Privacy Policy

Last updated: May 2026 | Version: 1.0 | Draft — pending legal review before commercial launch

1. Introduction

Taskive is operated by [Your Name/Entity] (“we”, “us”, “our”). This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data We Collect

Profile data: name, email address, avatar image, timezone
Task and project data: titles, descriptions, status, assignments, due dates, comments
AI usage data: model name, token counts, cost (USD) — prompt and response content is not stored
Technical data: IP address (used for rate limiting; not stored long-term), session tokens
GitHub data: GitHub username (if you connect your account), pull request links

3. How We Use Your Data

Providing and operating the task management service
AI-powered features: risk scoring, burnout signal detection, focus mode — processed using task metadata, not stored conversation content
Security and fraud prevention (rate limiting, row-level security isolation)
Service improvement and performance monitoring

4. Data Processors

We use the following sub-processors to operate Taskive:

Processor	Purpose	Location	Safeguards
Neon (Neon Inc.)	PostgreSQL database — stores all application data	US (AWS us-east-1)	EU–US Data Privacy Framework
Cloudflare R2	File and attachment storage	US / Global edge	EU–US Data Privacy Framework
Railway (Railway Corp.)	Backend application hosting	US (AWS us-west-2)	Standard Contractual Clauses
Vercel Inc.	Frontend application hosting	US / Global edge	Standard Contractual Clauses
AI Providers (via LiteLLM)	AI features: Claude (Anthropic), GPT-4o (OpenAI), Gemini (Google) — model varies by org configuration	US	Each provider's Data Processing Addendum; no training on your data by default

5. Data Retention

Active accounts: data retained while your account is active
Deleted accounts: your profile information (name, email, avatar) is anonymized immediately; task and project data is preserved with anonymized attribution for org continuity
AI usage logs: retained for 90 days, then automatically purged
Session tokens: expire after 30 days of inactivity

6. Your Rights

Under GDPR Articles 15–22, you have the following rights:

Right of access (Art. 15): Download all your personal data via Settings → Account → Download my data
Right to erasure (Art. 17): Delete your account via Settings → Account → Delete Account
Right to data portability (Art. 20): Export your data as JSON via the download feature above
Right to rectification (Art. 16): Update your profile via Settings → Profile
Right to object (Art. 21): Contact us at the address below

7. Contact & DSAR Requests

To exercise your rights or submit a Data Subject Access Request (DSAR), contact us at: hello@taskive.com

We will respond within 30 days as required by GDPR Article 12.

Last updated: May 2026 | Version: 1.0 | Draft — pending legal review before commercial launch