Hilcot TaskFlow ("we", "our", or "the application") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information when you use our task management platform.
Account Information: When you register or sign in, we collect your name, email address, and authentication credentials. If you use OAuth (Manus login), we receive your profile information from the OAuth provider.
Task Data: We store the tasks you create, including titles, descriptions, due dates, priority levels, status, and assignment information.
Activity Data: We maintain an audit log of actions performed on tasks (create, update, assign, complete, share) to support collaboration and accountability.
Device Tokens: If you enable push notifications, we store your device token to deliver reminders and alerts. These tokens are associated with your account and removed when you revoke notification permissions or delete your account.
Usage Preferences: We store your notification preferences, including quiet hours and maximum daily reminder limits.
We do not sell, rent, or share your personal information with third parties for marketing purposes. Your task data may be visible to other users within your organisation when you explicitly share tasks or assign them to team members. We do not disclose your information to external parties except as required by law.
We retain your account and task data for as long as your account is active. When you delete your account, all associated data — including tasks, activity logs, device tokens, and preferences — is permanently deleted within 30 days. Activity logs for shared tasks may be retained for up to 90 days to support audit requirements.
We implement industry-standard security measures including encrypted transmission (HTTPS), hashed password storage (bcrypt), signed session tokens (JWT), and access controls that restrict task visibility to authorised participants only. No system is completely secure, and we encourage you to use a strong, unique password.
You have the right to access, correct, or delete your personal data at any time. You can update your profile information within the application settings. To permanently delete your account and all associated data, use the "Delete Account" option in your account settings. For other data requests, please contact us at the address below.
We use a single HTTP-only session cookie to maintain your authenticated session. This cookie is essential for the operation of the application and cannot be disabled while using the service. We do not use tracking cookies or third-party analytics cookies.
We may update this Privacy Policy from time to time. Significant changes will be communicated via an in-app notification. Continued use of the application after changes take effect constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].