Privacy Policy

TaskAI (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our task management platform at taskai.ca (the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Account Information

• Name, email address, and profile picture (provided during registration or via OAuth)
• Authentication credentials (hashed passwords for email login; OAuth tokens for third-party sign-in)
• Account preferences and settings

Task and Usage Data

• Tasks, subtasks, due dates, priorities, and notes you create
• Project and workspace information
• Activity logs and notification preferences

Integration Data

• Email metadata (subject lines, senders) when you connect Microsoft 365 or Gmail — we do not store full email bodies
• Calendar event titles, times, and attendees when you connect calendar integrations
• Jira and Confluence issue/page references when you connect Atlassian

Automatically Collected Data

• Browser type, operating system, and device information
• IP address and approximate location
• Pages visited and actions taken within the Service

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account
• To sync tasks and data with connected third-party services
• To send notifications, reminders, and weekly reviews you have opted into
• To process billing and subscription management via Stripe
• To respond to support requests and communications
• To detect and prevent fraud, abuse, or security incidents
• To comply with legal obligations

We do not sell your personal information. We may share data with:

• Service providers: Hosting (Vercel), database (Turso), payment processing (Stripe), and authentication providers that help us operate the Service
• Third-party integrations: Only when you explicitly connect services like Microsoft 365, Google, or Atlassian — data flows are limited to what is needed for the integration
• Legal requirements: If required by law, regulation, legal process, or governmental request
• Business transfers: In connection with a merger, acquisition, or sale of assets

• All data is encrypted in transit using TLS 1.2+
• Data at rest is encrypted in our database
• Passwords are hashed using bcrypt
• OAuth tokens are stored securely and scoped to minimum required permissions
• We implement role-based access control and row-level data isolation
• Regular security headers are enforced (HSTS, CSP, X-Frame-Options)

For more details, see our Security page.

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

Integration tokens are revoked immediately upon disconnecting a third-party service.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Export your data in a portable format
• Withdraw consent for optional data processing
• Object to certain types of processing

To exercise these rights, contact us at privacy@taskai.ca.

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics, if implemented, will use privacy-respecting methods.

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at:

privacy@taskai.ca