Privacy Policy

Version 1.4 · Last Updated: March 2026

Welcome to https://www.taskspot.app (a "Site"), hosted by The Virdi Co., LLC ("The Virdi Co.," "The Virdi Company," "Virdi Company," "we," "us," and/or "our"), a Massachusetts limited liability company. We provide a minimalistic, cloud-based to-do planner and task management platform. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with our services (collectively referred to as the "Platform").

At TaskSpot, we prioritize your privacy. Our platform adheres to GDPR standards and complies with Massachusetts data protection laws, including 201 CMR 17.00 and the Massachusetts Data Privacy Act. We are committed to respecting the privacy rights of all users, regardless of location.

This Privacy Policy outlines the types of data we collect, how we use your personal data, and the options available for you to access, update, or manage your information. By using TaskSpot, you consent to the collection and use of information in accordance with this policy.

Children's Privacy: TaskSpot is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

What Information Do We Collect?

Personal Data

When you sign up for TaskSpot, we collect your Name and Email Address. This information is necessary to create your account and provide you with access to our services.

Task Data: Information related to tasks you create on TaskSpot is stored in our database. This helps us provide task management features.

Cookies

Cookies are small text files stored in your browser’s memory to enhance your experience on our site. We use cookies to manage sessions and direct users to appropriate URLs. Third-party cookies may also be used for analytics and advertising purposes.

We may collaborate with third-party ad networks to display targeted ads based on anonymized information collected through cookies. You can disable cookies via your browser settings.

Opt-out/Erase Cookies

Payment Information

When you make payments through TaskSpot, we store only the transaction amount and product details. Payment processing is securely handled by PayPal and Stripe. We do not store your full credit card numbers or payment card details on our servers. All payment information is processed through our secure third-party payment processors in accordance with PCI DSS standards.

Automatically Collected Information

We automatically collect certain information when you use TaskSpot, including your IP address, browser type, device information, operating system, access times, and pages viewed. This information helps us improve our services and ensure security.

Third-Party Tools and Analytics

We utilize third-party tools for analytics, payment processing, bug reporting, and AI services. These include:

Anthropic: AI-powered task extraction via Claude API. Processes user-submitted text ephemerally. Privacy policy.
Neon: Cloud-hosted PostgreSQL database. Stores encrypted user and task data. Privacy policy.
SMTP2GO: Transactional email delivery (password resets, notifications). Privacy policy.
Google Analytics: Tracks website usage data. Learn more at Google's Privacy Policy.
Vercel Analytics: Collects non-personalized data on user visits. Details at Vercel Analytics.
Stripe: Manages secure payment processing. Visit Stripe.
Sentry: Used for tracking and resolving bugs. Learn more at Sentry.

How We Use Your Information

We use your information to provide and improve our services. Specific purposes include:

Creating and managing your TaskSpot account.
Providing task management features and functionality.
Optimizing website performance and features.
Fulfilling user requests and providing customer support.
Sending important updates, newsletters, and notifications (you may opt out at any time).
Processing payments securely.
Detecting and preventing fraud, abuse, or security issues.
Complying with legal obligations and protecting our rights.

We only collect and use personal information that is necessary for these purposes. We do not sell your personal information to third parties.

AI-Powered Features and Data Processing

TaskSpot offers optional AI-powered features available to paid subscribers. These features involve processing your data through third-party AI services.

AI Enhance (Paste to Import)

When you enable "AI Enhance" in the Paste to Import feature:

What is sent: Only the text you paste (up to 10,000 characters) and today's date. No other personal data (name, email, account info, existing tasks) is included.
Processing: Anthropic's Claude AI analyzes the text to extract structured tasks. This is ephemeral — your text is processed and the response returned. The original text is not stored by TaskSpot or retained by Anthropic.
What is stored: Only the resulting task data (titles, descriptions, priorities, dates), encrypted at rest using AES-256.
Model training: Anthropic does not use API-submitted data to train models. Your text is never used for AI training.

MCP Integration (AI Assistant Access)

When you connect AI assistants via API keys:

Assistants access only task data you authorize through your API key.
All content is encrypted in transit (TLS) and at rest (AES-256).
Revoke keys anytime from Settings > API Keys.

Opting out: Don't toggle AI Enhance and don't generate API keys. The free text parser runs entirely in your browser with no external API calls.

Data Sharing and Third Parties

We may share your information with third-party service providers who assist us in operating TaskSpot, conducting our business, or serving our users. These third parties are contractually obligated to protect your information and use it only for the purposes we specify. We share information with:

Payment Processors: Stripe and PayPal for secure payment processing.
Analytics Providers: Google Analytics and Vercel Analytics for understanding how users interact with our platform.
Error Tracking: Sentry for identifying and resolving technical issues.
Hosting Services: Cloud infrastructure providers necessary to operate TaskSpot.

We may also disclose your information if required by law, to protect our rights or property, or in connection with a business transfer (such as a merger or acquisition). We will notify you of any such transfer and provide you with choices regarding your information.

Your Rights and Choices

You have certain rights regarding your personal information, including:

Access: You can request access to the personal information we hold about you.
Correction: You can update or correct your personal information through your account settings or by contacting us.
Deletion: You can request deletion of your personal information, subject to certain legal and operational requirements.
Data Portability: You can request a copy of your data in a structured, machine-readable format.
Opt-Out: You can opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us.
Cookie Preferences: You can manage cookie preferences through your browser settings.

To exercise these rights, please contact us at support@taskspot.app. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing certain requests.

To opt out of cookies, refer to your browser settings:

Data Security

We implement and maintain a comprehensive Written Information Security Program (WISP) in compliance with Massachusetts law (201 CMR 17.00). Our security measures include:

Encryption: Data in transit is encrypted using TLS/SSL protocols. Task content (titles, descriptions) is encrypted at rest using AES-256 with per-field random initialization vectors. AI-processed text is transmitted over encrypted connections and is not persisted.
Access Controls: We limit access to personal information to authorized personnel who need it to perform their duties.
Regular Security Assessments: We conduct regular security audits and assessments to identify and address vulnerabilities.
Secure Infrastructure: We use industry-standard security practices and work with reputable hosting and service providers.
Employee Training: Our team is trained on data protection and security best practices.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining reasonable safeguards.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify affected Massachusetts residents and the Office of Consumer Affairs and Business Regulation (OCABR) within five business days of discovery, as required by Massachusetts law. We will also notify affected users via email or other appropriate means as required by applicable laws, including GDPR for European users.

Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

Account Information: Retained while your account is active and for a reasonable period after account closure to comply with legal obligations.
Task Data: Retained while your account is active. You can delete tasks at any time through the platform.
Payment Records: Retained as required by law (typically 7 years for tax and accounting purposes).
Analytics Data: Aggregated and anonymized data may be retained for longer periods for analytical purposes.
AI Processing Data: Text submitted to AI Enhance is processed ephemerally and not stored. Only resulting structured tasks are retained as part of your task data.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

Inactive Accounts: If your account is inactive for 11 consecutive months, we will send you an email notification. If no activity occurs within the following 30 days, your account will be deleted. After deletion, your data will be permanently removed within 30 days. Active paid subscriptions are exempt from this policy. You can prevent deletion at any time by logging into your account.

International Data Transfers

TaskSpot is operated from the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using TaskSpot, you consent to this transfer. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy, regardless of where it is processed.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know: Request details about personal information we collect.
Right to Delete: Request deletion of your personal information.
Right to Opt-Out of Sale: We do not sell your personal information.
Right to Non-Discrimination: We will not discriminate for exercising rights.

Contact support@taskspot.app. We respond within 45 days.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date, and we may also notify you via email or through the platform. Your continued use of TaskSpot after such changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@taskspot.app
Website: Contact Page

The Virdi Co., LLC
Massachusetts, United States

If you are located in the European Economic Area (EEA) and have concerns about our data practices, you also have the right to lodge a complaint with your local data protection authority.