TaskLoop Logo TaskLoop Back to Home
Transparency & Compliance Last updated: May 2026

Privacy Policy & Privacy-by-Design

Transparency, data portability, and user independence are the core principles of TaskLoop. This policy details where your data resides, how we protect your privacy, and our compliance with European regulations (GDPR & Data Act).

1. Offline-First Storage: You Own Your Data

By default, TaskLoop operates in a **100% local** mode.

  • No Account Required: You do not need to register, provide an email address, or create a profile to download and use the application.
  • Local Database: All your tasks, subprojects, tags, checklists, pomodoros, and notes are stored locally in a secure database on your device (SQLite for desktop, localStorage for web fallback).
  • Zero Data Transmission by Default: Unless you manually enable the optional cloud sync feature, no task data ever leaves your device.

2. Optional Cloud Sync & Data Sovereignty

Cloud sync is an optional feature enabled only upon user request to allow multi-device coordination.

Data Residency (EU Servers)

To ensure full compliance with European data sovereignty standards, the remote database used for synchronization (Supabase) is hosted entirely within the **European Union (EU Central region - Frankfurt, Germany)**. No user task data is transferred, stored, or processed in countries outside the EU.

Data Minimization via Google Sign-In (OAuth)

Google OAuth is used strictly as a secure authentication mechanism (to establish a secure sync channel with Supabase). In full compliance with GDPR's data minimization principles:

  • We only request basic public profile details (email, unique ID, and name).
  • We do not request, read, or access files in your Google Drive, calendar events, contacts, or other Google account data.

3. European Regulatory Adherence (GDPR, Data Act & DGA)

TaskLoop is built following Privacy-by-Design and Privacy-by-Default principles, in compliance with European standards:

GDPR Compliance

Users can exercise their rights at any time:

  • Right to Access and Rectification: View or edit your data directly within the app.
  • Right to Erasure ("Right to be Forgotten"): When you sign out and delete your account, all sync records on the remote Supabase database are immediately and permanently erased.

Data Act & Portability (Switching)

In compliance with the European Data Act (active 2025/2026) on data portability and eliminating vendor lock-in:

  • No Lock-in: The data belongs to you. You can export your local SQLite database at any time.
  • Open Formats: We support exporting data to standard formats (JSON/SQL/CSV) directly from the settings menu for easy migration to other tools.

4. Website Analytics & Donation Anonymity

Website Analytics: We use Simple Analytics to monitor website traffic and usage. Simple Analytics is a privacy-first analytics platform that is fully GDPR-compliant, does not use cookies, does not collect personal data, and does not store IP addresses. We also track download counts anonymously (incrementing a platform counter on Supabase) to measure platform interest. No personal telemetry or user tracking is associated.

Donation Privacy: Voluntarily supporting TaskLoop is processed securely via PayPal. In respect of privacy and anonymity, our donation integration utilizes a secure PayPal Merchant ID (or dedicated project email alias) instead of exposing the developer's personal primary email or real name.

For any inquiries or requests regarding your data, contact our dedicated privacy email:

privacy@taskloop.app