Privacy Policy
Effective Date: July 4, 2026 | Last Updated: July 4, 2026
đź“‹ Overview Highlights (Quick Summary)
Dual-Role Clarity
We act as the Data Controller for your billing and profile info, and as the Data Processor for your workspace data. You maintain 100% data ownership.
No AI Model Training
We strictly guarantee that your Workspace instructions, uploaded files, and worker logs are never shared or used to train any external artificial intelligence models.
Controlled Archiving
Active content is instantly deleted upon account closure. Worker execution and reasoning logs are stored in active storage for 90 days, then cold-archived for up to 10 years for compliance.
Secure & Partitioned
Hosted on Google Cloud Platform (us-central1) with TLS/HTTPS transit encryption and Stripe payment processing.
đź“„ Full Privacy Policy
Scroll to read the entire copyPrivacy Policy
Effective Date: July 4, 2026 Last Updated: July 4, 2026
1. Introduction
At Cantasks, we take your privacy seriously. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and how long we keep it. It applies to everyone who creates an account or uses the Cantasks service (“Platform”, “Service”, “we”, “us”, “our”).
1.1 Data Controller vs. Data Processor
Under the General Data Protection Regulation (GDPR) and similar privacy laws, we act in two different capacities depending on the data:
- Data Controller: We act as a Data Controller for your account, profile, and billing information. We determine how and why this information is processed to provide the Service to you.
- Data Processor: We act as a Data Processor for the content you process through the Platform (including instructions, files, and data ingested from connected third-party accounts). You (or your organisation) are the Data Controller for this Workspace data, and we process it only on your instructions and in accordance with our Terms of Use and Data Processing Agreement (DPA).
Please read this policy carefully. By using the Platform, you agree to the practices described here. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Your name and email address
- A securely hashed version of your password, or, if you sign in via Google or GitHub, an authentication reference from that provider
- Your account preferences and onboarding status
2.2 Workspace and Team Information
When you set up or participate in a Workspace, we collect:
- Workspace name and configuration settings
- Business hours, custom off-day schedules, and calendar preferences you set
- Team membership information, including invitation records and the roles assigned to each member
- A log of membership changes for audit purposes (for example, when a member is added or removed)
2.3 Work Instructions and Task Data
When you use the Platform to assign and manage work, we collect:
- The instructions, goals, and tasks you create
- The decisions you provide when a digital worker pauses and asks for your input
- Status updates and progress records as tasks are completed
Each instruction you issue is assigned a unique reference identifier so that all related activity can be traced from start to finish.
2.4 Activity and Audit Logs
To help you review what your digital workers have done and to maintain a reliable audit trail, we store:
- A high-level record of actions taken by each digital worker
- A detailed log of tools and capabilities used by workers during task execution
- Records of the reasoning steps workers took to complete a task — these may include references to the content of your instructions and documents
- Records of system resource usage
These logs are retained for 90 days in active storage. After that, they are automatically archived for long-term storage and kept for up to 10 years for legal compliance and dispute resolution purposes.
2.5 File, Document, and Media Data
When you upload files, documents, or media (such as images for visual analysis) to the Platform, or import them from connected cloud storage, we collect and store:
- The file itself, held securely in cloud storage
- Associated metadata: file name, size, type, upload date, and a unique file fingerprint used for deduplication
- Version history, where applicable under your subscription plan
- The folder structure you create to organise your files
2.6 Usage and Performance Data
To monitor the health of the Platform, manage your subscription quotas, and improve our service, we collect:
- Records of how Platform features are used within your Workspace
- Performance metrics such as response times and error rates
- Resource consumption data to track your Workspace’s usage against your plan limits
This data is stored for 90 days and then automatically deleted.
2.7 Billing and Payment Data
When you subscribe to a paid plan, we collect:
- Your subscription plan and billing status
- Invoice history and payment records
- Quota top-up purchases
We do not collect or store your payment card details. All payment transactions are handled directly by Stripe, our payment processor. Please review Stripe’s Privacy Policy for details on how they handle your payment information.
2.8 Connected Accounts and Third-Party Data
When you link external accounts (such as email, messaging apps, social media, or cloud storage) to your Workspace, we collect:
- Securely encrypted access and refresh tokens required to authenticate with those services on your behalf
- Data ingested from those services as needed to fulfill your instructions (e.g., emails, chat messages, external files, or social media analytics)
2.9 Session Data
When digital workers carry out tasks that involve accessing websites or online tools on your behalf, we record:
- Session identifiers and timing information
- Which task and worker were associated with the session
2.10 Content Safety Screening Records
Every instruction sent to a digital worker and every response a worker produces is automatically screened by our content safety system before it is processed or delivered. When content is flagged as unsafe, we record:
- The fact that a safety check was triggered and the category of concern (for example, an attempt to override operating rules, or a response containing harmful content)
- The worker, task, and Workspace associated with the flagged interaction
- The outcome — for example, whether the task was stopped
We do not log the full text of blocked content beyond what is necessary for audit and security purposes. These records form part of your Workspace’s audit trail and are subject to the same retention schedule as your other activity logs (90 days in active storage, then archived for up to 10 years).
3. How We Use Your Information
We use the information we collect to:
| Purpose | Why We Do This | Lawful Basis (GDPR) |
|---|---|---|
| Provide and operate the Service | To deliver the features you have subscribed to | Performance of a Contract |
| Execute digital worker tasks on your instruction | To carry out the work you assign | Performance of a Contract |
| Manage your subscription and billing | To process payments and enforce plan limits | Performance of a Contract |
| Maintain audit trails and activity logs | To give you visibility and support compliance | Legitimate Interests (security and accountability) |
| Monitor platform health and performance | To maintain reliability and diagnose issues | Legitimate Interests (platform integrity) |
| Screen instructions and worker responses for harmful content | To protect you, other users, and third parties, and to comply with our safety obligations | Legal Obligation / Legitimate Interests |
| Detect and prevent fraud or misuse | To protect you and other users | Legitimate Interests (fraud prevention) |
| Send you service-related communications | To inform you of changes, updates, and alerts | Performance of a Contract / Legitimate Interests |
| Improve the Service using aggregated insights | To develop better features, using de-identified data only | Legitimate Interests (service improvement) |
We do not use your content — your instructions, files, or documents — to train artificial intelligence models.
4. Artificial Intelligence and External Providers
The Platform uses artificial intelligence to power digital workers. To do this, content from your instructions and documents may be transmitted to third-party artificial intelligence providers who process the content and return a result.
What this means for you: When you issue an instruction or a worker accesses a file to complete a task, excerpts of that content may be sent to one or more external artificial intelligence services. We select providers that offer appropriate data protection commitments and operate under Data Processing Agreements with us.
We do not control how those providers handle data once it is transmitted. We recommend reviewing their privacy policies:
5. How We Share Your Information
We do not sell your personal information. We do not share your data for advertising purposes.
We share information only with the following categories of trusted service providers who help us operate the Platform:
| Service Provider | Purpose |
|---|---|
| Google Cloud Platform | Cloud infrastructure and data storage (hosted in the United States) |
| Artificial intelligence providers (OpenAI, Anthropic, Google) | Processing instructions and documents to power digital workers |
| Stripe | Secure payment processing |
| Connected Third-Party Platforms | If you instruct a worker to send an email, post a message, or update external software, the necessary data is transmitted to the respective platform. |
All service providers are contractually required to handle your data in accordance with applicable privacy laws and our instructions. (Note: Data transmitted to connected third-party platforms is governed by their respective privacy policies).
We may also disclose information where required by law, regulation, or court order, or to protect the rights, property, or safety of Cantasks, our users, or the public.
6. Data Storage and International Transfers
Cantasks’s infrastructure is hosted on Google Cloud Platform, primarily in the United States (region: us-central1). If you are located in the European Economic Area (EEA), the UK, or Switzerland, your data will be transferred to and stored in the United States.
We take appropriate steps to ensure that any international transfer of personal data is governed by suitable legal safeguards. When we transfer data outside the EEA/UK, we rely on standard data protection clauses (such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum) and, where applicable, the EU-U.S. Data Privacy Framework.
7. How Long We Keep Your Information
| Information | Retention Period |
|---|---|
| Account profile and preferences | For as long as your account is active; deleted upon account closure |
| Workspace settings and configuration | For as long as your account is active; deleted upon account closure |
| Work instructions, tasks, and goals | For as long as your account is active; deleted upon account closure |
| Activity and audit logs (worker actions, reasoning traces) | 90 days in active storage, then archived for up to 10 years |
| Content safety screening records (blocked interaction logs) | 90 days in active storage, then archived for up to 10 years |
| Usage and performance analytics | 90 days, then automatically deleted |
| Files and documents | For the duration of your subscription; managed according to your plan’s version limits |
| Billing records | Retained as required by applicable financial and tax regulations |
Where we are legally required to retain data (for example, financial records or compliance logs), we will do so even if you close your account, for the minimum period required by law.
8. Data Security
We implement a range of security measures to protect your information, including:
- Encryption in transit: All data transmitted between you, the Platform, and our services is encrypted using TLS/HTTPS.
- Access controls: Your Workspace data is accessible only to authorised members of your Workspace. We enforce strict separation between Workspaces so that no organisation can access another’s data.
- Infrastructure security: Our cloud infrastructure uses role-based access controls, network segmentation, and centralised secret management.
- Audit trails: All significant actions on the Platform are logged and traceable, supporting accountability and incident response.
- Content safety screening: The Platform applies automated two-layer content screening to every digital worker interaction. Instructions you send are screened before a worker acts on them; worker responses are screened before they are delivered to you. Content that fails either check is automatically blocked and never processed or returned. This screening is performed by automated systems and does not involve human review of individual messages in real time. Blocked interactions are logged as part of your Workspace audit trail. Please note that while this process is automated, it strictly concerns content safety enforcement and does not constitute automated decision-making that produces legal or similarly significant effects on you under GDPR Article 22.
While we take these steps seriously, no system is completely immune to security risks. We encourage you to use strong passwords and to report any suspected security incidents to us promptly.
9. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information:
- Right to access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request that we correct inaccurate or incomplete data.
- Right to erasure: You may request that we delete your personal data, subject to legal retention requirements. Please note that some audit and compliance logs may be retained even after account closure as required by law.
- Right to data portability: You may request your data in a structured, commonly used format.
- Right to restriction: You may request that we limit how we process your data in certain circumstances.
- Right to object: You may object to our processing of your data where we rely on legitimate interests.
- Right to withdraw consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at contact@cantasks.com. We will respond within the timeframe required by applicable law.
10. Cookies and Browser Storage
Our web application uses cookies and browser storage technologies to keep you signed in and manage your session. These are essential for the Platform to function correctly.
We do not use advertising cookies or third-party tracking technologies.
11. Children’s Privacy
Cantasks is not directed at, and is not intended to be used by, children under the age of 16. We do not knowingly collect personal information from children. If you believe that a child has created an account or provided personal information without appropriate consent, please contact us and we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email before the changes take effect. The date of the most recent update is shown at the top of this page.
Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact us:
Cantasks — Data Privacy Email: contact@cantasks.com Address: [Legal entity address — TBD]
If you are located in the European Economic Area and believe we have not addressed your concern, you also have the right to lodge a complaint with your local data protection authority.
Privacy inquiries? Contact contact@cantasks.com
Read Acceptable Use Policy →