Privacy Policy

01.Introduction

TASKTIME ("Company", "we", "us" or "our"), a company based in Maharashtra, India, provides an AI-based task and schedule management software-as-a-service platform ("Service") through our website and related applications.

By creating an Account or using the Service, you acknowledge that we will process your Personal Data in accordance with this Privacy Policy and applicable law, including the Digital Personal Data Protection Act, 2023 of India ("DPDP Act") and, where applicable, the EU General Data Protection Regulation ("GDPR").

02.Definitions

For the purposes of this Privacy Policy:

• ›Personal Data means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act and comparable data protection laws.
• ›Service means the TASKTIME web application, APIs, and any related services that we operate.
• ›Account means a unique account created for you to access and use the Service.
• ›User means any individual or organization using the Service.
• ›Processing means any operation or set of operations performed on Personal Data, such as collection, recording, storage, use, disclosure, or deletion.
• ›Service Provider means a third-party company or individual that processes Personal Data on our behalf for the purposes of providing the Service.
• ›Data Fiduciary / Controller means the entity that determines the purposes and means of Processing Personal Data (TASKTIME for data of its direct users).
• ›Data Processor means an entity that processes Personal Data on behalf of the Data Fiduciary / Controller (for example, our hosting, database, analytics, and AI providers).

03.Information We Collect

3.1 Personal Information

We may collect and process the following Personal Data when you create or use an Account:

• ›Name (first and last name, if provided by you).
• ›Email address (required to register and authenticate your Account).
• ›Hashed password or authentication credentials (we store passwords only in hashed form using industry-standard methods and never in plain text).
• ›Profile and workspace information you choose to provide (such as time zone and preferences).

3.2 User Content

In the normal course of using the Service, we process the content you submit:

• ›Tasks, to-do items, notes, and descriptions.
• ›Schedules, events, reminders, deadlines, and related metadata (such as due dates and labels).
• ›AI prompts and instructions you provide to generate suggestions, schedules, or other AI-powered outputs.
• ›Feedback you provide inside the product (for example, ratings, comments, or bug reports).
• ›Uploaded content, if you choose to upload attachments or documents as part of your tasks or schedules.

3.3 Usage Data

When you access or use the Service, we automatically collect certain technical information ("Usage Data") such as:

• ›IP address.
• ›Browser type and version.
• ›Device identifiers, device type, operating system, and language settings.
• ›Pages or screens viewed, the time and date of your visits, time spent on pages, and navigation paths.
• ›Log files, error logs, and performance diagnostics.
• ›Interaction events (such as button clicks, features used, and configuration changes) for analytics and product improvement.

3.4 Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Service. A cookie is a small text file stored on your device. You can control cookies through your browser settings; however, disabling certain cookies may limit the functionality of the Service.

We use the following categories of cookies:

• ›Essential cookies: Required for the Service to function (for example, to keep you signed in and secure your session). These cookies are necessary and cannot be disabled through our interface.
• ›Functional cookies: Help us remember your choices (such as language or time zone) to provide a more convenient experience.
• ›Analytics cookies: Help us understand how the Service is used, measure performance, and improve features. We use such cookies only where permitted by applicable law, and where required we rely on your consent for non-essential cookies.

04.How We Use Information

We process Personal Data for the following purposes:

• ›To provide, operate, and maintain the Service, including core features such as task management, scheduling, and AI-powered suggestions.
• ›To create and manage your Account, authenticate you, and maintain your user preferences.
• ›To process and display your tasks, schedules, user content, and AI-generated outputs within the Service.
• ›To provide customer support, respond to inquiries, and resolve technical issues.
• ›To manage billing and payments (for example, via third-party payment processors), issue invoices, and handle subscription status.
• ›To monitor and protect the security, integrity, and availability of the Service, including fraud detection, abuse prevention, and incident response.
• ›To analyze Usage Data and improve the performance, usability, and quality of the Service, including the reliability, safety, and performance of our AI features.
• ›To comply with applicable legal obligations and to establish, exercise, or defend legal claims.

05.AI Processing

The Service offers AI-based functionality to assist with tasks, schedules, and related recommendations. When you use these features, we process your prompts, tasks, schedules, and related context ("AI Inputs") and AI-generated responses ("AI Outputs") to deliver the requested functionality.

• ›AI features may be powered by third-party AI Service Providers (such as OpenAI or similar providers) acting as Data Processors on our behalf.
• ›AI Inputs and Outputs may be transmitted to those providers solely for the purpose of providing the Service and improving the reliability, safety, and performance of our AI features.
• ›We do not use your AI Inputs or Outputs to train publicly available AI models. Where we rely on a third-party AI provider, we configure the service so that your data is not used to train or improve their general models, to the extent the provider offers such controls.
• ›AI logs (including prompts and outputs) may be stored for a limited period to enable you to view past interactions, troubleshoot issues, and improve the reliability and safety of our AI features. We implement access controls to ensure that only authorized personnel can access AI logs for troubleshooting and security purposes.
• ›AI Outputs are generated algorithmically and may contain inaccuracies. Users are responsible for reviewing AI-generated recommendations before relying on them.
• ›We do not use AI features to make automated decisions that produce legal or similarly significant effects without human involvement. Our AI features are designed to assist and augment user decision-making, not replace it. This approach is consistent with our obligations under GDPR Article 22 and applicable law.
• ›AI processing may occur on servers located outside your country, subject to appropriate safeguards described in the "International Transfers" section.

06.Legal Basis for Processing

6.1 GDPR (Where Applicable)

Where the GDPR applies, we process Personal Data under the following legal bases:

• ›Performance of a contract: To provide and operate the Service, manage your Account, and fulfill our contractual obligations to you.
• ›Legitimate interests: To secure and improve the Service, prevent fraud and misuse, understand how the Service is used, and develop new features, provided that these interests are not overridden by your rights and interests.
• ›Consent: For certain activities such as non-essential cookies, optional communications, or specific AI/analytics features where consent is required by law. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• ›Legal obligation: To comply with applicable laws, regulations, and legal processes, including bookkeeping, tax, and regulatory requirements.

6.2 DPDP Act (India)

Under the Digital Personal Data Protection Act, 2023, we process Personal Data based on your consent, for legitimate uses permitted by law, and to fulfill contractual and legal obligations. By using the Service, you provide your consent to such processing as described in this Privacy Policy. You may withdraw consent at any time, subject to legal and contractual limitations.

07.Sharing of Information

We do not sell, rent, or trade Personal Data to third parties for monetary consideration. We may share Personal Data with the following categories of recipients, strictly for the purposes described in this Privacy Policy:

• ›Cloud hosting providers: To host our infrastructure and store data securely (for example, reputable cloud platforms such as Vercel, AWS, or similar providers).
• ›Database and storage providers: To store and back up application and user data in managed databases and secure storage services.
• ›AI providers: To deliver AI-powered features using third-party APIs that process AI Inputs and Outputs as our Data Processors.
• ›Payment processors: To process subscription payments and handle related billing operations (for example, providers such as Razorpay, Stripe, or equivalent services). Payment card details are processed directly by the payment processor and are not stored by us.
• ›Analytics providers: To collect Usage Data and measure how the Service is used, enabling us to improve performance and features using privacy-conscious analytics tools where possible.
• ›Email and communication providers: To send account-related emails, security alerts, and customer support communications.
• ›Professional advisors: Such as lawyers, accountants, and auditors, when necessary to obtain professional services and comply with legal obligations.
• ›Legal authorities and regulators: Where required by law or to protect our rights, users, or the public, we may disclose information to courts, law enforcement, or government authorities.
• ›Business transfers: In connection with any merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred to a successor entity, subject to appropriate safeguards and continuity of privacy protections.

We use written agreements with our Service Providers that require them to process Personal Data only according to our instructions, implement appropriate security measures, and not use the data for their own purposes. A list of our current subprocessors may be made available upon reasonable request.

We do not use Personal Data for profiling or targeted advertising purposes unrelated to the core functionality of the Service.

08.Data Retention

We retain Personal Data only for as long as necessary for the purposes described in this Privacy Policy, to comply with legal obligations, and to resolve disputes. Where feasible, we apply shorter retention periods and use aggregation or anonymization when detailed data is no longer needed.

• ›Account data (such as name, email, and account configuration) is retained for the duration of your Account and for up to 24 months after account closure to handle support requests, billing questions, or disputes, unless a longer period is required by law.
• ›User content (tasks, schedules, and AI interaction history) is retained while your Account is active and may be deleted or anonymized within up to 12 months after account closure, subject to backup retention.
• ›AI logs (prompts and outputs) used for reliability, abuse monitoring, and troubleshooting are typically retained for up to 12 months, after which they are deleted or anonymized unless needed for security or legal reasons.
• ›Customer support data (support tickets, emails, and related records) is retained for up to 24 months from the date of the last interaction, unless required longer for legal or compliance purposes.
• ›Usage and analytics data is retained for up to 24 months from collection in identifiable form, and may thereafter be kept only in aggregated or anonymized form.
• ›Backup copies containing Personal Data may be retained in encrypted form for a limited period consistent with our backup and disaster recovery policies and are accessed only when strictly necessary.

Once retention periods expire, we delete or irreversibly anonymize Personal Data using commercially reasonable measures, subject to technical limitations and legal requirements.

8.1 Data Retention After Subscription Expiry

If your subscription expires or is cancelled, your access to certain features of the Service may be restricted. We may retain your data for a limited grace period following expiry to allow for reactivation of your Account. After the grace period, data may be deleted or anonymized in accordance with the retention periods described above. We recommend that you export any data you wish to retain before cancelling your subscription or allowing it to expire.

09.International Transfers

We are based in India and may process Personal Data on servers located in India or other countries. This means your information may be transferred to and stored in jurisdictions with data protection laws that differ from those in your home jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, contractual protections, and technical measures, to ensure that Personal Data receives a level of protection that is comparable to that required under the DPDP Act and, where applicable, the GDPR.

10.Your Rights

Subject to applicable law, you may have the following rights with respect to your Personal Data:

• ›Right of access: To obtain confirmation of whether we process your Personal Data and to request a copy of such data.
• ›Right to correction: To request that inaccurate or incomplete Personal Data be corrected or updated.
• ›Right to deletion: To request deletion of your Personal Data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected.
• ›Right to data portability: Where technically feasible and required by law, to receive certain Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another service.
• ›Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• ›Right to object or restrict: To object to or request restriction of certain processing activities, especially where processing is based on legitimate interests, subject to applicable legal requirements.

To exercise your rights or make a data protection request, you may contact us at privacy@tasktime.in. We may need to verify your identity before acting on your request and may decline requests where permitted or required by law. If you are located in the European Union, you also have the right to lodge a complaint with your local supervisory authority at any time.

11.Data Security

We use commercially reasonable technical and organizational safeguards to protect Personal Data, including the use of HTTPS to encrypt data in transit, encryption of data at rest where appropriate, access controls based on least privilege, monitoring of our systems for security incidents, and secure authentication mechanisms for Account access.

Despite our efforts, no method of transmission over the internet or method of electronic storage is entirely risk-free. While we strive to protect Personal Data, we cannot guarantee absolute security. Where required by applicable law, we will notify relevant supervisory authorities and affected individuals as described in Section 19.

12.Children's Privacy

The Service is not intended for and should not be used by individuals under the age of 18. We do not knowingly collect Personal Data from persons under 18. If you are a parent or guardian and believe that a child has provided Personal Data to us, please contact us so that we can take appropriate steps to delete such information as required by law.

13.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page and, where required by law, we will notify you by appropriate means (for example, via email or an in-service notice) before the changes become effective.

Your continued use of the Service after the effective date of the updated Privacy Policy will constitute your acknowledgment of the changes and your agreement to the updated Policy.

14.Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For all privacy-related enquiries, please contact our Data Protection Officer at privacy@tasktime.in.

14.1 Grievance Officer (India)

In accordance with the Digital Personal Data Protection Act, 2023, users in India may contact our Grievance Officer for any complaints or concerns regarding the processing of Personal Data:

• ›Name: Grievance Officer – TASKTIME
• ›Email: grievance@tasktime.in

We aim to acknowledge and respond to grievances within 30 days of receipt. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority under the DPDP Act.

If you are located in a jurisdiction that provides you with the right to lodge a complaint with a data protection authority or the equivalent regulator, you may also have the right to do so if you are dissatisfied with our response.

15.Additional Rights for US Residents (CCPA and State Privacy Laws)

If you are a resident of certain U.S. states (including California), you may have additional rights under applicable privacy laws, such as the California Consumer Privacy Act ("CCPA") and other state privacy statutes. These rights may include:

• ›The right to know what personal information we collect, use, disclose, and share.
• ›The right to request deletion of your personal information, subject to certain exceptions.
• ›The right to opt-out of certain data sharing practices.
• ›The right to correct inaccurate personal information we hold about you.
• ›The right to data portability, where applicable.

TASKTIME does not sell personal information for monetary consideration. We do not sell or share personal information for cross-context behavioral advertising as defined under applicable U.S. state privacy laws. We will not discriminate against you for exercising any of your privacy rights. To submit a request or enquiry regarding your US state privacy rights, please contact us at privacy@tasktime.in.

16.EU Representative (GDPR Article 27)

TASKTIME is based in India. Where required under Article 27 of the GDPR — that is, where we offer services to individuals in the European Union on a non-occasional basis — we will designate a representative in the European Union to act on our behalf in relation to our obligations under the GDPR.

If an EU Representative has been designated, their contact details will be made available upon request and published in an updated version of this Privacy Policy. In the meantime, EU residents may direct GDPR-related enquiries to our Data Protection Officer at privacy@tasktime.in.

17.Business and Organization Accounts

If you access or use the Service through an organization, such as your employer, educational institution, or another business entity, that organization may act as the Data Controller (or Data Fiduciary under the DPDP Act) for certain Personal Data processed in connection with your use of the Service. In such cases, TASKTIME may act as a Data Processor on behalf of that organization, processing Personal Data only according to its instructions and applicable agreements.

If you have questions about how your organization uses your data within the Service, please contact your organization's administrator. TASKTIME' obligations as a Data Processor in such arrangements are governed by a Data Processing Addendum or equivalent agreement with the relevant organization.

18.Law Enforcement and Government Requests

We carefully review all government and law enforcement requests for Personal Data. We only disclose Personal Data in response to such requests where we are legally required to do so and where the request is proportionate to the legitimate aim pursued. Where permitted by law, we will notify affected users of such requests before complying. We do not provide bulk or indiscriminate access to Personal Data to any government or law enforcement agency.

19.Data Breach Notification

In the event that we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will take prompt remediation steps. Where required by applicable law — including the GDPR — we will notify the relevant supervisory authority within the legally required timeframe (such as 72 hours) after becoming aware of a qualifying breach. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay, in accordance with applicable law.

Notifications will include, to the extent practicable: a description of the nature of the breach, the categories and approximate number of individuals and records affected, the likely consequences of the breach, and the measures taken or proposed to address the breach.

For all privacy-related enquiries, please contact: