's Office (ICO); in France the CNIL; in Germany, each state has its authority, etc. We would, however, appreciate the chance to address your concerns first, so we invite you to contact us with any issue.

Legal Bases for Processing (GDPR): Whenever we process your personal data, we do so on a valid legal basis. As a summary, the legal grounds we rely on are: (a) Contractual Necessity - for data needed to provide you with the Service that you requested (e.g., using your account info and content to actually deliver the SaaS functionality, or processing payments); (b) Legitimate Interests - for data uses that are important for our business (like improving our product, securing our Service, customer service communications, etc.), where our interests are not overridden by your data protection rights; (c) Consent - for cases where we ask your permission, e.g., sending optional marketing communications or processing certain data if you opt-in; and (d) Legal Obligation - where we need to comply with laws (e.g., retaining invoices for tax, or responding to legal process). If you have questions about the specific legal basis for any processing of your personal data, please contact us.

Your Rights Under CCPA (for California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information (referred to in the law as "personal information"). Below is a description of those rights and how to exercise them:

  • Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. This includes the categories of personal information we collected, the categories of sources of that information, the business or commercial purpose for collecting (or sharing) the information, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you. Much of this is outlined in this Privacy Policy. Upon verification of a valid request, we will provide either the information requested or an explanation if we cannot (due to legal exceptions).

  • Right to Delete: You have the right to request that we delete personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. Note: There are legal exceptions where we may retain data (for example, to complete a transaction, for security, to comply with a legal obligation, etc.). If an exception applies, we will inform you in our response. In general, if you delete your account or send a deletion request, we will treat that as exercising your CCPA deletion right for the data we are not required to keep.

  • Right to Correct: Under CPRA, California residents also have the right to request correction of inaccurate personal information. If you believe any personal data we maintain about you is incorrect, please let us know and we will correct it (taking into account the nature of the personal information and the purposes of processing).

  • Right to Opt-Out of Sale or Sharing: CCPA gives consumers the right to opt out of the "sale" or "sharing" of personal information. However, Taskeract does not sell personal information (as we've stated) and we also do not "share" it for cross-context behavioral advertising (which is the new term under CPRA). Therefore, there is no need for you to opt out, as we don't engage in those practices. We treat any signals, like a Global Privacy Control (GPC) browser signal, that we receive as an opt-out request, but again, we don't sell/share data in that manner by default.

  • Right to Limit Use of Sensitive Personal Information: CPRA provides that if a business uses or discloses "sensitive personal information" for reasons other than those allowed, consumers can direct them to limit that use. Taskeract does not use sensitive personal information (such as account passwords, financial info, precise geolocation, etc.) for any purposes outside of the immediate provision of the Service. The only sensitive info we might handle is payment card info (processed by Stripe) or login tokens - which we use only for the necessary transaction/security. So this right is not applicable in any expansive way for Taskeract; we automatically limit use of sensitive info.

  • Right of No Retaliation (Non-Discrimination): We will not discriminate against you for exercising any of your CCPA rights. This means we won't deny you our Service, charge you different prices, or provide a different level of quality just because you exercised your rights. (However, note that deleting certain data might affect our ability to provide the Service; for instance, if you ask us to delete all your data, we might not be able to continue offering you the Service. But that's a consequence of the deletion, not a discriminatory action. If deletion of data is incompatible with the Service, we'll let you know - you may need to close your account in such cases.)

Categories of Personal Information Collected (CPRA Notice): In the preceding 12 months, we have collected the following categories of personal information (as defined by CCPA) from California consumers:

  • Identifiers (real name, email address, account ID, IP address, social login ID);
  • Customer Records information (payment information such as billing address, transaction history);
  • Characteristics of protected classifications (not actively collected, but if you voluntarily provided something like your photo or a note including such info, it could be incidentally stored - we do not request or use this info);
  • Commercial information (records of products or services purchased, subscription tier, payment history);
  • Internet or other electronic network activity information (browsing or usage data within our Service, cookies, interaction with our app/website);
  • Geolocation data (only coarse data derivable from your IP address, such as city or country for tax and analytics purposes; we do not track precise location);
  • Professional or employment-related information (if you input such info into Taskeract as part of project content, or if your social login includes your organization name; we don't collect employment info otherwise);
  • Inferences drawn from above (we do not profile users in a marketing sense, but we might infer preferences like which features you use often to improve your experience).

We collect these categories of information from the sources and for the purposes described in Sections 1 and 2 of this Policy (e.g., directly from you, from integrated providers, and through automated means). We disclose personal information to service providers (as detailed in Section 3) for business purposes (e.g., providing our Service, processing payments, analytics, etc.). We do not sell or share personal information for third-party marketing.

Exercising Your California Rights: To exercise your Right to Know, Delete, or Correct under CCPA/CPRA, you (or your authorized representative) may submit a request to us by emailing privacy@taskeract.com with the subject "CCPA Request" and detailing your request. Please include your name, the email associated with your Taskeract account, and specify which right you seek to exercise. We will need to verify your identity - usually by confirming that you have access to the email associated with the account or by asking for certain account-related information. You can also make a Know or Delete request by calling our toll-free privacy request number at 1-800-XXX-XXXX (if we had one; currently, email is our primary contact method).

For authorized agents making requests on behalf of someone else, we may require proof of authorization (such as a signed permission from the user or power of attorney) and we will still verify the identity of the user directly (unless the agent has a power of attorney).

We aim to respond to verified consumer requests within 45 days. If we need more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension in writing. Our response will cover the information required by law, relevant to your request. If we cannot comply with a part of your request, we will explain the reasons (for example, if we are legally exempt or if fulfilling the request would adversely affect others' privacy or our rights).

Other U.S. State Privacy Laws

Virginia, Colorado, Connecticut, and Utah have passed similar privacy laws to CCPA (with some differences). If you are a resident of these states (VA, CO, CT, UT), you may have similar rights such as the right to confirm if we process your data, access it, correct inaccuracies, delete it, obtain a copy, and opt out of certain processing (like targeted advertising or sale of data). Taskeract's practices are generally aligned with honoring these rights as well, given we do not sell data or use it for targeted advertising beyond our own product context. You can make requests by contacting us as described above, and we will handle them in accordance with the applicable state law. We do not profile individuals in ways that produce legal effects. If any state-specific requirement differs, we will comply with that standard for residents of that state.

Your Choices

  • Updating Your Information: You may update certain profile information by editing your profile on Taskeract (if applicable). For other changes (like changing the social login email, etc.), you may need to do that with your login provider or contact us for help.
  • Opting Out of Emails: If you receive promotional or newsletter emails from us, you can opt out at any time by clicking the "unsubscribe" link in those emails or contacting us. Note that you cannot opt out of transactional emails necessary for service (account notifications, billing emails, security alerts) while you have an active account, as those are intrinsic to using Taskeract.
  • Do Not Track Signals: Some browsers have "Do Not Track" (DNT) features that send a signal to websites indicating a preference not to be tracked. The web industry hasn't adopted a uniform standard for DNT signals. Accordingly, our site does not currently respond to DNT signals. However, as described, we limit our tracking to internal analytics and necessary service functionality; we do not track your online activity across other sites.
  • Cookies: You can usually configure your browser to reject cookies or alert you when cookies are being used. If you disable or refuse cookies, please note that some parts of the Service (like login sessions) may become inaccessible or not function properly. We do not use cookies for advertising, so cookie choices mainly affect functional and analytics cookies. For analytics, some tools (like PostHog) respect a browser-level Do Not Track if configured to do so; we will review and configure such settings to honor user preferences as feasible.
  • Closing Your Account: If you no longer wish to use Taskeract, you can delete your account through the settings or by contacting support. This is the most direct way to remove your personal data from our active systems (aside from data we must keep for legal reasons as explained).

8. Additional Notices

Third-Party Service Privacy: For completeness, here are links or notes to the privacy policies of key third-party services used by Taskeract, which you may want to review:

  • Clerk (Authentication): Clerk's privacy policy will outline how they handle user data for authentication. (e.g., available on Clerk's official website)
  • Stripe (Billing): Stripe will have its own terms and privacy details regarding payment data and tax compliance.
  • Various (AI Providers): All of our AI providers' API data usage policies ensure API data is not used for training at all or not unless there is an opt-in depending on the provider. We will never opt-in or knowingly allow data we submit to be used for training purposes.
  • Tavily (Search): Information on Tavily's service (if publicly available) would detail how search queries are handled. (We believe Tavily acts as a proxy for search engines; any data handling would be similar to making a direct search query).
  • PostHog (Analytics): PostHog is an open-source analytics platform; if self-hosted by us, data stays on our systems. If using PostHog's cloud, they have a privacy policy covering data handling.
  • Sentry (Error Logging): Sentry's privacy and security info details how error data (which may include limited user info) is protected.

We ensure that each of these providers either falls under relevant compliance regimes (e.g., they comply with GDPR through SCCs, etc.) or are covered by our own Data Processing Addendum with them. Feel free to contact us for more info on any specific third-party.

Children's Privacy: As stated, Taskeract is not intended for use by children under 13. We do not knowingly solicit or collect personal information from children. If you are under 13, do not use or provide any information on this Service. If we learn we have collected personal data from a child under 13, we will delete it. For minors aged 13 to 17, the Service should only be used with the involvement of a parent or guardian, and the account should be created by an adult. Parents who believe their child has submitted personal information to us can contact us and we will remove it.

International Users: This Privacy Policy is intended to meet global standards, including GDPR and CCPA, which means we've tried to include all relevant disclosures. If you are in a country with additional privacy rights, please know we intend to respect those as well. For example, Canadians have rights to access and correction similar to GDPR; Australians have certain rights under the Australian Privacy Act, etc. You can contact us to inquire or exercise any applicable privacy rights. We will update this Policy to reflect any significant changes in law or our practices globally.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we update the policy, we will change the "Effective Date" at the top. If the changes are significant, we will provide a more prominent notice (such as by email to registered users or a notification within the app or on our website). We encourage you to review this Privacy Policy periodically for any updates.

If you continue to use Taskeract after any changes to this Policy become effective, you are deemed to have accepted the updated terms. We will not, however, reduce your rights under this Privacy Policy without your consent. If you do not agree with the changes, you should deactivate your account and stop using the Service.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or about how your personal information is handled, please contact us at:

Acqusys, LLC.
Attn: Privacy Officer/Data Protection Officer (DPO)
2501 Chatham Rd Suite R, Springfield, IL 62704, USA
Email: privacy@taskeract.com

We will do our best to address your inquiry promptly and thoroughly. Your privacy is important, and we welcome your feedback.