Legal

Privacy Policy

Last updated: May 15, 2026

TaskFlow processes account, workspace, and operational data to provide the Service. This policy explains what we collect, why we collect it, and how customers can exercise their rights.

1. What this policy covers

This policy describes how TaskFlow processes personal and operational data in connection with the hosted Service and any optional Dedicated Deployment. It applies to customers, individual users authorized by those customers, and visitors to taskflow.app.

2. Data we collect

Account data: name, email, hashed password, profile preferences, and authentication events.

Workspace data: projects, tasks, comments, file attachments, and the audit log entries needed to operate the workspace.

Operational telemetry: request logs, error reports, and performance metrics, retained for diagnostics and abuse prevention.

AWS Marketplace data: a Marketplace customer identifier, AWS account ID, subscription state, and entitlement records returned by AWS Marketplace.

Optional infrastructure metadata: cloud provider, region, VPC, subnet, security group, and database connection details supplied during Dedicated Deployment setup. AWS credentials supplied for provisioning are encrypted at rest and used only to validate and apply Terraform.

3. How we use data

To deliver, maintain, and improve the Service.

To secure accounts, detect abuse, and respond to incidents.

To run AWS Marketplace fulfillment, entitlement, and metering on behalf of the customer’s subscription.

To communicate service notices, security advisories, and material changes to these policies.

4. Sharing and subprocessors

TaskFlow shares data with a limited set of subprocessors needed to operate the Service, including hosting providers, email delivery, error monitoring, and AWS Marketplace APIs.

TaskFlow does not sell personal information and does not share Customer Data with advertisers.

Customers in regulated industries may request a current list of subprocessors at privacy@skygrid.app.

5. International data transfers

TaskFlow may transfer and process data in countries other than the customer’s primary jurisdiction. Where required, transfers rely on standard contractual clauses or equivalent safeguards.

6. Retention

Account and workspace data is retained for the life of the subscription plus a recovery window of up to thirty (30) days, during which Customer may export or restore data.

AWS Marketplace records, audit logs, and security telemetry may be retained for up to seven (7) years to satisfy legal and financial recordkeeping obligations.

Customers can request earlier deletion subject to the data-deletion process in Section 7.

7. Data-deletion policy

A customer admin can request deletion of an account or workspace by emailing privacy@skygrid.app or by using the in-product delete-account flow at /settings.

On verified request, TaskFlow will delete or anonymize Customer Data within thirty (30) days, except where retention is required to comply with legal, financial, or security obligations. Backups containing the data are overwritten or expired within ninety (90) days.

For Dedicated Deployments, data residing in Customer’s own AWS account or PostgreSQL database is under Customer control. TaskFlow will release any cached encrypted credentials on request.

8. Data-subject rights

Individuals in jurisdictions that grant data-subject rights (including the EEA, UK, and California) may request access, correction, deletion, restriction, or portability of personal data we hold about them.

Verified requests should be sent to privacy@skygrid.app and will be answered within thirty (30) days where applicable law requires it.

9. Security

TaskFlow uses encrypted transport (TLS), encryption at rest for sensitive credentials, role-based access control, audit logging, and least-privilege deployment processes.

Suspected security incidents should be reported to security@skygrid.app. Confirmed material incidents affecting Customer Data are communicated to affected customers without undue delay and consistent with applicable law.

10. Children

TaskFlow is intended for use by businesses and adults. It is not directed to children under sixteen (16), and we do not knowingly collect personal information from them.

11. Changes to this policy

TaskFlow may update this policy by posting a new version at /privacy. Material changes will be communicated in-product or by email at least thirty (30) days before they take effect for active subscriptions.

12. Contact

Privacy: privacy@skygrid.app. Security: security@skygrid.app. Postal mail available on request.