TASKCLANStart building ↗DATA PROCESSING & PROTECTION
How your data is handled.
The commitments and mechanics behind Taskclan’s handling of personal and customer data, built for GDPR, CCPA and enterprise governance.
Last updated: July 18, 2026
Overview and roles
This policy describes how Taskclan processes data and complements our Privacy Policy. Depending on the context, Taskclan acts as a controller (for our own account, billing and site data) or as a processor (for content you submit to be processed on your behalf, "Customer Data").
When we act as a processor, we process Customer Data only on your documented instructions and to provide the service.
Categories of data and purposes
Data we process
- Account & contact data, to create and manage your account and communicate with you.
- Usage & diagnostic data, to operate, secure and improve the service.
- Customer Data, the prompts, files, references and outputs you send through the platform, processed to deliver the requested feature.
Purposes
We process data to provide, secure, maintain and improve the platform; to comply with legal obligations; and to communicate with you. We do not sell personal data.
Legal bases (GDPR)
Where the GDPR applies, we rely on: performance of a contract (to provide the service you request), legitimate interests (to secure and improve the platform, balanced against your rights), consent (where required, e.g. certain communications), and legal obligation (to comply with the law).
Processing on your behalf
When you send Customer Data to be processed by AI features, we and our model subprocessors process it to generate the response you asked for. As set out in our AI Policy, we do not use identifiable Customer Data to train foundation models without your explicit opt-in.
Subprocessors
We use vetted third parties (for hosting, storage, model inference, email and support) to deliver the platform. They process data under contractual data-protection terms. Our current list, purposes and locations are published at taskclan.com/subprocessors, and we notify customers of material changes.
International transfers
Taskclan operates globally, so data may be transferred to and processed in countries other than your own. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms, together with supplementary technical measures.
Retention and deletion
We keep personal data only as long as necessary for the purposes described here or as required by law, then delete or anonymize it. Customer Data is retained per your configuration and our agreement; on termination, we delete or return Customer Data within a commercially reasonable period, subject to legal retention requirements.
Security measures
We apply technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, tenant isolation, logging and monitoring. Details are in our Security overview.
Your rights and requests
Subject to applicable law, you may request access, correction, deletion, portability or restriction of your personal data, and object to certain processing. To exercise these rights, contact hello@taskclan.com. Where we act as a processor, we will assist our customers in responding to data-subject requests.
Contact
For data-protection questions, DPA requests, or to reach our data-protection contact, email hello@taskclan.com. Taskclan Inc. is based in Toronto, Canada.
Questions?
Need a signed
DPA?
Enterprise customers can request a Data Processing Agreement and details of our safeguards. Reach out and we’ll help.
Contact us ↗