Privacy Policy

Task Flow AI, Inc.

Last Updated: December 12, 2025

Effective Date: December 12, 2025

1. Introduction

Task Flow AI, Inc. ("Task Flow AI," "Company," "we," "us," or "our") provides an AI-powered project management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information and other data when you access or use the Service.

This Privacy Policy applies to:

  • our website (taskflowai.com),
  • the Task Flow AI web application,
  • related services, communications, and support interactions.

The Service is currently offered as an early access / demo product. As a result, data practices may evolve as the Service matures. We are committed to transparency as we build.

2. Scope and Relationship to Terms of Service

This Privacy Policy supplements and is incorporated into our Terms of Service. If there is a conflict between this Privacy Policy and the Terms of Service, the Terms of Service control.

This Privacy Policy does not apply to third-party websites, applications, or services that may integrate with or be accessible through the Service.

3. Information We Collect

We collect information in the following categories.

3.1 Information You Provide Directly

You may provide information to us when you:

  • create an account,
  • use the Service,
  • communicate with us,
  • submit support requests,
  • connect third-party integrations.

This may include:

Account Information

  • name
  • email address
  • organization name
  • role or job title (if provided)

Customer Data (User Content)

  • project descriptions
  • tickets, tasks, and checklists
  • chat messages and prompts submitted to AI Features
  • comments, notes, and attachments
  • internal team communications
  • configuration preferences

Support Communications

  • messages sent to support@taskflowai.com
  • debugging information you choose to share
  • prompts or workflows you ask us to review to resolve issues

3.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical and usage information, including:

  • IP address
  • device type, operating system, browser type
  • timestamps and session duration
  • pages and features used
  • error logs and performance metrics
  • approximate geographic location (city/state level)

This information is used to operate, secure, and improve the Service.

3.3 Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe, Inc.

We do not store full credit card numbers. Stripe may collect:

  • billing name and address
  • payment method details
  • transaction history

Stripe's use of your information is governed by their own privacy policy.

3.4 Information from Third-Party Integrations

If you connect third-party services (e.g., Slack, Google Workspace, email providers), we may receive information from those services as authorized by you, such as:

  • messages
  • file references
  • user identifiers
  • metadata required for integration functionality

We process this data only to provide the integration you enabled.

4. How We Use Information

We use collected information for the following purposes:

4.1 Providing and Operating the Service

  • create and manage accounts
  • process projects, tickets, and workflows
  • enable AI Features and automations
  • support integrations and notifications

4.2 Support, Debugging, and Reliability

  • respond to support requests
  • investigate bugs, errors, or incorrect AI behavior
  • review prompts, outputs, and related logs when necessary to troubleshoot issues

4.3 Improving the Service

  • analyze usage patterns
  • improve AI accuracy and reliability
  • develop new features
  • test and evaluate system performance

4.4 AI Training and Evaluation (Early Access)

During the early access period, certain Customer Data may be used to improve AI Features, including:

  • evaluating model behavior
  • identifying failure modes
  • improving prompt handling and task execution

Where feasible, we use aggregation and de-identification techniques and restrict access to authorized personnel.

4.5 Security and Abuse Prevention

  • detect and prevent fraud, misuse, or unauthorized access
  • enforce Terms of Service
  • protect system integrity

4.6 Legal and Compliance

  • comply with legal obligations
  • respond to lawful requests
  • resolve disputes
  • enforce agreements

5. Aggregated and De-Identified Data

We may create aggregated or de-identified data derived from Customer Data.

This data:

  • does not reasonably identify you or any individual,
  • is used for analytics, benchmarking, and product improvement,
  • may be retained indefinitely.

We do not attempt to re-identify aggregated or de-identified data.

6. How We Share Information

We do not sell personal information. We share information only as described below.

6.1 Service Providers and Subprocessors

We share information with trusted service providers who help us operate the Service, including:

  • cloud hosting providers
  • AI model providers
  • analytics services
  • email and messaging infrastructure
  • payment processors (Stripe)

These providers process data only on our behalf and subject to contractual obligations.

6.2 AI Model Providers

To provide AI Features, Customer Data may be processed by third-party AI providers.

We select providers based on their data handling practices and configure settings intended to limit use of Customer Data for independent model training where available. However, processing is subject to provider terms and technical limitations.

6.3 Legal Requirements

We may disclose information if required to:

  • comply with applicable laws or regulations,
  • respond to subpoenas or lawful requests,
  • protect rights, safety, or property.

6.4 Business Transfers

If we undergo a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to this Privacy Policy.

7. Data Retention

7.1 Active Accounts

We retain Customer Data while your account is active to provide the Service.

7.2 Deleted Data and Account Termination

When you delete data or terminate your account:

  • Soft Delete Period: Data may be retained for up to 30 days to support recovery, troubleshooting, and legal compliance.
  • Hard Delete: After this period, data may be permanently deleted and cannot be restored.
  • Aggregated Data: Aggregated or de-identified data may be retained indefinitely.
  • AI Training Artifacts: If data was previously used for AI training or evaluation, some information may persist in trained model parameters or internal logs where removal is not technically feasible.

8. Data Security

We implement reasonable administrative, technical, and organizational safeguards to protect information, including:

  • access controls
  • encryption in transit
  • limited internal access
  • monitoring for suspicious activity

However, no system is completely secure, and we cannot guarantee absolute security.

9. Your Responsibilities

You are responsible for:

  • determining what data you submit to the Service,
  • avoiding submission of highly sensitive personal data unless necessary,
  • reviewing AI-generated Output before relying on it,
  • ensuring your use of the Service complies with applicable laws.

10. International Data Transfers

We operate from the United States. By using the Service, you understand that your information may be processed in the United States or other jurisdictions where our service providers operate.

11. Privacy Rights

11.1 California Residents

If you are a California resident, you may have rights under the CCPA/CPRA, including the right to:

  • request access to personal information,
  • request deletion (subject to legal exceptions),
  • opt out of certain data uses.

Requests can be sent to: privacy@taskflowai.com

11.2 European Union / EEA Users

If you are located in the EU/EEA, you may have rights under the GDPR, including:

  • access
  • correction
  • deletion
  • restriction
  • objection

We may act as a data processor or controller depending on the context. Enterprise customers may request a Data Processing Agreement (DPA).

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as the Service evolves. When we make material changes, we will:

  • update the "Last Updated" date,
  • post the revised policy on our website,
  • notify users by email where appropriate.

14. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us:

Task Flow AI, Inc.

Mailing Address:
4800 Dahlia Street, Ste A11
Denver, CO 80216

Email: privacy@taskflowai.com

Support: support@taskflowai.com

Website: taskflowai.com

© 2025 Task Flow AI, Inc. All rights reserved.