Privacy Policy

1. Introduction

Task Flow (“we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our task management platform.

2. Information We Collect

We collect the following types of information:

• Account information — your name, email address, and password (stored as a hashed value).
• Organization data — your organization name, code, and associated members.
• Task data — tasks, subtasks, comments, labels, attachments, and photos you create or upload.
• Usage data — actions performed within the app such as status changes and task assignments.
• Device information — browser type, IP address, and operating system for security and troubleshooting purposes.

3. How We Use Your Information

• To provide and operate the task management service.
• To authenticate your identity and maintain session security.
• To send email notifications related to your account (e.g. email verification, password reset).
• To improve the platform and troubleshoot technical issues.
• To comply with legal obligations.

4. Cookies and Local Storage

We use the following technologies to store data in your browser:

• Session cookies — required for authentication. These are deleted when you close your browser or sign out.
• Preference storage — we store your UI preferences (theme, language) in localStorage so they persist across sessions.
• Cookie consent — we store your cookie consent choice in localStorage.

We do not use third-party advertising or tracking cookies.

5. Data Storage and Security

Your data is stored in a secured database. Photos and file attachments are stored in Firebase Cloud Storage. We implement industry-standard security measures including encrypted connections (HTTPS) and hashed passwords. However, no method of transmission over the internet is 100% secure.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Data is only shared within your organization (members of the same organization can view tasks and comments based on their assigned role). We may disclose information if required by law.

7. Data Retention

Your data is retained as long as your account is active. Upon account deletion, your personal data will be removed within 30 days, except where we are required to retain it for legal purposes.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent for data processing at any time.

To exercise these rights, please contact your organization administrator.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the “Last updated” date at the top of this page.