Privacy Policy

Introduction

Welcome to TaskLab! We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how TaskLab (“TaskLab,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you use our website and services. It also outlines our legal bases for processing data, your rights under privacy laws (such as the GDPR), and how we comply with international data protection regulations. By using TaskLab’s services, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree with these practices, please discontinue use of our platform.

Information We Collect

We collect information to provide and improve our Software-as-a-Service (SaaS) platform, which involves tracking website usage and automation logs. The types of information we collect include:

Personal Information: Information you provide when creating an account or subscribing to TaskLab. This may include your name, email address, and contact details. Account creation and subscription management are handled via Stripe, so TaskLab does not collect or store your payment card details, as those are processed by Stripe (see Third-Party Services – Stripe below)

If you contact us for support, we will collect any information you choose to provide in your inquiry (such as your name or problem description). (Note: Financial transactions are securely handled by Stripe; TaskLab itself never sees your full credit card number.)

Usage Data and Automation Logs: Information automatically collected when you interact with our website or use our automation features. This includes technical data like your IP address, browser type, device type, operating system, and timestamps of your visits

We also collect data on how you use our service – for example, pages viewed, features clicked, workflows executed, and other behavioral information. TaskLab uses this website usage data and automation logs to monitor system performance, track user interactions, and diagnose technical issues. This data helps us understand usage patterns and improve the user experience. Importantly, automation logs (records of automated tasks run through our platform) may include metadata about the actions performed but do not intentionally capture the content of your external data unless necessary for the automation’s function.

Cookies and Tracking Technologies: TaskLab does not use any first-party cookies for its own operations. However, third-party services that we integrate (such as analytics tools) may use cookies or similar tracking technologies on our site

These third-party cookies (set by services like Microsoft Clarity or Google Analytics) help capture information about how you access and use our website (e.g., session identifiers, user preferences, and interaction data). We do not control third-party cookies, but you will have the ability to manage cookie preferences as described in the Your Rights section below. Aside from cookies used by the third-party tools described, TaskLab’s site does not set any additional cookies on your browser.

How We Use Your Information

We use the collected information for the following purposes, in accordance with applicable laws:

To Provide and Maintain the Service: We use personal information to create and manage user accounts, to provide the features of our platform, and to manage subscriptions. For example, we process your account details to authenticate you and allow access to TaskLab, and we use Stripe to handle subscription billing securely.

To Process Transactions: Though TaskLab does not process payments directly, we use the information necessary to work with our payment processor (Stripe) to activate your paid subscription or free trial. We ensure that any payment-related data is transmitted securely to Stripe and not retained on our servers.

To Improve and Personalise the Service: We analyse usage data and automation logs to understand how our users interact with TaskLab.

This helps us troubleshoot issues, optimise our website’s design and features, develop new functionalities, and tailor the user experience. For instance, we might use aggregated analytics to determine which features are most popular or detect areas of the interface that need improvement.

To Communicate with You: We may use your contact information to send important administrative or account-related messages, such as service updates, billing notices, security alerts, or support responses. With your consent (where required), we may also send newsletters or promotional communications about new features or offerings. You can opt out of marketing emails at any time.

To Ensure Security and Prevent Fraud: Information (including IP addresses and logs) is used to protect our platform, our users, and our business against security threats, fraud, abuse, or illegal activities.

For example, we may monitor login activity and automation logs to detect suspicious behavior and ensure compliance with our terms of service.

To Comply with Legal Obligations: In certain cases, we must process and retain some information to fulfill our legal and regulatory obligations. This may include maintaining transaction records for financial reporting, or disclosing data as required by law, court order, or government regulations (for example, responding to lawful requests by public authorities).

We will not use your personal data for purposes that are incompatible with those above without obtaining your consent or unless required or permitted by law.

Legal Bases for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA) or United Kingdom, we only process your personal data when we have a valid legal basis under the General Data Protection Regulation (GDPR) or UK GDPR. The legal bases we rely on include:

Contractual Necessity: We process personal data that is necessary to perform our contract with you. This applies when we provide you with the TaskLab service that you have requested – for example, when handling account registration, providing core platform functionality, and managing subscription payments (Art. 6(1)(b) GDPR). We cannot provide the service without this information.

Legitimate Interests: We process certain data as needed for our legitimate business interests, provided that those interests are not overridden by your data protection rights.

This includes using data to improve and secure our service, understand how it is used, and prevent fraud. For instance, analysing usage trends and ensuring the security of our platform are activities pursued under legitimate interest (Art. 6(1)(f) GDPR). When relying on this basis, we consider and balance any potential impact on your rights. You have the right to object to processing based on our legitimate interests (see Your Rights below).

Legal Obligation: We will process personal data if necessary for us to comply with a legal obligation (Art. 6(1)(c) GDPR). For example, retaining certain transaction records for tax and accounting purposes, or disclosing information when compelled by law enforcement, falls under this basis.

Consent: In cases where we ask for your consent, we will process your data on the basis of that consent (Art. 6(1)(a) GDPR). For instance, if we send you marketing emails, we do so with your explicit consent (e.g., through an opt-in).

Similarly, if required by law, we will obtain your consent for the use of any non-essential cookies or similar tracking technologies. You have the right to withdraw consent at any time (with effect going forward), which will stop the processing of data that was based on consent. Withdrawing consent will not affect the lawfulness of processing done prior to withdrawal.

If we ever need to process your personal data for a purpose that requires a different legal basis, we will inform you of that basis at the relevant time and obtain your consent if required.

Third-Party Services

TaskLab relies on a few trusted third-party services to operate our platform and analyse usage. We only share information with these service providers to the extent necessary for them to perform their functions, and each provider is bound by appropriate confidentiality and data protection obligations. The main third-party services we use are:

Microsoft Clarity: We use Microsoft Clarity, a user behavior analytics tool, to understand how visitors interact with our website. Clarity provides features like heatmaps, session replays, and other behavioral metrics that help us improve our services and user interface

Through Clarity, we capture data on clicks, scrolling, and usage patterns. Website usage data is collected via cookies and similar technologies by Clarity in order to gauge page popularity and user behavior on our site.

This information helps with site optimisation, improving our product, and detecting anomalies (e.g., for debugging or fraud prevention). The data captured may include anonymised user IDs, device information, and interaction data, but we do not receive any personally identifying information like your name or account credentials through Clarity. For more details on data handling by Clarity and Microsoft, please refer to the [Microsoft Privacy Statement]

(Microsoft may process data in accordance with its own privacy policies).

Google Analytics: We utilise Google Analytics, a web analytics service provided by Google LLC, to collect information about how users use the TaskLab website.

Google Analytics uses cookies and similar tracking technologies to gather data such as your IP address, browser type, device identifiers, and on-site activities (e.g., pages visited, time spent on pages).

This data is transmitted to Google and aggregated to help us analyse website traffic and usage trends. We use the insights from Google Analytics to improve our website’s functionality and content and to better understand user needs. We do not send Google any directly identifying personal information (and we have configured Google Analytics to anonymize IP addresses, where available). Google may combine data collected through our site with information from your Google accounts (if you have consented to such association for ads personalisation) to provide aggregated, anonymised insights on cross-device usage.

You can learn more about how Google collects and processes data in Google’s [Privacy Policy]

If you wish, you can opt out of Google Analytics tracking by using the official Google Analytics Opt-out Browser Add-on or through your browser’s privacy settings (see Your Rights below).

AWS CloudWatch: We use Amazon Web Services (AWS) CloudWatch for application monitoring and log management. CloudWatch automatically collects and stores server logs and performance metrics from our TaskLab platform. These logs may include information such as IP addresses, timestamps of actions, error messages, and other technical data when you use our service

We use this service to ensure our infrastructure is running smoothly and to identify and fix technical issues in real-time. The data in CloudWatch logs is accessible only to authorised personnel and is used strictly for operational and security purposes. Note that all log data stored in CloudWatch is encrypted at rest using strong encryption standards (docs.aws.amazon.com), and data transmitted to/from AWS is protected via TLS encryption in transit. AWS acts as a data processor for us and does not use log data except as necessary to provide its cloud services (per AWS’s security and privacy terms). AWS may process and store these logs on servers located in the United States or other countries where Amazon or its subcontractors operate data centers (see International Data Transfers below for how we protect such transfers).

Stripe: We use Stripe as our payment and subscription management provider. When you sign up for a paid TaskLab plan or manage your subscription, you will be interacting with Stripe’s secure payment interface. TaskLab itself does not process, receive, or store your full credit card numbers or bank account information; that information is sent directly to Stripe. Stripe may collect personal data necessary to process payments, such as your name, billing address, and payment method details, under the security and privacy safeguards of their platform. All financial data is processed by Stripe in compliance with PCI-DSS (Payment Card Industry Data Security Standards), and we rely on Stripe to handle the sensitive payment information.

We may receive from Stripe a confirmation of your payment and basic subscriber information (e.g., a Stripe customer ID, subscription status, last four digits of your card, etc.) to know that payment was successful and to activate or manage your account. This information is used only for subscription management and record-keeping. For more details on how Stripe handles personal data, please refer to [Stripe’s Privacy Policy]

Each of these third-party services is carefully vetted. We have data processing agreements in place where appropriate, and we ensure that each provider implements adequate data protection measures. We do not allow these third parties to use the personal data we share for any purpose other than delivering their services to us.

Data Retention

TaskLab retains personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

The retention period can vary depending on the type of data and the context of its collection:

Account Information: If you have an account with TaskLab, we retain your personal information for as long as your account is active or as needed to provide you with our services. If you delete your account or your subscription expires, we will delete or anonymise your personal data associated with the account after a reasonable period, except for any data we are required to keep for legal compliance or legitimate business purposes. For example, we may retain invoicing records or communications to comply with financial regulations or dispute resolution requirements.

Automation Logs and Usage Data: Logs and analytics data are retained for a period necessary to monitor and improve the service, and then either deleted or aggregated. We generally keep detailed automation logs and server logs for a limited duration (e.g., a few months) unless a longer retention is required for security investigations or legal purposes. Aggregated usage statistics (which no longer identify any individual) may be retained longer for historical analysis.

Data collected through Microsoft Clarity and Google Analytics is subject to those services’ retention settings; for instance, Microsoft Clarity session replay data is typically retained for about 30 days and heatmap data for up to 13 months before automatic deletion.

We configure Google Analytics to retain user-level data for a reasonable period (e.g., 14 months) and then automatically delete it, in line with Google’s policies.

Correspondence and Support Data: If you contact us (e.g., via email or support tickets), we may retain those communications and our responses for a period necessary to address your issue and improve our customer service. Unless needed for ongoing support, legal, or compliance reasons, support correspondence is generally purged after it is resolved and after any required retention period has passed.

Legal Retention Requirements: In certain cases we must retain data for a specific duration under law – for example, financial transaction records may be kept for a number of years as required by tax laws or accounting rules. During such retention, your data will continue to be protected in accordance with this Privacy Policy.

After the applicable retention period has ended, and if the data is no longer needed, we will either securely erase your personal information or anonymise it so that it can no longer be associated with you. If complete deletion is not immediately feasible (for instance, because the data is stored in backup archives), we will ensure that your data is isolated and secured until deletion is possible.

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. In particular, users in the European Union, United Kingdom, and other regions with comprehensive data protection laws (such as GDPR) have the following rights:

Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to obtain a copy of the personal data we hold about you.

This allows you to know and review the information we have collected about you.

Right to Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data we hold about you.

We encourage you to keep your account information up-to-date, and we will promptly make corrections upon your request.

Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances (the “right to be forgotten”).

If you no longer want us to have your information, you can request that we erase it, provided we do not have a legal obligation or overriding legitimate interest to retain it. When your data is deleted, we will also inform any third-party processors to delete the data, where applicable.

Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations – for example, while we are verifying the accuracy of your data or if you want us to preserve data for legal claims but not otherwise process it. When processing is restricted, we will still store your data but not use it further without your consent or unless required by law.

Right to Data Portability: You have the right to obtain your personal data that you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another service provider where technically feasible

This right applies when the processing is based on your consent or on a contract and is carried out by automated means.

Right to Object: You have the right to object to our processing of your personal data in certain circumstances. In particular, you can object at any time to processing of your data for direct marketing purposes, and we will stop using your data for that purpose.

You can also object when the processing is based on our legitimate interests (or those of a third party) and you feel it impacts your fundamental rights and freedoms. In such cases, we will consider your objection and stop processing the data unless we have a compelling legitimate ground or a legal necessity to continue.

Right to Withdraw Consent: If we rely on your consent to process any personal data, you have the right to withdraw that consent at any time.

This will not affect the lawfulness of processing based on consent before its withdrawal. For example, you can opt out of marketing emails by withdrawing your consent to receive them (via the “unsubscribe” link or contacting us directly). If you withdraw consent for a service that requires it, we will let you know if we can continue to provide the service in a limited way or not at all.

Additional Rights (for certain jurisdictions): Some regions may grant additional rights. For example, under GDPR you have the right not to be subject to a decision based solely on automated processing (including profiling) that significantly affects you, unless it is necessary for a contract, authorised by law, or based on your explicit consent. TaskLab does not engage in any purely automated decision-making with legal or similarly significant effects on individuals.

Under the California Consumer Privacy Act (CCPA), California residents have rights to know, delete, and opt-out of the “sale” of personal information, and to non-discrimination; while TaskLab does not sell personal data, California users can still contact us to exercise access and deletion rights. We strive to honour applicable rights across different jurisdictions.

Exercising Your Rights: You may exercise any of your applicable privacy rights by contacting us (see Contact Information below). For certain requests, we might need you to verify your identity (for example, by confirming control of your email address or providing additional information) to ensure that we do not disclose data to the wrong person. We will respond to your request within the timeframe required by law (generally within 30 days for GDPR requests, with the possibility of an extension if necessary).

We will notify you if we need additional information from you or if your request is subject to any exceptions (for example, we might not delete data that we are required to keep by law, but we would inform you of that in our response). We will not charge a fee for fulfilling legitimate requests, unless the request is excessive, repetitive, or manifestly unfounded – in which case we may charge a reasonable fee or refuse to act on the request (as permitted by law). We will inform you of any such fee or refusal and the reasons for it.

Finally, if you believe that our handling of your personal data violates any applicable law, you have the right to lodge a complaint with a supervisory data protection authority. For example, if you are in the European Union, you can contact the data protection authority in the country where you live or work, or where the alleged infringement occurred.

We would, however, appreciate the chance to address your concerns before you approach a regulator, so please feel free to reach out to us first.

Data Security

We take data security very seriously at TaskLab. We implement industry-standard technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction.

These measures include:

Encryption: All communications between your browser and our website are protected using TLS (Transport Layer Security) encryption. This means that data transmitted to TaskLab is encrypted in transit, preventing eavesdropping. Additionally, any sensitive data we handle is stored encrypted at rest whenever possible. For example, log data and other information stored with AWS CloudWatch are encrypted using strong encryption algorithms on AWS servers.

Access Controls: We limit access to personal data strictly to personnel and service providers who need it to perform their duties. Our team members are bound by confidentiality obligations. We employ access controls such as authentication, role-based permissions, and, where appropriate, multi-factor authentication to prevent unauthorised access to systems that contain your data.

Vulnerability Management: We keep our software and infrastructure updated with the latest security patches. Regular security assessments, code reviews, and monitoring of our systems are performed to detect and address potential vulnerabilities or intrusions. We also utilize AWS’s security features and monitoring tools to get alerts of any unusual activity.

Organisational Policies: Our internal policies guide the proper handling of user data. We provide training to our staff on privacy and data protection practices. We also ensure that any third-party processors we use (such as those mentioned in Third-Party Services) have robust security measures in place and comply with relevant security standards.

Data Backups: We perform regular backups of critical data to prevent data loss. Backups are encrypted and stored securely. If a data incident occurs, we have disaster recovery and incident response plans to restore functionality and minimise impact.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continuously review and enhance our security practices to meet or exceed industry best practices. In the unfortunate event of a data breach that poses a significant risk to your rights and freedoms, we will notify you and the appropriate authorities as required by law.

International Data Transfers

TaskLab is a global service. The data we collect from you may be transferred to, and stored on, servers located in countries other than your own. In particular, our own servers and third-party service providers are often based in the United States and other countries outside the European Economic Area (EEA).

For example, when we use Microsoft Clarity or Google Analytics, data may be processed on Microsoft or Google servers in the U.S.; our payment processor Stripe and infrastructure provider AWS are also U.S.-based companies. This means that your personal information could be transferred to or accessed from jurisdictions that may not provide the same level of data protection as your home country. However, when we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

These safeguards include:

Standard Contractual Clauses: For transfers of personal data from the EEA, UK or Switzerland to countries that the European Commission (or other relevant authority) has not deemed to have an “adequate” level of data protection, we implement Standard Contractual Clauses (SCCs). SCCs are contractual commitments between parties transferring data, approved by the European Commission, that obligate the recipient to protect personal data to EU privacy standards. We have entered into SCCs (or equivalent transfer mechanisms) with our service providers (like Microsoft, Google, and Stripe) as required.

Data Privacy Framework or Other Certifications: Where applicable, we may rely on certified compliance frameworks. For example, as of 2025, U.S. companies can self-certify under the EU-U.S. Data Privacy Framework (DPF) to legitimise transfers of personal data from the EU to the U.S. If our relevant third parties (or TaskLab itself) participate in such frameworks or any successor arrangement recognized by regulators, we will rely on those as appropriate.
(We note that companies like Microsoft, Google, and Stripe have stated their commitment to comply with EU data transfer requirements and may be certified under these frameworks or have Binding Corporate Rules in place.)

Other Lawful Grounds: In the absence of an adequacy decision or other transfer mechanism, we may seek your explicit consent for the cross-border transfer, or transfer as necessary to perform a contract with you (for example, if you are using TaskLab from outside the U.S., we have to send your data to the U.S. to provide the service). We will only rely on these secondary measures in compliance with GDPR and other applicable laws.

You can request more information about the safeguards we have in place for international data transfers (or obtain a copy of the contractual agreements in place, subject to confidentiality) by contacting us. Despite different laws, we will always protect your personal data as described in this Privacy Policy, no matter where it is processed. We continuously monitor developments in international data transfer law and will adjust our practices as needed to maintain compliant transfers.

Children’s Privacy

Our service is not intended for children under the age of 13, and we do not knowingly collect personal information from anyone under 13 years old.

If you are under 13 (or under the applicable age of consent in your jurisdiction, which may be 16 in some regions under GDPR), please do not use TaskLab or provide any personal data to us. We do not knowingly allow children under these ages to register or use the service, and we do not target TaskLab to children. If we become aware that we have inadvertently collected personal information from a child under 13 (or under the relevant minimum age), we will take immediate steps to delete such information from our records.

If you are a parent or guardian and you believe that your child under the stated age has provided us with personal information, please contact us as soon as possible so that we can investigate and address the issue promptly

We may ask for proof of guardianship before honouring any requests regarding a minor’s information.

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

If we make changes, we will post the updated policy on this page with a new “Effective Date” at the top. Material changes will be communicated via additional means, such as by email notification to account holders or a prominent notice on our website, so that you are aware of them.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of TaskLab after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law.

If you do not agree with any updates or modifications, you should stop using the service and, if you are an account holder, you may delete your account or contact us for further assistance.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will address your inquiries as promptly as possible.

Contact Us at: privacy@tasklab.com.au (for privacy-related inquiries)
Or support@tasklab.com.au (for general support) 

Data Protection Officer (DPO): If we have appointed a DPO or an EU/UK Representative as required by law, you may contact them at the above email or address (Attn: Data Protection Officer). (At present, TaskLab is not required to appoint a DPO under GDPR, but we nevertheless provide the above contact for all privacy inquiries.)

We value your privacy and trust. Thank you for reading our Privacy Policy.