Your GDPR Data Subject Rights
Last Updated: 2 November 2025
Under the EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018, you have the following rights regarding your personal data. This page explains how to exercise these rights with TaskAGI.
1. Your Rights Under GDPR
1.1. Right of Access (Article 15):
1.2. Right to Rectification (Article 16):
1.3. Right to Erasure / "Right to be Forgotten" (Article 17):
1.4. Right to Restriction of Processing (Article 18):
1.5. Right to Data Portability (Article 20):
1.6. Right to Object (Article 21):
1.7. Right to Withdraw Consent (Article 7):
1.8. Right to Lodge a Complaint (Article 77):
- You have the right to request a copy of all personal data we hold about you
- We will provide information about how we use your data, who we share it with, and how long we keep it
- This is commonly known as a "Data Subject Access Request" (DSAR)
1.2. Right to Rectification (Article 16):
- You have the right to correct inaccurate or incomplete personal data
- You can update most information directly in your account settings
- For data you cannot update yourself, contact us at privacy@taskagi.net
1.3. Right to Erasure / "Right to be Forgotten" (Article 17):
- You have the right to request deletion of your personal data in certain circumstances
- This right is NOT absolute - we may retain data if required by law (e.g., tax records for 7 years)
- Account deletion can be requested via your account settings or privacy@taskagi.net
1.4. Right to Restriction of Processing (Article 18):
- You have the right to request that we limit how we use your data in certain circumstances
- For example, if you contest the accuracy of data, we will restrict processing while we verify it
1.5. Right to Data Portability (Article 20):
- You have the right to receive your personal data in a structured, machine-readable format (JSON, CSV)
- You can transfer your data to another service provider
- This right applies to data you provided to us based on consent or contract
1.6. Right to Object (Article 21):
- You have the right to object to processing based on legitimate interests
- You can object to direct marketing at any time (unsubscribe links in emails)
- You can object to automated decision-making and profiling
1.7. Right to Withdraw Consent (Article 7):
- If we process your data based on consent, you can withdraw consent at any time
- Withdrawal does not affect the lawfulness of processing before withdrawal
1.8. Right to Lodge a Complaint (Article 77):
- You have the right to complain to a data protection supervisory authority
- In the UK: Information Commissioner's Office (ICO) - https://ico.org.uk/make-a-complaint/
- In the EU: Your local data protection authority - Find your DPA
2. How to Exercise Your Rights
2.1. Email Request: Send your request to:
2.2. Account Settings: Some actions can be performed directly:
2.3. Identity Verification:
- Email: privacy@taskagi.net
- Subject Line: "GDPR Data Subject Request - [Your Right, e.g., Access/Deletion]"
- Include: Your full name, account email address, and specific request details
2.2. Account Settings: Some actions can be performed directly:
- Update Information: Account Settings → Profile
- Download Your Data: Account Settings → Privacy → Download My Data (coming soon)
- Delete Account: Account Settings → Privacy → Delete My Account
- Marketing Opt-Out: Unsubscribe links in marketing emails or Account Settings → Notifications
2.3. Identity Verification:
- To protect your privacy, we must verify your identity before fulfilling requests
- We may ask for government-issued ID (passport, driver's license) or other identifying information
- If you are making a request on behalf of another person, you must provide proof of authorization
3. Response Timeframes
3.1. Standard Response Time:
3.2. Complex Requests:
3.3. Urgent Requests:
- We will respond to your request within 30 days (1 month) of receipt
- This is the maximum timeframe required by GDPR Article 12(3)
3.2. Complex Requests:
- For complex or numerous requests, we may extend the response time by an additional 60 days (2 months)
- We will notify you within 30 days if an extension is needed and explain the reason
3.3. Urgent Requests:
- If you have an urgent concern (e.g., data breach, unauthorized access), mark your email "URGENT"
- We prioritize security-related requests
4. What Information We Provide (Data Subject Access Requests)
When you make a Data Subject Access Request (DSAR), we will provide:
4.1. Personal Data Categories:
4.2. Processing Details:
4.3. Format:
4.4. Exclusions:
4.1. Personal Data Categories:
- Account information (name, email, profile data)
- Billing and transaction history
- Workflow configurations and execution history
- Integration credentials (encrypted - we cannot decrypt for security reasons)
- Logs and analytics data
- Support ticket history
4.2. Processing Details:
- Purposes of processing (account management, service delivery, billing, etc.)
- Legal basis for each processing purpose (contract, consent, legitimate interest)
- Categories of recipients (sub-processors, payment processors, AI providers)
- Data retention periods
- International data transfers (if applicable)
4.3. Format:
- Data will be provided in a structured, machine-readable format (JSON or CSV)
- Human-readable summary document (PDF) explaining the data
4.4. Exclusions:
- We may redact third-party personal data (e.g., names of other users in shared workflows)
- Trade secrets or proprietary business information
- Information subject to legal privilege (attorney-client communications)
5. Account Deletion and Data Erasure
5.1. What Gets Deleted:
5.2. What We Retain (Legal Obligations):
5.3. Deletion Process:
5.4. Consequences of Deletion:
- Account profile and authentication credentials
- Workflows and workflow execution history
- Integration credentials and API keys
- Personal preferences and settings
- Marketing preferences and consent records
5.2. What We Retain (Legal Obligations):
- Billing Records: 7 years (tax and accounting laws)
- Abuse/Fraud Records: Indefinitely (fraud prevention and legal claims)
- Anonymized Analytics: Aggregated data with no personal identifiers
- Legal Hold Data: Data subject to ongoing litigation or regulatory investigations
5.3. Deletion Process:
- Immediate deletion of active data (account profile, workflows, integrations)
- Deletion from backups within 90 days
- Deletion from sub-processor systems within 90 days (per DPA terms)
5.4. Consequences of Deletion:
- You will lose access to all workflows, integrations, and execution history
- AI credits and subscription fees are non-refundable (see Refund Policy)
- Deletion is PERMANENT and cannot be undone
- You may create a new account, but previous data cannot be restored
6. Data Portability Requests
6.1. What Data Can Be Ported:
6.2. Formats Provided:
6.3. Direct Transfer to Another Service:
- Workflow configurations (JSON format)
- Execution history and logs (CSV format)
- Account settings and preferences (JSON format)
- Billing and transaction history (CSV format)
6.2. Formats Provided:
- JSON: For structured data (workflows, account settings)
- CSV: For tabular data (execution history, transactions)
- ZIP Archive: All data files packaged together
6.3. Direct Transfer to Another Service:
- If technically feasible, we can transfer your data directly to another service provider
- The receiving service must support the same data formats (JSON/CSV)
- Contact privacy@taskagi.net to arrange direct transfer
7. Objections and Restrictions
7.1. Object to Processing:
7.2. Restrict Processing:
7.3. Consequences:
- Marketing: Unsubscribe links in emails or Account Settings → Notifications
- Analytics: Opt out via Account Settings → Privacy (cookie preferences)
- Legitimate Interest Processing: Contact privacy@taskagi.net with your objection and reasons
7.2. Restrict Processing:
- Request that we limit how we use your data (e.g., storage only, no active processing)
- Typically used when contesting data accuracy or objecting to processing
- Contact privacy@taskagi.net to request restriction
7.3. Consequences:
- Objecting to essential processing may prevent us from providing services
- We may terminate your account if you object to processing required for service delivery
8. Third-Party Data Rights (For Data You Collect)
IMPORTANT: If you use TaskAGI to process other people's personal data (e.g., via integrations, web scraping, workflows):
8.1. Your Obligations:
8.2. How TaskAGI Assists:
8.3. Example Scenarios:
8.1. Your Obligations:
- YOU are the Data Controller for data you collect through TaskAGI
- YOU are responsible for honoring data subject rights for individuals whose data you process
- YOU must respond to DSARs, deletion requests, and objections from your data subjects
8.2. How TaskAGI Assists:
- We provide tools to export, delete, or modify data in your workflows (see DPA Section 9)
- We will assist you in fulfilling data subject requests within 30 days
- For assistance: privacy@taskagi.net
8.3. Example Scenarios:
- If you scrape personal data (email addresses, names, etc.), data subjects can request deletion from YOU
- If you use AI to process customer data, customers can request access or rectification from YOU
- YOU must have privacy policies and data subject request mechanisms for your own data processing
9. Fees
9.1. No Fees for Most Requests:
9.2. Excessive or Repetitive Requests:
9.3. Refusal of Requests:
- We do NOT charge fees for the first data subject request in a 12-month period
- This includes access requests, deletion requests, portability requests, etc.
9.2. Excessive or Repetitive Requests:
- If you make excessive, repetitive, or manifestly unfounded requests, we may charge a reasonable fee
- Fees are based on administrative costs (GDPR Article 12(5))
- We will notify you of any fees before processing your request
9.3. Refusal of Requests:
- We may refuse requests that are manifestly unfounded, excessive, or would violate others' rights
- If we refuse a request, we will explain the reason within 30 days
- You have the right to complain to a supervisory authority if we refuse your request
10. Children's Data Rights
10.1. Age Requirement:
10.2. Parental Requests:
- TaskAGI is NOT intended for children under 16 years old
- If we discover we have collected data from a child under 16, we will delete it promptly
10.2. Parental Requests:
- If you are a parent/guardian and believe your child has created an account, contact privacy@taskagi.net
- We will verify your parental status and delete the account upon confirmation
11. Brexit and UK GDPR
11.1. UK Data Protection:
11.2. UK Supervisory Authority:
- The UK's Data Protection Act 2018 provides the same data subject rights as EU GDPR
- UK residents have the same rights as EU residents
11.2. UK Supervisory Authority:
- Information Commissioner's Office (ICO)
- Report a concern: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
12. Contact Information
Data Subject Requests: privacy@taskagi.net
Data Protection Officer (DPO): dpo@taskagi.net
General Privacy Questions: support@taskagi.net
Postal Address:
TaskAGI Privacy Team
[Your Company Address]
[City, Postal Code]
[Country]
Response Time: We aim to respond to all data subject requests within 30 days (1 month) as required by GDPR.
Related Documents:
Data Protection Officer (DPO): dpo@taskagi.net
General Privacy Questions: support@taskagi.net
Postal Address:
TaskAGI Privacy Team
[Your Company Address]
[City, Postal Code]
[Country]
Response Time: We aim to respond to all data subject requests within 30 days (1 month) as required by GDPR.
Related Documents: