Privacy Policy

Effective Date: December 2025

01. Introduction

TaskifAI ("we", "us") is committed to protecting the privacy and security of your brand intelligence. This Privacy Policy outlines how we collect, use, and safeguard your information.

Data Controller:

TaskifAI
Styrbordsgatan 6, 21647 Limhamn
Malmö, Sweden

Contact: security@taskifai.com

02. The Data We Collect

2.1 Account Information

We collect data necessary to manage your account, including:

  • Name and Email Address
  • Billing Information (processed via our payment provider)
  • Company details

2.2 Brand Intelligence Data (Client Data)

This includes the proprietary datasets you upload for analysis (sales metrics, strategy docs, etc.). We process this data strictly as a Data Processor on your behalf (see Section 5).

2.3 Legal Basis for Processing (GDPR Art. 6)

We process personal data only where we have a lawful basis to do so. The table below outlines our legal bases:

Category of DataLegal BasisGDPR Reference
Account InformationPerformance of a contract (necessary to provide the Service)Art. 6(1)(b)
Brand Intelligence DataPerformance of a contract; processed as Data Processor on your instructionsArt. 6(1)(b) + Art. 28
Service CommunicationsLegitimate interests (service delivery, security notifications)Art. 6(1)(f)
Marketing CommunicationsConsent (where required) or legitimate interestsArt. 6(1)(a) / Art. 6(1)(f)

03. How We Use AI (Strict usage Policy)

We distinguish ourselves through a privacy-first AI architecture:

  1. Isolation: Your data is processed in isolated logical environments.
  2. No Training: We do not use your Brand Intelligence Data to train our foundation models or the models of our third-party providers (e.g., Anthropic).
  3. Stateless Processing: When you send a query, relevant data is retrieved, anonymized where possible by our "Analyst Agent," and sent to the LLM (Large Language Model) within a transient context window. It is not stored by the LLM provider.
  4. Automated Decision Making: We do not use your personal data for automated decision-making that produces legal effects concerning you (as defined in GDPR Art. 22).

04. Infrastructure and Subprocessors

We use trusted third-party service providers to support our operations. We have Data Processing Agreements (DPAs) in place with all listed providers:

ProviderPurposeLocationTransfer Mechanism
DigitalOceanCloud Hosting & InfrastructureEurope (Germany/Netherlands)Intra-EEA Transfer
SupabaseDatabase & AuthenticationEuropeIntra-EEA Transfer
AnthropicAI Intelligence ProviderUSEU-US Data Privacy Framework / SCCs

Note: Where data is transferred to the US, we rely on the EU-US Data Privacy Framework (if applicable to the provider) or Standard Contractual Clauses (SCCs) with supplementary measures.

05. Security Measures

We employ enterprise-grade security including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • Row-Level Security (RLS): Database isolation ensuring tenants cannot access each other's data.
  • Access Control: Strict internal access policies based on "least privilege."
  • Audit Logging: We maintain logs of system access to detect anomalies.

06. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold.
  • Rectification: Correct inaccurate data.
  • Erasure (Right to be Forgotten): Request permanent deletion of your data/account.
  • Portability: Receive your data in a structured, commonly used format.
  • Restriction: Request that we restrict processing of your data in certain circumstances (e.g., while accuracy is contested, or where processing is unlawful but you prefer restriction over erasure).
  • Object: Object to processing based on legitimate interests.

To exercise these rights, contact security@taskifai.com. We will respond to your request within one (1) month of receipt. In cases of complexity or volume, we may extend this period by up to two additional months and will notify you accordingly.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Swedish Data Protection Authority:

Integritetsskyddsmyndigheten (IMY)
Website: imy.se
Email: imy@imy.se

07. Data Retention

We retain your data only as long as your account is active. Upon account cancellation, Brand Intelligence Data is deleted from our active databases within 30 days. Backups are cycled strictly according to our disaster recovery schedule and then overwritten.

08. Cookies and Analytics

Our marketing website uses minimal analytics to understand usage and improve the Service. We use Vercel Analytics, which collects anonymised, aggregated data (page views, referrers, browser type) without setting persistent tracking cookies or processing personal data in a way that requires consent under the ePrivacy Directive.

No third-party advertising cookies or tracking pixels are used on our website. If this changes, we will update this policy and, where required by law, seek your consent before setting non-essential cookies.

09. Changes to this Policy

We may update this policy to reflect changes in our technology or legal requirements. We will notify you of significant changes via email or dashboard notification.