TaskAGI Privacy Policy

Privacy Policy

Last Updated: 2 November 2025

Welcome to TaskAGI ("TaskAGI", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the TaskAGI automation and AI agents platform ("Service"). This policy is designed to comply with the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable data protection laws.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Data Controller

TaskAGI acts as the data controller for personal data processed through our Service. For GDPR inquiries and data subject requests, please contact us at: privacy@taskagi.net

2. Information We Collect

2.1. Information You Provide: We collect information that you provide directly to us, including:

Account registration data (name, email address, company name)
Payment information (processed by third-party payment processors - we do not store full card details)
Profile information and preferences
Communications with our support team
Workflow configurations and automation settings
Third-party integration credentials (stored encrypted - see Section 6)

2.2. Automatically Collected Information: When you access or use the Service, we automatically collect:

Technical information (IP address, browser type, operating system, device identifiers)
Usage data (pages visited, features used, time spent, workflow execution logs)
Analytics data via Google Analytics (GA4) and Google Ads conversion tracking
Cookies and similar tracking technologies (see our Cookie Policy)

2.3. Data from Third-Party Integrations: When you connect third-party services (365+ available integrations including CRMs, payment processors, marketing tools, AI models, and web scrapers):

OAuth access tokens (encrypted and stored securely)
API keys and credentials (encrypted using industry-standard encryption)
Data retrieved from connected services as part of workflow execution
Webhook payloads sent to your configured workflows

2.4. AI Model Processing Data: When you use our 30+ integrated AI models (OpenAI, Anthropic, Google, ElevenLabs, Replicate, etc.):

Input data you provide to AI models
Generated outputs (text, images, audio, video)
Model usage logs for billing and troubleshooting
Note: Data sent to AI model providers is subject to their respective privacy policies (see Section 4.3)

2.5. Web Scraping Data: When you use our 25+ web scraper integrations:

Target URLs and scraping configurations
Scraped data returned by scraping services
Enrichment data from lead generation tools (e.g., Apollo 50K leads)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contractual Necessity: To provide the Service you've subscribed to (account management, workflow execution, billing)
Legitimate Interests: To improve our Service, detect fraud, ensure security, and provide customer support
Consent: For marketing communications, cookie usage, and optional data processing (you may withdraw consent at any time)
Legal Obligation: To comply with applicable laws, regulations, and legal processes

4. How We Use Your Information

4.1. Service Provision:

Execute your automation workflows and AI agent operations
Connect to third-party integrations using your credentials
Process webhooks and trigger scheduled workflows
Store generated outputs (images, audio, video) for access within the Service
Calculate and deduct AI credits based on usage

4.2. Service Improvement:

Analyze usage patterns to improve features and performance
Troubleshoot errors and optimize workflow execution
Develop new integrations and AI model connections
Conduct security monitoring and fraud prevention

4.3. Communications:

Send transactional emails (account notifications, workflow execution alerts, billing updates)
Provide customer support and respond to inquiries
Send marketing communications (only with your consent - opt-out available)

4.4. Legal and Security:

Comply with legal obligations and respond to lawful requests
Enforce our Terms of Service and protect our rights
Detect, prevent, and address security incidents or fraudulent activity

5. Data Sharing and Sub-Processors

5.1. Third-Party Service Providers (Sub-Processors):
We share data with carefully selected sub-processors who assist in providing the Service. A complete list is available at our Sub-Processors page. Key categories include:

Cloud Infrastructure: Server hosting and data storage providers
Payment Processing: Stripe, PayPal, and other payment gateways (subject to PCI-DSS compliance)
AI Model Providers: OpenAI, Anthropic, Google, ElevenLabs, Replicate, and 25+ other AI services
Integration Partners: 365+ third-party services you choose to connect (each subject to their own privacy policies)
Analytics: Google Analytics, Google Ads
Communication Tools: Email service providers, Crisp Chat for customer support
Web Scraping Services: Apify and other data collection providers

5.2. Data Transfers Outside the EU/UK:
Some sub-processors are located outside the EU/UK (e.g., United States). We ensure adequate safeguards through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements (DPAs) with all sub-processors
Adequacy decisions where applicable

5.3. User-Initiated Data Sharing:
When you create workflows that connect to third-party services:

You authorize TaskAGI to send data to those services on your behalf
You are responsible for understanding the privacy practices of integrated services
TaskAGI is not responsible for how third-party services process your data

5.4. Business Transfers:
If TaskAGI is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5.5. Legal Requirements:
We may disclose your information:

To comply with legal obligations (court orders, subpoenas, regulatory requests)
To protect and defend TaskAGI's rights or property
To prevent fraud or security threats
To protect the safety of our users or the public

5.6. No Selling of Personal Data:
We do not sell your personal data to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: All third-party credentials (OAuth tokens, API keys) are encrypted at rest using AES-256 encryption
Transport Security: Data in transit is protected using TLS/SSL encryption
Access Controls: Role-based access controls limit data access to authorized personnel only
Webhook Security: Webhook endpoints use secret keys for authentication
Regular Security Audits: We conduct periodic security assessments and vulnerability testing
Incident Response: We maintain an incident response plan to address data breaches promptly

Note: While we implement robust security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

For security-related questions, contact security@taskagi.net.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

Account Data: Retained while your account is active, plus 90 days after account deletion (for recovery purposes)
Workflow Execution Logs: Retained for 90 days for troubleshooting and billing verification
Generated AI Content: Retained until you delete it or close your account
Billing Records: Retained for 7 years to comply with tax and accounting regulations
Marketing Data: Retained until you withdraw consent or opt-out
Webhook Data: Processed in real-time and not permanently stored unless part of workflow execution logs

You may request earlier deletion of your data (see Section 9 - Your Rights).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain user sessions and authentication
Analyze website traffic and user behavior (Google Analytics)
Deliver targeted advertising (Google Ads conversion tracking)
Provide customer support (Crisp Chat)

For detailed information about the cookies we use and your choices, please see our Cookie Policy.

9. Your Rights (GDPR & UK DPA)

Under GDPR and UK data protection law, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
Right to Restriction: Restrict processing of your data in certain situations
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your rights: Visit our GDPR Data Rights page or contact privacy@taskagi.net

We will respond to your request within 30 days (as required by GDPR).

10. Children's Privacy

The Service is not intended for individuals under the age of 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@taskagi.net and we will promptly delete such information.

11. AI Model Processing and Third-Party AI Services

Important Notice: When you use AI models integrated into TaskAGI:

Your input data is sent to third-party AI providers (OpenAI, Anthropic, Google, etc.)
These providers may process your data according to their own privacy policies
We recommend reviewing privacy policies of AI providers you intend to use
TaskAGI is not responsible for how AI providers process your data
Some AI providers may use data for model training (check their policies)

See our AI Model Usage Policy for comprehensive details and disclaimers.

12. International Data Transfers

TaskAGI operates globally and may transfer your data to countries outside the EU/UK that may not offer the same level of data protection. When we transfer data internationally, we ensure adequate safeguards are in place through:

EU Standard Contractual Clauses (SCCs)
Data Processing Agreements with sub-processors
Adequacy decisions by the European Commission (where applicable)
Appropriate technical and organizational measures

For more information about international transfers, contact privacy@taskagi.net

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The "Last Updated" date at the top indicates when the latest changes were made.

Material Changes: If we make material changes, we will notify you via email or prominent notice on our website at least 30 days before the changes take effect.

Your Continued Use: Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us & Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Privacy Inquiries: privacy@taskagi.net
General Contact: hello@taskagi.net
GDPR Data Subject Requests: Data Rights Request Form

Supervisory Authority:
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en