Privacy Policy

This Privacy Policy explains how TaskAssist, Inc. (“TaskAssist”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you use our website, applications, APIs, and related services (collectively, the “Service”). TaskAssist provides a platform that allows customers to build custom AI assistant chatbots trained on their own content. By using the Service, you agree to the practices described in this Policy.

• “Personal Data” means information that identifies, or could reasonably be used to identify, a natural person.
• “Processing” means any operation performed on Personal Data, such as collection, storage, use, or transmission.
• “Customer” means the individual or entity that has created an account on the Service.
• “Service” means the TaskAssist platform, websites, applications, and related offerings.

• Account information. When you sign up using our magic-link flow, we collect your email address and, optionally, your name and workspace name.
• Customer Content. Documents, URLs, text, files, prompts, and other material you upload so your Bots can be trained and respond.
• Usage and diagnostic data. Log records, IP address, browser and device metadata, feature interactions, performance data, and error reports used to operate, secure, and improve the Service.
• Cookies and similar technologies. Information stored on your device for authentication, session continuity, and (with your consent) optional analytics — see Section 5.

We use the information we collect to:

• Provide, maintain, and secure the Service;
• Train Customer Bots strictly on the Customer Content that the Customer uploads, and not on data from other Customers;
• Authenticate users via magic-link emails;
• Process payments and manage Subscriptions;
• Communicate with you about your account, Service updates, security notices, and support requests;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with legal obligations and enforce our Terms of Service.

We use essential cookies that are required to operate the Service, such as cookies that keep you signed in. We also use optional analytics cookies to understand how the Service is used so we can improve it. Optional cookies are only set with your consent through our cookie banner, which lets you accept all, reject non-essential, or manage your preferences at any time.

We honour the Do Not Track (“DNT”) signal where technically feasible: when DNT is enabled in your browser, we do not set optional analytics cookies.

We retain account information and Customer Content for the lifetime of your Workspace. When you delete your Workspace, associated Customer Content is removed from our active systems within 30 days, except where retention is required by law, for fraud prevention, or to resolve disputes. Backup copies are purged on our standard backup rotation schedule.

TaskAssist is based in the United States, and the Service is hosted and operated primarily in the United States. By using the Service, you understand that your Personal Data may be transferred to, stored, and processed in the United States and other countries where our subprocessors operate. Where required by law, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for cross-border transfers.

We may disclose Personal Data:

• To law enforcement or other authorities when required by valid legal process or to protect the rights, property, or safety of TaskAssist, our Customers, or the public;
• In the event of a business transfer such as a merger, acquisition, financing, or sale of assets, in which case successor entities will be bound by this Policy or a materially similar policy;
• With your consent or at your direction, including when you choose to integrate the Service with a third-party application.

We apply administrative, technical, and physical safeguards designed to protect Personal Data, including encryption in transit and at rest, least-privilege access controls, row-level security in our database, and audit logging. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your Personal Data, subject to applicable law: the right to access, rectify, erase, restrict, or port your Personal Data; the right to object to certain Processing; the right to withdraw consent at any time; and the right to lodge a complaint with a supervisory authority. We rely on the following lawful bases for Processing: performance of a contract, our legitimate interests in operating and improving the Service, compliance with legal obligations, and your consent.

To exercise these rights, contact us at hello@taskassist.ai.

If you are a California resident, the California Consumer Privacy Act (“CCPA”) and CalOPPA give you specific rights regarding your Personal Data. We collect the categories of Personal Data described in Section 3 for the business and commercial purposes described in Section 4.

We do not sell your Personal Data and we do not share it for cross-context behavioural advertising. You have the right to know what Personal Data we collect, to request deletion of your Personal Data, to correct inaccurate Personal Data, and to opt out of sale or sharing (which, in our case, does not occur). You also have the right not to receive discriminatory treatment for exercising these rights. You may submit a request at hello@taskassist.ai.

We rely on a small set of vetted sub-processors to operate the Service. Supabase provides our database, authentication, and hosting infrastructure. Stripe is our payment processor and merchant of record for paid Subscriptions. OpenAI is the AI model provider that generates assistant responses on our behalf. Brevo handles our transactional and marketing email. Amazon Web Services SES handles additional transactional email delivery. Each sub-processor is bound by contractual obligations consistent with this Policy and applicable data-protection law.

We never store full payment card details on our systems. All payment card data is collected, processed, and stored by Stripe, which is certified as PCI-DSS compliant. We only receive a customer reference, the plan you purchased, your Subscription status, and related billing metadata from Stripe.

The Service is not directed to, and may not be used by, individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have collected such information, we will delete it promptly. If you believe a minor has provided us with Personal Data, please contact us at hello@taskassist.ai.

The Service may contain links to third-party websites or services that are not operated by TaskAssist. We are not responsible for the content, privacy practices, or policies of any third-party sites. We encourage you to read the privacy policies of any third-party site you visit.

We may update this Privacy Policy from time to time. If we make a material change, we will give you at least 14 days’ notice through the Service or by email before the change takes effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

Questions, requests, or complaints about this Privacy Policy or our data practices can be sent to hello@taskassist.ai.