← Back to TaskShell

Privacy Policy

Last updated: February 9, 2025

1. Introduction

TaskShell ("we," "our," or "us") operates the TaskShell productivity application and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) in the European Union and European Economic Area, and the California Consumer Privacy Act (CCPA) in the United States.

2. Data We Collect

2.1 Information You Provide

  • Account data: email address, name, profile image (if you choose to provide it), and password (stored in hashed form).
  • Product data: tasks, subtasks, spaces, lists, notes, tags, due dates, priorities, and any content you create or upload within the app.
  • Settings and preferences: UI preferences, theme, date format, timezone, notification settings, and similar options.
  • Organization and education data: if you use TaskShell as part of an organization or class, we store membership, roles (e.g., teacher, student), and content associated with those contexts.

2.2 Information Collected Automatically

  • Session and usage data: session identifiers, IP address, browser/user-agent, and similar technical data necessary for authentication, security, and operation of the service.
  • Logs: we may keep server logs (e.g., request timestamps, error logs) for security and troubleshooting; these may contain IP addresses and request metadata.

2.3 Payment and Billing

If you subscribe to a paid plan, billing is processed by our payment provider (e.g., Polar). We store subscription status, trial dates, and provider-generated identifiers (e.g., customer ID) to manage access. We do not store your full payment card details; those are handled solely by the payment provider in accordance with their privacy policy.

3. How We Use Your Data

We use your data to:

  • Provide, operate, and maintain the TaskShell service.
  • Authenticate you and manage your account and sessions.
  • Process and store your tasks, spaces, and other content you create.
  • Send transactional emails (e.g., email verification, password reset) and, where you have agreed, product-related communications.
  • Manage subscriptions, trials, and billing (including via third-party payment processors).
  • Enforce our Terms of Service, prevent fraud, and protect security.
  • Comply with legal obligations and respond to lawful requests.
  • Improve our service (e.g., debugging, analytics in aggregated or anonymized form where applicable).

4. Legal Basis (GDPR)

For users in the EEA/UK, we process personal data based on:

  • Contract: processing necessary to perform our contract with you (e.g., providing the service, account management).
  • Legitimate interests: operating the service, security, fraud prevention, and improving our product, where not overridden by your rights.
  • Consent: where we ask for your consent (e.g., optional marketing, non-essential cookies).
  • Legal obligation: where we must comply with law.

5. Sharing and Disclosure

We may share your data only in the following circumstances:

  • Service providers: we use subprocessors for hosting, email delivery (e.g., Resend), payment processing (e.g., Polar), and similar operational services. They process data only on our instructions and under appropriate agreements.
  • Organizations and classes: if you use TaskShell within an organization or class, relevant data (e.g., tasks, membership) may be visible to admins, teachers, or other members as permitted by the product and your role.
  • Legal: we may disclose data if required by law, court order, or government request, or to protect our rights, safety, or property.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this policy.

We do not sell your personal information to third parties for monetary or other valuable consideration.

6. International Transfers

Your data may be processed in countries outside your residence (e.g., where our servers or subprocessors are located). When we transfer data from the EEA/UK to countries not recognized as providing adequate protection, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other mechanisms permitted by applicable law.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. After account deletion, we delete or anonymize your personal data within a reasonable period, except where we must retain it for legal, regulatory, or legitimate business purposes (e.g., resolving disputes, enforcing agreements).

8. Your Rights

8.1 GDPR (EEA/UK)

You have the right to:

  • Access your personal data and receive a copy.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us at the details below. We will respond within the timeframes required by applicable law (e.g., one month under GDPR).

8.2 CCPA (California)

California residents have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete their personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Opt-out of the "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising these rights.

To submit a request, contact us at the details below. We may need to verify your identity. You may also designate an authorized agent to make requests on your behalf.

9. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (e.g., TLS), secure authentication, and access controls. No method of transmission or storage is 100% secure; we encourage you to use a strong password and keep your account credentials confidential.

10. Children

Our service is not directed at children under 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Cookies and Similar Technologies

We use essential cookies and similar technologies necessary for authentication, security, and operation of the service (e.g., session cookies). Where we use non-essential cookies (e.g., analytics), we will obtain your consent where required by law. You can control cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. For material changes, we may notify you by email or through the service. Continued use of the service after changes constitutes acceptance of the updated policy, except where further consent is required by law.

13. Contact Us

For privacy-related requests, questions, or complaints (including to exercise your GDPR or CCPA rights), contact us at:

TaskShell
Email: fred@taskshell.app

If you are in the EEA/UK, you have the right to lodge a complaint with your local data protection supervisory authority.

← Back to TaskShell