1. Data controller
The data controller under GDPR is:
- Oleg Kuzubov, individual, Latvia;
- data contact: support@gettaskzen.eu.
When we incorporate (LV SIA), we will notify users in advance about the change of controller.
2. What we collect
- E-mail and name — for authentication and identification in your pair;
- task content, chat messages, attachments — data you add yourself;
- technical data: signup time, last sign-in IP, user-agent — for security purposes;
- optional: city for the weather widget.
We do not use advertising cookies and do not share data with advertising networks.
3. Purposes of processing
- provide the service to you and your pair partner;
- ensure security (rate-limiting, bot protection);
- send transactional e-mails (invitations, password reset, material changes).
4. Legal basis
Processing is based on Art. 6(1)(b) GDPR — performance of the contract concluded by accepting the Terms of Service.
5. Recipients
- Supabase Inc.(database & authentication) — servers in the EU (eu-central-1, Frankfurt). DPA available on request.
- Vercel Inc. (application hosting) — request processing on both EU and US edge nodes.
- Resend (Resend Labs Inc.) — e-mail delivery (confirmations, magic-link).
For transfers to the US we rely on the European Commission's Standard Contractual Clauses.
6. Retention
- active account — for as long as you use the service;
- after account deletion — up to 30 days (backups), then full deletion;
- archive of a cancelled pair — the customer retains the archive until explicit deletion (see Terms §4); the executor loses access immediately upon cancellation.
7. Your rights (GDPR)
- right of access (Art. 15);
- right to rectification (Art. 16);
- right to erasure — “right to be forgotten” (Art. 17);
- right to restriction (Art. 18);
- right to data portability (Art. 20) — export as CSV/ZIP;
- right to object (Art. 21).
How to request account deletion (GDPR Art. 17): send an e-mail with the subject “Account deletion request” to support@gettaskzen.eu from the e-mail address of your account. We will confirm receipt and erase the account and related data within 14 days (backups are purged in the same window). If you are the customer in an active pair, the pair will be cancelled automatically; the executor partner loses access to the pair's data immediately.
Other requests (access, rectification, portability, objection) go to the same address. Response time: up to 14 days.
8. Cookies
We only use functional cookies required for authentication. No analytics or advertising cookies. Consent to functional cookies is implied by use of the service.
9. Security
TLS encryption in transit, at-rest encryption on Supabase, database row-level security, sign-in rate limits. Absolute security cannot be guaranteed — use a strong password and do not share access.
10. Complaint to a supervisory authority
If you believe the processing infringes GDPR, you may lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or with the supervisory authority of your EU country of residence.
11. Changes
Material changes will be announced by e-mail at least 14 days before taking effect.
12. Contact
Any questions: support@gettaskzen.eu.