Privacy Policy — Task Easy

This Privacy Policy explains how Task Easy ("we", "us", or "our") collects, uses, and protects your personal information when you use our mobile and web application. By using Task Easy, you agree to the practices described in this policy.

01 Who We Are

Task Easy is an independent application that helps individuals and small groups manage tasks, to-do lists, and calendar events in one unified view. The app is available on the web, Android, and (coming soon) iOS.

For privacy enquiries, contact us at the address listed at the bottom of this page.

02 What Data We Collect

We collect only what is necessary to provide the service. The table below describes each data type, why we collect it, and its basis under applicable law.

Data Type	Examples	Purpose	Basis
Account data	Email address, display name, profile photo	Authentication, identifying you to collaborators	Required
Task & list data	Task titles, due dates, categories, completion status	Core app functionality	Required
Task notes	Free-text notes you attach to individual tasks	Extended task detail	Optional
Collaboration data	Email addresses of collaborators you invite	Sharing lists, sending invitations	Required
Google Calendar data	Event titles, times, calendar names	Display calendar events alongside tasks (read-only)	Optional
Device & usage data	Platform (Android/web/iOS), app version, crash reports	App stability and debugging	Required
Analytics data	Feature usage, session duration, screen views	Understanding how the app is used to improve it	Future
Advertising data	Ad interaction, device advertising ID	Serving relevant ads (if a free ad-supported tier is introduced)	Future

Future features: If we introduce analytics or advertising, we will update this policy, notify you in the app, and (where required by law) ask for your consent before collecting any new data types.

03 How We Use Your Data

We use the data we collect to:

Create and maintain your account
Sync your tasks and lists in real time across your devices
Enable list sharing and collaboration with people you invite
Send invitation emails on your behalf when you add a collaborator
Import your Google Calendar events as read-only tasks (only if you connect your calendar)
Diagnose crashes and fix bugs
Comply with legal obligations
Improve the app based on aggregated, anonymised usage patterns (future)
Generate AI insights via TaskAI: When you use the TaskAI feature, your task titles, due dates, list names, and calendar event names are sent to Google's Gemini API to produce a personalised briefing. This data is processed transiently — neither we nor Google store it after the response is returned. The generated insight is cached locally on your device only.
Send push notifications (if enabled): The app delivers two types of push notifications: (a) real-time alerts when a collaborator adds, completes, or edits a task on a shared list you belong to; and (b) a daily due-date reminder summarising tasks due today or tomorrow. Due-date reminders are sent once per day at approximately 8 AM Central US Time (America/Chicago), regardless of your local timezone or timezone preference. This delivery time is a current technical limitation that will be improved in a future update. You can enable, disable, or mute all notifications at any time in Settings → Notifications. Your device push token is stored in your account to route notifications to your device.

We do not sell your personal data. We do not use your task content to train machine learning models.

04 Google Calendar Access

Connecting Google Calendar is entirely optional. If you choose to connect it, Task Easy requests the following OAuth scope:

Read-only access to your Google Calendar events (calendar.readonly)

We use this access to display your calendar events alongside your tasks and to power the following automated features:

Event display: Calendar events are imported as read-only tasks in your "My Calendar" list
Event Checklists: If you create a checklist linked to a calendar event, the app automatically marks all uncompleted checklist tasks as complete once the event's date has passed
Orphan cleanup: If a calendar event is deleted from Google Calendar, any Event Checklist list you created for that event is automatically deleted from Task Easy (including its tasks)

We never:

Create, modify, or delete events in your Google Calendar
Store your raw calendar data on our servers beyond what is needed to display events and power the features above
Share your calendar data with third parties

You can disconnect Google Calendar at any time from the Settings screen. Disconnecting immediately revokes our access and removes imported calendar events from your task view.

Our use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements.

05 Collaboration Features

When you share a list with another person:

You provide their email address, which we use solely to send an invitation and link their account to the shared list
The collaborator can see the list name, tasks, and the display names/avatars of other collaborators
Collaborators cannot see your other private lists or account details beyond your display name and profile photo
You (as the list owner) can remove a collaborator at any time

Invitation emails are sent via EmailJS, a third-party email delivery service. Only the recipient's email address and the list name are included in these emails.

06 Analytics & Advertising

Task Easy does not currently use analytics or advertising SDKs. We may introduce these in the future to support the free tier of the app.

If and when we do:

We will update this Privacy Policy and notify you in the app before the change takes effect
Users in the EU/EEA and UK will be presented with a consent mechanism (cookie/tracking consent) before any analytics or advertising data is collected, in compliance with GDPR and the ePrivacy Directive
Users in California will be provided with a "Do Not Sell or Share My Personal Information" option in compliance with CCPA/CPRA
You will always have the option to opt out of non-essential data collection

07 Data Sharing & Third Parties

We use the following third-party services to operate the app. Each acts as a data processor on our behalf and is bound by appropriate data processing agreements.

Service	Provider	Purpose	Data shared
Firebase Auth	Google LLC	User authentication	Email, display name, UID
Cloud Firestore	Google LLC	Real-time database	Tasks, lists, user profile
Firebase Hosting	Google LLC	Web app hosting	IP address (logs)
Google Calendar API	Google LLC	Calendar event import	OAuth token (if connected)
Google Gemini API	Google LLC	TaskAI feature — AI-generated insights	Task titles, list names, due dates (transient; not stored)
Firebase Cloud Messaging	Google LLC	Push notifications	FCM device token, notification title and body
EmailJS	EmailJS Ltd	Collaboration invitation emails	Recipient email, list name
Expo / EAS	Expo Inc	Mobile app builds & updates	App bundle (no user data)

We do not share your personal data with any other third parties except where required by law (e.g. in response to a valid legal request from a government authority).

08 Data Retention

Active accounts: We retain your data for as long as your account exists
Deleted tasks: When you permanently delete a task (active, completed, or snoozed), it is immediately and permanently removed from our servers. This action cannot be undone.
Completed tasks: Completed tasks are shown in your list for 30 days after completion. After 30 days they are automatically moved to your personal archive. Archived tasks are retained for the lifetime of your account and can be accessed from the task list at any time. You may also permanently delete individual archived tasks or your entire history at any time from the History view.
Deleted accounts: When you delete your account, all your data (tasks, lists, profile, calendar connections) is permanently deleted within 30 days
Shared lists: If you are a collaborator on someone else's list, only your association with that list is removed — the list owner's data is unaffected
Event Checklist lists: If a linked Google Calendar event is deleted, the associated Event Checklist list and its tasks are automatically deleted immediately
TaskAI insights: AI-generated briefings are cached locally on your device only and are not stored on our servers. The cache is cleared when you delete the app. You can refresh the insight at any time using the Refresh button in TaskAI.
Offline cache: Task Easy stores a local copy of your lists and tasks on your device to enable offline use. This cache is managed by the Firebase SDK and is stored in your device's protected app storage (IndexedDB on web, SQLite on mobile). The local cache is cleared when you sign out or delete the app. While offline, you can view, add, and manage tasks and lists; changes are queued locally and automatically synced to our servers when connectivity is restored. Features that require a live server connection — including inviting collaborators, accepting invitations, Google Calendar sync, and AI briefings — are not available offline and will resume normally once you reconnect.
Backups: Residual data may persist in encrypted backups for up to 90 days after deletion

09 Security

We implement industry-standard security measures to protect your data:

All data is transmitted over TLS (HTTPS)
Firebase Firestore security rules prevent other users from reading or writing your data. They do not restrict the service operator's administrative access, which is disclosed in Section 10
OAuth tokens for Google Calendar are stored only on your device using secure, encrypted storage — they are never stored in our database
Firebase Authentication manages all passwords; we never store passwords in plain text

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us responsibly at the address below before disclosing it publicly.

10 Service Operator Access

Task Easy is operated by AgenticShankar. As the service operator, we have administrative access to data stored in our database through the Firebase infrastructure console — including task titles, list names, account information, and usage statistics. This is standard for all cloud-hosted services: the provider that manages the infrastructure can access data stored on it, independent of end-user security rules.

What encryption actually protects: Data is encrypted at rest on Firebase's servers (protects against physical hardware theft or unauthorised server access by third parties) and encrypted in transit over TLS (protects against network interception). Encryption at rest does not restrict access by the service operator, because we hold the encryption keys as part of operating the service. Firebase (Google LLC), as our infrastructure provider, also has infrastructure-level access governed by their own Privacy Policy and internal access controls.

When we access your data: We may access your data to diagnose and fix a bug or issue you have reported, to investigate suspected abuse, fraud, or a security incident, or when required by law or a valid legal order. We do not browse user data for commercial purposes, personal curiosity, or any purpose beyond operating and securing the service.

The admin dashboard: The app includes an administrator view accessible only to authorised personnel (currently limited to the developer). Through this view, admins can see: account information, list and task metadata, task titles, usage statistics, and AI credit usage. Task note content and calendar event details are not surfaced in the admin view. This access is used exclusively for customer support and product improvement.

We will never:

Access your task content for any purpose other than support or legal compliance
Share individual user data with third parties beyond what is described in Section 07
Use your task content to train machine learning models

Use the Export feature (Settings → Privacy & Data) at any time to see exactly what data we hold about you, or delete your account to permanently remove all your data.

11 Your Rights

Depending on your location, you may have the following rights over your personal data:

👁️

Access

Request a copy of the data we hold about you.

✏️

Correction

Ask us to correct inaccurate or incomplete data.

🗑️

Erasure

Delete your account and all associated data from the Settings screen.

📦

Portability

Request an export of your data in a machine-readable format.

🚫

Objection

Object to processing based on legitimate interests.

⏸️

Restriction

Request we restrict processing of your data in certain circumstances.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of its sale or sharing. We do not sell personal information. To exercise your rights, contact us using the details below.

EU/EEA/UK residents (GDPR/UK GDPR): You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

12 Children's Privacy

Task Easy is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes we will:

Update the "Effective date" at the top of this page
Display a notice in the app
Where required by law, ask for your consent before the changes take effect

Continued use of the app after changes are posted constitutes your acceptance of the updated policy.

Contact Us

Questions, data requests, or privacy concerns? We're here to help.

support@taskeasyapp.com

Task Easy · Response within 30 days