Privacy Policy

2026-05-14

Draft. Subject to legal review.

1. Data controller

The data controller under GDPR is:

When we incorporate (LV SIA), we will notify users in advance about the change of controller.

2. What we collect

We do not use advertising cookies and do not share data with advertising networks.

3. Purposes of processing

4. Legal basis

Processing is based on Art. 6(1)(b) GDPR — performance of the contract concluded by accepting the Terms of Service.

5. Recipients

For transfers to the US we rely on the European Commission's Standard Contractual Clauses.

6. Retention

7. Your rights (GDPR)

How to delete your account (GDPR Art. 17): in your profile, open «Settings → Danger zone» and press «Delete account». Deletion is immediate. If you are the customer: all your pairs and their content (tasks, chat, files) are deleted entirely; executors in those pairs lose access. If you are the executor: your active pairs are moved to the customer's archive, your name in existing messages and files is replaced with «Deleted user». A deletion audit log containing a hash of your e-mail (not the e-mail itself) is kept for 30 days for compliance purposes. Backups are purged within 30 days.

Other requests (access, rectification, portability, objection) go to the same address. Response time: up to 14 days.

8. Cookies and similar technologies

We classify cookies and browser storage into three categories. You choose which categories to allow via the cookie banner on first visit. You can change your choice at any time via the «Cookie preferences» link in the footer.

Your consent is stored in your browser's localStorage under the key taskzen_cookie_consent_v1. Refusing analytics or error tracking does not restrict your access to any feature of the service. Server-side operational error logs (internal application errors that occur without a user request, never containing user content) are kept under legitimate interest (Art. 6(1)(f) GDPR) and are not subject to the cookie consent above.

9. Security

TLS encryption in transit, at-rest encryption on Supabase, database row-level security, sign-in rate limits. Absolute security cannot be guaranteed — use a strong password and do not share access.

10. Complaint to a supervisory authority

If you believe the processing infringes GDPR, you may lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or with the supervisory authority of your EU country of residence.

11. Changes

Material changes will be announced by e-mail at least 14 days before taking effect.

12. Contact

Any questions: support@gettaskzen.eu.