Effective date: 1st January 2026.

This Privacy Policy explains how ThoughtStart (“we”, “us”) collects, uses, shares, and protects personal data when you use Taskinetic.

1. Who we are

• Controller (generally): ThoughtStart
• Contact: support@taskinetic.com
• Address: [PLACEHOLDER ADDRESS]

For Organisations using Taskinetic for business purposes, you may be a controller of end-user data and we may act as a processor for certain Customer Content.

2. Personal data we collect

We may collect:

• Account data: name, email, organisation name, role.
• Authentication data: password (stored hashed), login timestamps, IP address.
• Usage data: pages/actions within the app, device/browser metadata, logs.
• Customer Content: tasks, comments, attachments, and related metadata (as entered by you/Users).
• Billing data: billing country, plan type, seats, payment status, Razorpay subscription/order IDs and event metadata (we do not store full card details).

3. How we use personal data

We use data to:

• provide, secure, and maintain the Service;
• create and manage Organisations and Users (including invites);
• process payments and manage subscriptions;
• communicate service-related messages (transactional emails);
• prevent fraud, misuse, and security incidents;
• comply with legal obligations.

4. Legal bases (where applicable)

Depending on your jurisdiction, we rely on:

• performance of a contract (to provide the Service);
• legitimate interests (security, fraud prevention, service improvement);
• legal obligations (tax, compliance);
• consent (for non-essential cookies/marketing where required).

5. Sharing and third parties

We share data with:

• Payment processor: Razorpay (subscription/payment processing).
• Hosting/infrastructure: [PLACEHOLDER HOSTING PROVIDER].
• Email delivery: [PLACEHOLDER EMAIL PROVIDER].
• Analytics/monitoring (if used): [PLACEHOLDER].

We share only what is necessary and require appropriate safeguards where feasible.

6. International transfers

If data is transferred internationally, we take reasonable steps to ensure appropriate safeguards consistent with applicable law.

7. Data retention

We retain personal data as long as necessary to provide the Service and for legitimate business/legal purposes. See Data Retention & Deletion Policy for more detail.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, object to processing, or request portability of personal data. You can contact support@taskinetic.com to exercise rights.

9. Security

We implement reasonable technical and organisational measures to protect data (access control, encryption in transit, backups, and monitoring). No system is 100% secure.

10. Children

Taskinetic is not intended for children under 16 (or the minimum legal age in your jurisdiction).

11. Changes

We may update this policy. We will post updates and revise the effective date.