GDPR Compliance
Tasklemon is committed to protecting the privacy and data rights of users in the European Union under the General Data Protection Regulation (GDPR).
Our Commitment to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that applies to organizations processing personal data of individuals in the European Union. Tasklemon respects your data rights and has implemented measures to ensure compliance with GDPR requirements.
Legal Basis for Data Processing
We process your personal data under the following legal bases:
- Contractual Necessity: Processing is necessary to provide our task management services under our Terms of Service
- Legitimate Interest: We process data to improve our platform, ensure security, and provide customer support
- Consent: We obtain your consent for marketing communications and optional features
- Legal Obligation: We process data to comply with applicable laws and regulations
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to access your personal data and receive information about how we process it. You can view and download your data at any time through your account dashboard. For a comprehensive copy of all data we hold about you, please contact our Data Protection Officer.
Right to Rectification
You can update your account information, CoreHub settings, project details, and task data directly through the platform. If you identify any inaccuracies, you have the right to correct them at any time.
Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data under certain circumstances. You may delete your account and CoreHub data from your account settings. Upon deletion, we will permanently remove your data after the applicable retention period based on your plan type:
- Free Plan: Immediate permanent deletion
- Startup Plan: 30-day retention for deleted tasks
- Growth Plan: 6-month retention for deleted tasks
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your data from the platform or request a complete data export by contacting us.
Right to Restriction of Processing
You may request that we restrict processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes at any time. You can opt out of marketing emails by clicking the unsubscribe link or adjusting your notification preferences. You may also object to processing based on legitimate interests.
Right to Withdraw Consent
Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements. However, we encourage you to contact us first so we can address your concerns directly.
Data We Collect and Why
Account and Authentication Data
Data Collected: Name, email address, password (encrypted), Google OAuth profile (if used)
Purpose: User authentication, account management, platform access
Legal Basis: Contractual necessity, consent (for OAuth)
CoreHub and Workspace Data
Data Collected: CoreHub name, avatar, plan type, team member invitations, workspace settings
Purpose: Multi-tenant workspace management, collaboration, subscription management
Legal Basis: Contractual necessity
Project and Task Management Data
Data Collected: Project details, tasks, subtasks, comments, attachments, activity logs, assignments, priorities, statuses
Purpose: Task management, project organization, team collaboration
Legal Basis: Contractual necessity
Communication Data
Data Collected: Contact form submissions, support inquiries, email communications
Purpose: Customer support, responding to inquiries
Legal Basis: Legitimate interest, consent
Technical and Usage Data
Data Collected: IP address, browser type, device information, login times, feature usage, error logs
Purpose: Platform security, performance optimization, troubleshooting, analytics
Legal Basis: Legitimate interest
Data Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: HTTPS/SSL encryption for data in transit, bcrypt hashing for passwords
- Multi-Tenant Isolation: Each CoreHub operates with its own database for data isolation
- Access Controls: Role-based permissions and authentication requirements
- Regular Backups: Automated backup systems to prevent data loss
- Security Monitoring: Continuous monitoring for security threats and vulnerabilities
- Staff Training: Regular data protection training for employees with access to personal data
Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected:
- Active Account Data: Retained while your account is active
- Deleted Task Data: Retained according to plan type (immediate, 30 days, or 6 months)
- Backup Data: Retained in backups for disaster recovery purposes, then permanently deleted
- Legal Compliance Data: Retained as required by applicable laws and regulations
International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may not provide the same level of data protection as EU law. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with third-party service providers
- Ensuring service providers are located in countries with adequacy decisions
Third-Party Data Processors
We work with trusted third-party service providers who process personal data on our behalf. All processors are contractually bound to:
- Process data only according to our instructions
- Implement appropriate security measures
- Comply with GDPR requirements
- Assist with data subject requests
- Notify us of any data breaches
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Manage your data directly through your account settings and dashboard
- Contact our Data Protection Officer via email or contact form
- Submit a formal request through our support system
We will respond to your request within one month. If your request is complex, we may extend this period by two additional months, and we will inform you of the extension and the reasons for it.
Children's Privacy
Tasklemon is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO with any questions or concerns about how we handle your personal data:
Email: dpo@tasklemon.com
Contact Form: https://tasklemon.com/contact-us
Updates to This Policy
We may update this GDPR Compliance page from time to time to reflect changes in our data processing activities or legal requirements. We will notify you of significant changes through email or a notice on our platform. Please review this page periodically.
Additional Resources
For more information about our data practices, please review:
Your Data, Your Rights
Learn how TaskLemon complies with the General Data Protection Regulation for EU users.