TaskCheckin – Privacy Policy
Last updated: October 2025
TaskCheckin – Privacy Policy
This Privacy Policy explains how TaskCheckin, Inc. ("TaskCheckin," "we," "our," or "us") collects, uses, shares, and protects your information when you use our website, mobile applications, and related services (the “Service”). It is designed to align with and complement our Terms & Conditions (including the integrated SMS Consent & Communication Policy). If any term is undefined here, it has the meaning given in the Terms.
By creating an account or using the Service, you acknowledge this Privacy Policy.
1) Scope and Who We Are
This Policy applies to personal information we process in connection with the Service. We do not sell personal information and we do not use your identifiable User Generated Content (UGC) to train AI models deployed for other users.
Service Roles. For consumer users, TaskCheckin acts as:
- Controller for account, billing, fraud prevention, observability, and compliance records; and
- Processor for your UGC (projects, tasks, notes, and coach summaries) to provide the Service as instructed by you.
A Data Processing Addendum (DPA) is available for qualified business customers.
2) Data We Collect
We collect data necessary to deliver the Service, meet legal requirements (including TCPA), and improve reliability.
2.1 Identity & Contact (PII)
- Phone number (primary identifier and sensitive PII)
- Email (optional for communications/recovery)
- Timezone (for scheduling SMS nudges and in-app reminders)
Why we collect it: account creation and OTP verification; TCPA-compliant SMS consent and delivery; time-aware scheduling; support.
2.2 Subscription & Financial
- Plan state (Free/Pro), billing cycle, Stripe customer/payment identifiers (we do not store full card numbers)
Why: subscription management, plan enforcement, payment processing, fraud prevention, and financial audit.
2.3 User Generated Content (UGC)
- Projects, tasks, notes (titles, descriptions, due dates, priority, status)
- Coach chat summaries and AI action results (we store concise summaries, not full transcripts)
- Inbound SMS content (stored only as context notes for the Coach; never used to mutate data)
Why: operate the core to‑do experience; allow the Coach to provide relevant, contextual guidance while changes are validated and applied server‑side.
2.4 Technical & Observability
- AppLogs (events, errors, authentication outcomes)
- SmsEvents (outbound IDs, delivery status, provider responses)
- AppMetrics (aggregate usage, job success/fail rates)
- Device, OS, IP address (for security and debugging)
Why: security, reliability, performance insight, abuse prevention.
3) How We Use Data & Legal Bases
We only process personal information when we have a valid legal basis. Examples include:
| Legal Basis | Purpose | Examples of Data Used |
|---|---|---|
| Contractual Necessity | Provide the Service, authenticate access, operate to‑dos and scheduling, process billing | Phone number (OTP), timezone, UGC, Stripe IDs |
| Consent | Send automated SMS nudges; use your UGC as context for the AI Coach; store inbound SMS as notes | Phone number, UGC, inbound SMS |
| Legitimate Interests | Security, logging, fraud prevention, diagnostics, service improvement using aggregated/anonymous metrics | AppLogs, AppMetrics, device/IP |
| Legal Obligation | TCPA consent audit, financial recordkeeping, regulatory responses | Consent logs, SmsEvents, billing records |
Where required, we will seek consent and you may withdraw it at any time without affecting prior lawful processing (e.g., text STOP to halt SMS).
4) AI & SMS: How We Handle Your Data
4.1 AI Coach Context Only (No Training on Your UGC)
We send minimal, relevant context to our AI gateway solely to fulfill your current request. We do not use identifiable UGC (task titles, notes, chat content) to train, refine, or improve internal or third‑party models deployed for other users. We apply PII minimization/redaction before transmission wherever feasible.
4.2 Inbound SMS Stored as Context, Not Commands
Replies to our SMS nudges are not executed as commands and never change tasks or account state. We store inbound SMS content strictly as contextual notes for your in‑app experience and Coach.
4.3 Quiet Hours & Frequency
We send exactly two (2) automated, non‑marketing SMS messages per day and honor Quiet Hours (no sends between 9:00 PM and 8:00 AM local time). Standard carrier rates may apply.
5) Sharing with Essential Subprocessors
We share limited data with essential service providers that enable core features. We remain responsible for their privacy commitments via contract.
| Subprocessor | Purpose | Data Shared | Notes |
|---|---|---|---|
| Twilio | SMS delivery and status | Phone number; outbound reminder content; delivery status codes | A2P messaging; TCPA audit support |
| Stripe | Payments and subscription state | Financial identifiers; plan status; billing events | Handles sensitive payment data; we don’t store full card numbers |
| OpenRouter | Access to AI models for Coach responses | Prompt text, function‑calling schemas, contextual task summaries (PII minimized) | Gateway only; we do not authorize training on your identifiable UGC |
We may disclose data if required by law, legal process, or to enforce our Agreements.
6) Data Security
We protect data with measures that include TLS encryption in transit, role‑based access controls, least‑privilege practices, and monitoring. No system can be 100% secure; we maintain controls intended to reduce risk and detect anomalies.
7) Retention
- Account & UGC: kept while your account is active. Upon termination, you may export your data; we will delete or anonymize your UGC and PII upon written request.
- Operational Logs (AppLogs/AppMetrics): short rolling retention (e.g., 14–30 days) to maintain performance and control storage.
- TCPA Consent & SMS Audit (consent timestamps, language, opt‑in/opt‑out, SmsEvents): retained for the period required by law due to regulatory risk.
- Billing & Financial Records: retained for statutory audit periods.
If deletion is not immediately feasible (e.g., backups), we will securely isolate data until permanent deletion is possible.
8) Your Privacy Rights
Depending on your location, you may have rights including:
- Access – receive a copy of personal information we hold about you
- Correction – request updates to inaccurate or incomplete data
- Deletion – request erasure, subject to legal retention (e.g., TCPA and billing records)
- Portability – obtain a machine‑readable copy of certain data
- Opt‑Out of Sale/Sharing – we do not sell or share personal information for cross‑context behavioral advertising; you may still exercise this right where available
- Restrict/Withdraw Consent – e.g., STOP to cease SMS; you can also adjust settings in‑app
How to exercise: email privacy@taskcheckin.com with “Privacy Request,” or use any in‑product tools we provide. We will verify identity before acting on requests.
9) International Data Transfers
We primarily process data in the United States. Where data moves internationally, we implement appropriate safeguards (e.g., Standard Contractual Clauses (SCCs)) and supplementary measures as needed.
10) Children’s Privacy
The Service is intended for individuals 18+. We do not knowingly collect personal information from children. If we learn that a child’s data was collected, we will delete it promptly.
11) Changes to This Policy
We may update this Policy from time to time. We will update the “Last updated” date above and, where required, notify you of material changes (e.g., in‑product notice or email). Continued use after the effective date signifies acceptance.
12) Contact Us
TaskCheckin Privacy Office
Email: privacy@taskcheckin.com
For SMS‑related privacy questions, you may also contact sms@taskcheckin.com.