Data Security & Privacy Commitment

1. Executive Summary

At TaskifAI, we understand that for consumer brands, data is not just an asset, it is your competitive advantage. As the operating system for your brand intelligence, we treat the security, privacy, and integrity of your data as our primary operational directive.

This document outlines the technical and procedural measures TaskifAI employs to secure your data. Our architecture leverages world-class infrastructure providers and strictly enforced data governance policies to ensure that your proprietary information remains private, encrypted, and protected.

2. Our Core Security Philosophy

Our security strategy is built on three pillars:

1. Isolation: Your data is logically separated from other customers.
2. Encryption: Data is encrypted both in transit and at rest.
3. Sovereignty: You own your data. We do not use your proprietary metrics to train public AI models.

3. Infrastructure & Technology Stack

TaskifAI is built on a foundation of industry-leading infrastructure providers, selected for their rigorous compliance certifications and security standards.

3.1 Cloud Infrastructure: DigitalOcean

Our platform is hosted on DigitalOcean, a premier cloud infrastructure provider.

• Physical Security: Data centers feature 24/7 manned security, biometric scanners, and strict access controls.
• Compliance: DigitalOcean is certified for SOC 2 Type II, SOC 3, and ISO/IEC 27001:2013.
• Regional Compliance: Our infrastructure is deployed in European data centers to ensure compliance with local data residency requirements and GDPR.

3.2 Database Security: Supabase (PostgreSQL)

We utilize Supabase, built upon the industry-standard PostgreSQL database, to manage your data.

• Encryption at Rest: All user data stored on disk is encrypted using the industry-standard AES-256 algorithm. Even if physical storage media were compromised, the data would remain unreadable.
• Encryption in Transit: All communications between your dashboard, our API, and the database are encrypted via SSL/TLS (HTTPS).
• Row-Level Security (RLS): We implement strict Row-Level Security policies at the database level. This ensures that no query can ever access data belonging to another tenant, providing a mathematical guarantee of data isolation.

4. Artificial Intelligence & Data Privacy

The most common concern regarding AI is: "Will my sales data be used to train ChatGPT or other public models?"

The answer is No.

4.1 The AI Provider: Anthropic

We utilize the Anthropic API (Claude) for our intelligence layer. We have selected Anthropic specifically for their "Constitution AI" approach and strict enterprise data policies.

• Zero Training Policy: Under our commercial agreement with Anthropic, data submitted to the API is not used to train their foundation models. Your data effectively enters a "walled garden" for processing and is then discarded by the model.
• Stateless Processing: The AI analyzes the data provided in the prompt context to generate insights (e.g., "Predict stockout risk") and returns the answer. It does not retain a memory of your specific sales figures after the session closes.

4.2 The TaskifAI Protection Layer

Before any data reaches the AI model, it passes through our proprietary "Analyst Agent" layer:

• Anonymization: Where possible, sensitive PII (Personal Identifiable Information) is redacted or anonymized before analysis.
• Context-Only Transmission: We only send the minimum amount of data required to answer a specific query. We do not upload your entire historical database to the AI context window.

5. GDPR & Compliance

As a company headquartered in Malmö, Sweden, TaskifAI is designed with GDPR (General Data Protection Regulation) at its core.

• Data Processor Agreement (DPA): We provide a standard DPA to all European customers, outlining our responsibilities as a Data Processor and your rights as a Data Controller.
• Right to Erasure: Our architecture supports full data deletion. If you choose to leave the platform, your data is permanently scrubbed from our active databases and backups in accordance with retention schedules.

6. Confidentiality & NDAs

We recognize the sensitive nature of the data you entrust to us.

• Non-Disclosure Agreements (NDA): TaskifAI is fully prepared to execute a mutual Non-Disclosure Agreement (NDA) prior to any data integration or deeper commercial engagement. This legally binds us to strict confidentiality standards regarding your trade secrets, financial metrics, and strategic plans.

7. Conclusion

Your trust is essential to our business model. TaskifAI provides the power of advanced AI strategy without compromising the security of your proprietary data. We combine the flexibility of modern AI with the rigidity of enterprise banking standards.