TaskFlow ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our project management platform at taskflow.app (the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.
This policy applies to all users of the Service, including visitors, free-tier users, and paid subscribers.
2. Information We Collect
Account information: When you sign up, we collect your name, email address, and password. If you sign in with a third-party provider (e.g., Google), we receive your name, email, and profile picture from that provider.
Workspace and project data: Content you create within TaskFlow, including workspaces, projects, tasks, comments, and uploaded files.
Usage data: We collect information about how you use TaskFlow, including pages visited, features used, actions taken, timestamps, and referring URLs. This helps us improve the product.
Device and technical information: We automatically collect your browser type, operating system, IP address, device identifiers, and screen resolution for security and analytics purposes.
Payment information: If you subscribe to a paid plan, our payment processor (Stripe) collects your billing details. We do not store full credit card numbers on our servers.
Communications: If you contact us for support, we collect the content of your messages and any attachments you send.
3. Legal Basis for Processing (EEA/UK Users)
Contract performance: Processing necessary to provide the Service you signed up for (e.g., managing your account, storing your projects).
Legitimate interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
Consent: Where you have given explicit consent, such as for optional analytics cookies or marketing communications. You may withdraw consent at any time.
Legal obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings.
4. How We Use Your Information
To provide and maintain the TaskFlow service, including managing your account, workspaces, and projects.
To improve and personalize your experience based on usage patterns and preferences.
To send service-related communications such as security alerts, updates, billing notices, and support messages.
To detect, prevent, and address technical issues, fraud, and security threats.
To comply with legal obligations, resolve disputes, and enforce our agreements.
To send marketing communications if you have opted in. You can unsubscribe at any time via the link in any marketing email.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
Service providers: We share data with trusted third-party providers who help us operate TaskFlow (e.g., cloud hosting, analytics, email delivery, payment processing). These providers are contractually bound to use your data only for the purposes we specify and to protect it with appropriate safeguards.
Workspace collaborators: Information you share within a workspace (such as tasks, comments, and files) is visible to other members of that workspace as determined by workspace settings.
Legal requirements: We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or prominent notice before your data is subject to a different privacy policy.
6. International Data Transfers
TaskFlow is operated from servers that may be located outside your country of residence. Your data may be transferred to and processed in countries that may have different data protection laws than your jurisdiction.
For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure adequate protection of your data.
By using the Service, you acknowledge that your data may be processed in these locations.
7. Data Security
We use industry-standard encryption (TLS/SSL) for data in transit and AES-256 for data at rest.
Access to user data is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication and audit logging.
We conduct regular security audits and vulnerability assessments.
Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach.
8. Your Rights
Access: You can request a copy of the personal data we hold about you at any time.
Correction: You can update your personal information through your account settings or by contacting us.
Deletion: You can request deletion of your account and associated data. We will process your request within 30 days, except where we are required by law to retain certain data.
Portability: You can export your project data at any time from your account settings in a machine-readable format.
Restriction: You can request that we restrict processing of your personal data in certain circumstances.
Objection: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a complaint: EEA/UK users have the right to lodge a complaint with their local data protection supervisory authority.
9. California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Right to know: You may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to delete: You may request deletion of your personal information, subject to certain legal exceptions.
Right to opt out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
Non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise your rights, contact us at privacy@taskflow.app. We will verify your identity before processing your request and respond within 45 days.
10. Children’s Privacy
TaskFlow is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.
If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly.
If you believe a child under 16 has provided us with personal information, please contact us at privacy@taskflow.app.
11. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service and fulfill the purposes described in this policy.
After account deletion, we remove your personal data within 30 days. Some anonymized, aggregated usage data may be retained for analytics and service improvement.
Backup copies are purged within 90 days of account deletion.
We may retain certain data longer if required by law, for fraud prevention, or to resolve disputes.
12. Third-Party Links and Services
TaskFlow may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties.
We encourage you to review the privacy policies of any third-party services you interact with through TaskFlow.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 30 days before they take effect.
Your continued use of TaskFlow after changes are effective constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service.
The "Last updated" date at the top of this page indicates when this policy was last revised.
Questions about your privacy? Contact us at privacy@taskflow.app