Privacy Policy

a) Information You Provide

• Account registration data (name, email address, password)
• Profile information (optional: bio, avatar, preferences)
• Goal and task content you create
• Workspace settings and customizations
• Communications with our support team

b) AI/LLM Processing Data

• Goal statements and descriptions you submit for AI processing
• Task and milestone content analyzed by our AI features
• User feedback on AI suggestions
• Interaction history with AI-powered features

c) Automatically Collected Information

• Device and browser information
• IP address and general location data
• Usage patterns and feature interactions
• Performance and diagnostic data
• Session information and authentication logs

d) Cookies and Tracking Technologies

• Essential cookies (authentication, security)
• Analytics cookies (Google Analytics, Posthog)
• Preference cookies (theme selection, language)
• Session management cookies

e) Payment Information

• Billing details processed by Stripe (we don't store credit card numbers)
• Transaction history and invoice data
• Subscription status and payment method type

a) Service Provision

• Create and manage your account
• Deliver features and personalized experiences
• Enable goal and task management functionality
• Support workspace collaboration features

b) AI/LLM Processing

• Generate goal breakdowns and task suggestions
• Provide intelligent planning assistance
• Analyze goal progress and provide insights
• Improve AI model accuracy and relevance

c) Communication

• Send service updates and feature announcements
• Provide security alerts and account notifications
• Respond to support requests and provide assistance
• Send optional marketing communications (with your consent)

d) Security and Fraud Prevention

• Detect and prevent unauthorized access
• Monitor for abusive or malicious behavior
• Protect against spam and harmful activity
• Maintain system integrity and security

e) Analytics and Improvement

• Understand usage patterns and feature adoption
• Identify and resolve performance issues and bugs
• Develop new features based on user needs
• Optimize and enhance user experience

f) Legal Compliance

• Respond to legal requests and obligations
• Enforce our Terms of Service
• Protect our legal rights and property
• Comply with applicable regulatory requirements

a) Infrastructure Providers

• Supabase - Database, authentication, and real-time features
• Vercel - Web hosting and content delivery
• AWS/Cloud providers - Infrastructure and data storage

c) Payment Processors

• Stripe - Payment processing and subscription management
• Data sent: Billing information, transaction details
• Stripe maintains its own privacy policy and security practices

d) Analytics and Monitoring

• Google Analytics - Usage analytics (anonymized where possible)
• Posthog - Product analytics and feature usage tracking
• Sentry - Error monitoring and performance tracking

e) Communication Tools

• Email service providers for transactional and notification emails
• Support ticketing systems for customer assistance

f) Legal and Compliance

• Law enforcement (when legally required)
• Legal advisors (under confidentiality agreements)
• Regulatory authorities (for compliance purposes)
• Business transfers (merger, acquisition, or asset sale)

a) What Data We Send to AI Providers

When you use AI-powered features, we send your goal content, task descriptions, and related information to third-party AI providers (OpenAI, Anthropic) for processing. This includes:

• Goal statements and descriptions
• Task and milestone content
• User messages in AI chat features
• Context needed for relevant suggestions

b) How AI Providers Use Your Data

• OpenAI and Anthropic process your data to generate AI responses
• They may use data to improve their models (subject to their policies)
• We use enterprise API plans with enhanced data protection where available

Review provider privacy policies:

• OpenAI: https://openai.com/privacy
• Anthropic: https://www.anthropic.com/privacy

c) Your Control Over AI Processing

• AI features are optional - you can use Chask without them
• You can delete AI-generated content at any time
• Your account settings control which features use AI
• Contact us to opt out of AI processing entirely

d) Data Retention by AI Providers

• AI providers may temporarily retain data for processing purposes
• Retention periods vary by provider (typically 30 days or less)
• We use data processing agreements to limit retention
• Contact us for specific information about AI data handling practices

a) Security Measures

We implement industry-standard security practices to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Secure coding practices and code reviews
• Employee security training and background checks
• Multi-factor authentication for administrative access

b) Data Retention Periods

• Active account data: Retained while your account is active
• Deleted account data: Purged within 30 days after deletion request
• Backup data: Retained for 90 days for disaster recovery purposes
• Legal hold data: Retained as required by law or legal proceedings
• Analytics data: Aggregated and anonymized after 24 months

c) Data Deletion

You can request account deletion at any time:

• Go to Account Settings → Delete Account
• Or email privacy@chask.ai
• We'll confirm deletion within 30 days
• Some data may be retained for legal or compliance reasons

e) Data Breach Notification

If we discover a data breach affecting your personal information:

• We'll notify you within 72 hours (or as required by applicable law)
• Notification will include: what happened, what data was affected, and what we're doing about it
• We'll provide guidance on steps you can take to protect yourself
• We'll report to relevant authorities as required by law

a) Rights for All Users

• Access your personal data and understand how we use it
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Export your data (data portability)
• Opt out of marketing communications

c) Additional Rights for California Users (CCPA/CPRA)

If you're a California resident, you have specific rights under the California Consumer Privacy Act:

• Know what personal information we collect about you
• Know whether we sell or share personal information (we don't)
• Request deletion of your personal information
• Opt out of sale/sharing of data (not applicable - we don't sell data)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

d) Additional Rights for Other US States

If you're in Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have additional rights similar to those described above. Contact us to exercise them.

e) How to Exercise Your Rights

To exercise any of your privacy rights, email privacy@chask.ai with your request. Please include:

• Your name and email address associated with your account
• Specific right you want to exercise
• Verification information (we'll confirm your identity for security)

We'll respond to your request within 30 days (or as required by applicable law).

a) Types of Cookies We Use

b) Third-Party Cookies

Some cookies are set by third-party services we use:

• Supabase - Authentication and database services
• Stripe - Payment processing (when you upgrade)
• AI providers - When using AI-powered features

c) Managing Cookies

You can control cookies through:

• Browser settings: Block all cookies or specific sites
• Cookie preferences: Coming soon - manage preferences in-app
• Opt-out links: Analytics services provide opt-out options

Note: Disabling essential cookies will prevent you from using Chask.

d) Do Not Track

We respect Do Not Track (DNT) browser signals where technically feasible. However, some third-party services may not honor DNT signals.

a) Where Your Data Is Processed

Chask, Inc. is based in the United States (Delaware). Your data may be:

• Stored in US data centers (via Supabase/AWS)
• Processed by US-based staff and contractors
• Transmitted to US-based service providers
• Sent to AI providers (OpenAI, Anthropic) located in the US

c) Your Rights Regarding Transfers

You can:

• Request detailed information about data transfers
• Object to specific transfers (may limit Service functionality)
• Request a copy of the safeguards we use for data protection
• Contact your local data protection authority with concerns

d) Service Provider Compliance

Our US-based service providers comply with international data protection requirements:

• EU-US Data Privacy Framework (where applicable and certified)
• Standard Contractual Clauses for data transfers
• GDPR requirements for data processors

a) Age Restriction

Chask is not intended for users under 18 years old.

• We do not knowingly collect data from children under 18
• We do not target or market to children
• Parental consent is required for users under 18

b) If We Discover Child Data

If we learn we've collected data from a child under 18:

• We'll delete the account and associated data immediately
• We'll notify parents/guardians if possible and appropriate
• We'll take steps to prevent future access by that user

d) COPPA Compliance (US Users Under 13)

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 years old. If you are under 13, do not use this Service or provide any information to us.