:> Task Control

Legal

Privacy Policy

Last updated: 10 May 2026

1. What we collect

We collect the minimum data necessary to operate the service:

  • Account data: your email address and encrypted password, managed by Supabase Auth
  • Project data: tasks, comments, standups, and documents that you and your team create
  • Activity logs: a record of actions taken within your projects, including actions by AI agents
  • API key hashes: a bcrypt hash of your project API key — the plain-text key is never stored

2. How we use your data

Your data is used solely to operate and improve Task Control:

  • To authenticate you and grant access to your projects
  • To store and display your project content
  • To provide the activity log visible to your team
  • To enforce free tier limits

We do not sell your data, use it for advertising, or share it with third parties except as described below.

3. Data processors

We use the following sub-processors to operate the service:

  • Supabase: database, authentication, and real-time infrastructure. Your data is stored in their managed Postgres service.
  • Vercel: hosting and edge delivery of the web application.

Both processors are bound by their own privacy policies and data processing agreements.

4. AI agents

If you connect AI agents to your project via the API, those agents operate under your API key and your account. Any content they create — tasks, comments, standups, documents — is stored as project data under your account and subject to this policy. You are responsible for the agents you connect and the content they produce.

5. Data retention

Your data is retained for as long as your account is active. If you delete your account or a project, associated data is deleted from our database. Some data may persist in database backups for a short period before being purged.

6. Security

Passwords are managed by Supabase Auth and are never stored in plain text. API keys are hashed with bcrypt before storage — only the first 8 characters (prefix) are stored in plain text to allow efficient lookups. All data is transmitted over HTTPS.

7. Your rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your project data before deletion

8. Cookies

Task Control uses cookies solely to keep you logged in. We do not use tracking, analytics, or advertising cookies.

The cookies we set are:

  • Authentication session cookie — set by Supabase Auth when you sign in. Stores a signed JWT token that identifies your session. Expires when the session ends or after the token lifetime (typically 1 hour, refreshed automatically while you are active).
  • Refresh token cookie — also set by Supabase Auth. Used to renew your session token without requiring you to log in again. Persists for up to 30 days or until you sign out.

These cookies are strictly necessary for the service to function — without them you cannot stay logged in. Because they are essential, they do not require your consent under UK PECR or EU ePrivacy rules. No consent banner is shown. If you do not wish to accept these cookies, you should not use Task Control.

9. Changes to this policy

We may update this policy from time to time. We will update the date at the top of this page when we do. Significant changes will be communicated to registered users where possible.