Legal

Privacy Policy

This Privacy Policy explains how Taskforce collects, uses, stores, and protects information across our hosted service, local tooling, APIs, and connector workflows.

Last updated: March 16, 2026

1. Scope of This Policy

This Privacy Policy applies to Taskforce websites, hosted applications, local runtime experiences that connect to Taskforce services, MCP integrations, OAuth connector flows, APIs, support interactions, and related operational systems.

It does not govern third-party services that you connect to Taskforce, except to the extent we receive or process data from those services on your behalf.

2. Information We Collect

Depending on how you use Taskforce, we may collect:

  • account and identity information such as name, email address, workspace affiliation, and role;
  • billing and subscription information needed to manage plans and payments;
  • workspace content such as tasks, comments, schedules, uploaded documents, prompts, and settings;
  • technical and usage data such as device information, IP address, browser data, and diagnostic logs;
  • API, MCP, and connector access data such as token metadata, granted scopes, authorization events, and audit logs.

3. How We Use Information

We use information to:

  • operate, maintain, secure, and improve Taskforce;
  • authenticate users and authorize workspace, API, MCP, and connector access;
  • provide billing, subscription, and account-management features;
  • detect abuse, enforce rate limits, investigate incidents, and maintain audit trails;
  • respond to support requests, legal obligations, and user rights requests.

4. MCP, API, and Connector Logging

Taskforce may log connector registration events, OAuth authorization grants, token issuance and revocation, requested scopes, workspace selections, and API or MCP access activity that is necessary for security, reliability, auditing, abuse prevention, and support.

We do not collect more connector or scope metadata than is reasonably necessary to operate and secure these integrations.

5. Third-Party AI Tools and Connected Services

If you connect Taskforce to third-party AI tools, models, automations, or external services, information you choose to send through those integrations may also be processed by those third parties under their own terms and privacy practices.

You are responsible for reviewing the permissions, data handling, and compliance posture of the external tools you choose to connect. Taskforce is not responsible for the privacy practices of third-party services that act outside our control.

6. Legal Bases and Canadian Privacy Context

Where applicable, Taskforce processes personal information to provide requested services, to manage contracts and subscriptions, to pursue legitimate operational and security interests, to comply with legal obligations, and with consent where consent is required.

Taskforce is based in Ontario, Canada and is designed with the principles of PIPEDA in mind, including accountability, limited collection, appropriate safeguards, openness, and access rights.

7. Data Retention

We retain information for as long as reasonably necessary to provide the service, maintain security and audit records, meet contractual and legal requirements, resolve disputes, and enforce our agreements.

Retention periods may vary by data type. Operational logs, connector and token audit events, billing records, and support records may be retained longer than routine application content where necessary for compliance, fraud prevention, or support continuity.

8. Data Sharing

We may share information with service providers and subprocessors that help us operate Taskforce, including hosting, payments, analytics, communications, logging, and support systems, subject to appropriate confidentiality and security obligations.

We may also disclose information if required by law, to protect rights or safety, to investigate misuse, or in connection with a merger, financing, acquisition, or other business transaction, subject to applicable law.

9. Security

Taskforce uses administrative, technical, and organizational safeguards intended to protect information against unauthorized access, loss, misuse, or disclosure. These safeguards may include access controls, token and session protections, audit logging, environment segregation, and security monitoring.

No system can guarantee absolute security, and you should also use strong credentials, least-privilege workspace controls, and prudent integration settings.

10. Your Rights and Choices

Subject to applicable law, you may request access to personal information we hold about you, request corrections, withdraw consent where processing is consent-based, or ask questions about our handling of your information.

Workspace administrators may also have access to certain account, audit, and integration information relevant to managing their organizations within Taskforce.

11. International Transfers

Taskforce and its service providers may process or store information in jurisdictions outside your province, territory, or country. Where this occurs, information may be subject to the laws of those jurisdictions.

12. Changes to This Policy and Contact

We may update this Privacy Policy from time to time to reflect changes in our service, legal requirements, or data practices. The latest version will be posted with an updated effective date.

Privacy inquiries and rights requests can be sent to privacy@taskforcehq.com. If that inbox is not yet active, contact support@taskforcehq.com and we will route the request appropriately.