Privacy Policy

1. Introduction

TaskShift ("we", "us", or "our") operates the TaskShift web application and Chrome extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

TaskShift is an AI-powered browser automation platform that allows users to build and run automation flows through a Chrome extension and a SaaS backend. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (stored as a secure hash)
• Profile picture (if provided)
• Subscription and billing information
• Stripe customer ID (if you subscribe to a paid plan)

2.2 Usage Data

We collect information about how you use the Service:

• Automation flows you create (names, steps, configurations)
• Flow run history and execution logs
• Error logs for troubleshooting
• AI credit usage and feature interactions
• API key usage (if applicable)

2.3 Chrome Extension Data

Our Chrome extension collects data only when you actively use it to build or run automation flows:

• Page DOM content: When building or running a flow, the extension reads the DOM (Document Object Model) of pages you explicitly target. This is necessary to identify elements for automation.
• Page URLs: URLs of pages where flows are built or executed.
• Element selectors: CSS selectors and XPath expressions for elements you select.

Important: The extension does NOT:

• Collect your full browsing history
• Access pages you don't explicitly use for automation
• Store passwords or sensitive form data (unless part of your explicit flow configuration)
• Run in the background when not actively being used

2.4 Analytics Data

We use Google Analytics 4 (GA4) on our marketing website to understand how visitors interact with our site. GA4 may collect:

• IP address (anonymized)
• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referral source
• Geographic location (country/region level)

3. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication, session management, and security.
• Analytics cookies: Google Analytics 4 cookies to understand site usage (subject to consent where required).
• Payment cookies: Stripe may set cookies during checkout to process payments securely.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

4. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the Service
• Process your transactions and manage subscriptions
• Send transactional emails (account verification, password resets, billing notifications)
• Provide customer support
• Improve and optimize the Service
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

• Contract: Processing necessary to provide the Service you've signed up for.
• Legitimate interest: Processing for product improvement, security, and fraud prevention.
• Consent: For analytics cookies and marketing communications (where applicable).
• Legal obligation: When required to comply with applicable laws.

6. Third-Party Services

We share data with the following third-party services:

• Stripe: Payment processing. Stripe processes your payment information according to their privacy policy.
• OpenAI: AI-powered features. When you use AI features, relevant page content and your instructions are sent to OpenAI's API.
• Google Analytics 4: Website analytics on our marketing pages.
• Resend (or similar email provider): Transactional email delivery.

Each third-party service has its own privacy policy governing how they handle your data.

7. Data Retention

We retain your data for as long as necessary to provide the Service:

• Account data: Retained while your account is active and for up to 30 days after deletion.
• Flow data: Retained while your account is active.
• Run logs: Retained for up to 90 days.
• Billing records: Retained for up to 7 years for legal and tax compliance.
• Analytics data: Subject to Google Analytics retention settings (typically 14 months).

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Request a copy of your data in a portable format.
• Objection: Object to certain types of processing.
• Withdrawal of consent: Withdraw consent for processing based on consent.

To exercise these rights, contact us at privacy@taskshift.io.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing
• Regular security assessments
• Access controls and authentication

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children under 16. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@taskshift.io
• Support: support@taskshift.io