GDPR Information

Last updated: 15 October 2025

Controller

Controller: Taskiflow
Email: info@taskiflow.com

Purposes and lawful basis

• Waitlist emails and product updates consent (Art. 6(1)(a)).
• Abuse prevention and service reliability legitimate interests (Art. 6(1)(f)).

Data processed

• Email (required), company, role.
• Hashed IP (SHA-256 + salt) and user agent.

Retention

• Active subscribers: until you withdraw consent.
• Inactive/pending: purged after 30 days.
• Backups: limited processor retention, then purge.

Processors and location

• Supabase: database hosting (EU region selected).
• Resend: email delivery (uses your verified sending domain).

DPAs are in place. SCCs apply if any third-country transfer occurs.

Your rights

• Access, rectification, erasure, restriction, portability, objection.
• Withdraw consent at any time without affecting prior processing.
• Complain to your local Data Protection Authority.

How to exercise rights

• Unsubscribe: link in emails or the footer form, or POST /api/waitlist/unsubscribe.
• Erasure: “Delete my data” in the footer or POST /api/waitlist/delete.
• Other requests: email privacy@[your-domain].

Security

• TLS and HSTS in transit.
• Least-privilege service keys; RLS for public access paths.
• Salted hashing for IP; no tracking pixels by default.

Children

Not intended for users under 16.

Changes

We update this page when practices change. We version consent text and will ask for renewed consent if required.