askileTaskpile

Privacy policy

Last updated: 17 May 2026

Taskpile is operated by Refleksion · Planlægning · Handling (CVR-no. DK45818659), the data controller for the information collected when you use the service. We collect only what we need to run the product.

What we store

  • Email and display name from your account
  • The tasks, projects, notes, and tags you create
  • MCP tokens you generate (hashed — we never see the plain token after creation)
  • Payment data is handled by Paddle — we only store reference IDs
  • Technical usage data (IP address, browser, anonymous analytics events)

Why

To deliver the service, send relevant notifications, and improve the product. We do not sell your data and do not share it with third parties for marketing.

Legal basis

We process your personal data on the following GDPR bases:

  • Performance of a contract (Art. 6(1)(b)): delivering the service, account creation, billing.
  • Legitimate interest (Art. 6(1)(f)): security, fraud prevention, product improvement, anonymous analytics.
  • Consent (Art. 6(1)(a)): marketing emails and optional notifications — always revocable.
  • Legal obligation (Art. 6(1)(c)): accounting and tax law compliance.

Sub-processors

We use the following sub-processors to run Taskpile:

  • Lovable Cloud — application hosting and database
  • Paddle — payment processing and Merchant of Record
  • Cloudflare — edge delivery and DDoS protection
  • Lovable Cloud Emails — transactional email delivery (welcome, digests, billing notifications)

When you connect Taskpile to an AI assistant via MCP (Claude, ChatGPT, or others), that assistant accesses your task data on your behalf. We do not control what those services do with the data they receive — see the respective provider's privacy policy.

Retention

  • Account and profile data: while your account is active, plus 90 days after deletion.
  • Tasks, projects, notes: while your account is active. Deleted tasks are soft-deleted for 30 days, then purged.
  • Analytics events (anonymous): up to 24 months.
  • Billing records: up to 5 years (Danish accounting law).
  • Support correspondence: up to 24 months after last contact.

Security

  • TLS / HTTPS on all connections.
  • Encryption at rest of the database with our cloud provider.
  • Row-Level Security in the database — users can only access their own data.
  • Hashed passwords and secure session handling.
  • Personal access tokens stored as SHA-256 hashes — the plain token is shown to you once at creation and never again.
  • Continuous monitoring and dependency updates.

If we ever experience a breach posing a risk to your rights, we will notify the Danish Data Protection Authority within 72 hours and you without undue delay.

Your rights

Under GDPR you have the right of access, rectification, erasure, restriction, data portability, and objection. You can export or delete your data at any time by writing to inbox@taskpile.app. You also have the right to complain to the Danish Data Protection Authority (datatilsynet.dk).

Cookies

We use only first-party cookies strictly necessary to run the service (session cookies for authentication and a theme preference cookie). We do not set marketing or third-party tracking cookies.

Contact

Refleksion · Planlægning · Handling — CVR-no. DK45818659. Privacy questions: inbox@taskpile.app.