Taskr Privacy Policy

Last updated: May 27, 2026 · Version 2.2

BMA Nexus

This Privacy Policy describes how Taskr ("we", "our", or "the app"), developed and operated by BMA Nexus, collects, uses, processes, stores and protects your personal data when you use the Taskr mobile application available on Google Play. It also describes your rights under the EU General Data Protection Regulation (GDPR) and how to exercise them.

1. Information We Collect

Taskr is built around the principle of data minimization. We only collect what is strictly necessary to provide the features you have chosen to use. The data we may collect is grouped below by the feature that triggers its collection.

1.1 Account data (only if you create an account)

• Email address — used only to authenticate you via Supabase Auth and to send transactional emails (account verification, password reset).
• Hashed password — stored only in Supabase Auth (bcrypt-hashed; we never see your plaintext password).
• Session token (JWT) — stored locally on your device to keep you signed in; refreshed automatically.

1.2 Task data

• Your lists, tasks, subtasks, deadlines, priorities, notes, locations, reminder times and timezone preferences.
• App settings: theme, language, default priority, sort order, notification preferences.
• Onboarding state (which tour-tips you have seen).

1.3 Shared-list data (only if you share or join a list)

• The email addresses of people you invite to a shared list (stored in our database so they can accept the invite even if they don't have a Taskr account yet).
• The email addresses of lists you join, including the owner's email.
• Membership role (owner, accepted member, pending invite) and invitation timestamps.

1.4 Attachments (only if you upload files — Pro feature)

• Files you attach to tasks (photos, documents, video and audio for Pro users) — uploaded to Supabase Storage with Row Level Security.
• Each file is stored under your user ID and is only accessible to you and members of the shared list (if applicable).

1.5 Push notification token (only if you enable push notifications for shared lists)

• Firebase Cloud Messaging (FCM) device token — a unique identifier issued by Google to deliver push notifications to your device. Stored in our database and bound to your user ID.
• The token is generated by Google Play Services on your device. It changes when the app is reinstalled or app data is cleared.

1.6 Location data (optional, on-demand)

Taskr can attach a geographic location to individual tasks if you explicitly request it:

• Trigger: only when you tap the "Current location" button in the task editor. Taskr never accesses your location in the background, while the app is closed, or for any other purpose (no geo-fencing, no automatic tagging, no analytics).
• Permissions: Taskr declares ACCESS_FINE_LOCATION (precise lat/lng) and ACCESS_COARSE_LOCATION (network-based approximation) in its Android manifest. Android 12+ users may grant approximate-only; this still works. Taskr requests the permission only the first time you tap the button; you may deny without affecting any other functionality.
• Data collected: latitude and longitude coordinates (device-provided), plus an optional human-readable label (e.g. street + city) if Android offline reverse-geocoding is available.
• Storage: stored locally on your device as part of the task. If cloud sync is enabled, also stored in the user_data table (your private cloud row). For tasks in a shared list, the coordinates are also stored in shared_tasks and visible to the other members of that list.
• Sharing: never sent to third parties beyond Supabase storage. We do not use this data for analytics, advertising, or profiling.
• Deletion: tap the red ✕ next to the coordinates in the task editor to remove the location from that task. "Clear all data" removes all location entries from device and cloud.

1.7 What we DO NOT collect

• No Google Analytics, no Firebase Analytics, no Crashlytics, no Sentry, no Facebook SDK.
• No advertising IDs (no AAID / IDFA).
• No device fingerprinting, no usage statistics, no background or continuous location tracking.
• No geo-fencing or automatic location tagging — location is only attached when you tap the "Current location" button (see 1.6).
• No contact-list access, no calendar access, no microphone access (unless you choose to attach an audio file).

1.8 Notification content (lock-screen visibility)

Both local reminders and shared-task push notifications include the task text in the notification body:

• Local notifications: when you schedule a reminder, the notification body contains the task title and (optional) note text. This is generated and stored entirely on your device by Android.
• Shared-task push notifications (Firebase Cloud Messaging): when a member of a shared list edits or completes a task, other members receive a push notification. The body is capped at 240 characters and sanitized (control characters stripped) before being sent through Google's FCM servers.
• Lock screen visibility: by default, Android shows notification content on the lock screen. Anyone with physical access to your device may see the task text. If your tasks contain sensitive information, we recommend changing your Android notification settings to "Hide sensitive content" or "Don't show notifications at all" on the lock screen.
• Accessibility services: notification bodies are readable by Android accessibility services (e.g. TalkBack, third-party screen readers). Be aware that accessibility apps you have installed may receive your task text.

2. Legal Basis for Processing (GDPR Art. 6)

Where the EU General Data Protection Regulation applies, we rely on the following legal bases to process your data:

• Performance of a contract (Art. 6(1)(b)) — to provide the Taskr service you signed up for: storing your tasks, syncing them between your devices, processing your account.
• Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, abuse-prevention rate limits and routing FCM push notifications to the device tokens you registered.
• Consent (Art. 6(1)(a)) — for sending you push notifications (consent given via the system POST_NOTIFICATIONS prompt on Android 13+) and for using cloud sync (consent given by signing up for an account).
• Legal obligation (Art. 6(1)(c)) — when required by law, e.g. responding to lawful requests from authorities.

3. How We Use Your Information

• To save your task data on your device and (if you sign in) sync it across your other devices.
• To deliver local reminder notifications scheduled by your device. These are processed entirely on-device — we never receive or store the content of local reminders.
• To enable shared-list collaboration: showing real-time updates to other members of a list you own or joined.
• To deliver push notifications for shared-list activity (e.g. "A task was added to your shared list"). These pass through Firebase Cloud Messaging — see Section 6.2.
• To authenticate you (email + password) and maintain your signed-in session.
• To allow you to upload attachments to tasks and download them on your other devices (Pro feature).

We do not sell, rent, trade or share your personal data with third parties for marketing purposes. We do not profile users.

4. Data Storage & Security

4.1 On-device storage

When you use Taskr without signing in, all your data is stored on your device using Capacitor Preferences (Android's SharedPreferences), which is sandboxed to the Taskr app and protected by the operating system. This data never leaves your device.

Local key structure: the primary storage key is tf-v4 (Capacitor Preferences / Android SharedPreferences). It contains your lists, tasks, app settings, and onboarding state in a single JSON document. A cached snapshot of shared-task badges is also stored locally for fast cold-start.

Corruption backups: if Taskr detects a JSON parse error on startup (e.g. partial write during a crash), the raw corrupted data is preserved under tf-v4-corrupt-<timestamp> as a debugging safeguard. These backups are not currently auto-deleted; you can wipe them via Settings → "Clear all data". An automatic retention policy is planned for a future version.

4.2 Cloud storage (only if you sign in)

If you create an account, your task data is synced to a Supabase PostgreSQL database in the EU region (Frankfurt, Germany). Supabase is SOC 2 Type II compliant. Your data is protected by:

• Row Level Security (RLS) — database-level policies that ensure only you can read or write your own records.
• TLS in transit — all communication between the app and our servers is encrypted with HTTPS/TLS 1.2+.
• Encrypted at rest — Supabase encrypts the underlying database storage using AES-256.
• JWT authentication — every API call is authenticated with a short-lived signed JWT bound to your user ID.

4.3 Attachments storage

Attachments (Pro feature) are stored in Supabase Storage (S3-compatible object storage hosted by Supabase in Frankfurt). Each file is namespaced under your user ID and protected by RLS policies that mirror your list access.

4.4 Notification tokens

FCM device tokens are stored in our database (table fcm_tokens), bound to your user ID. They are used solely to route shared-list push notifications to your device. Tokens are deleted when you sign out or delete your account.

4.5 Subprocessors

Supabase, our infrastructure provider, hosts its EU region on Amazon Web Services (AWS) in Frankfurt, Germany. AWS is therefore a subprocessor of Supabase. Supabase's full subprocessor list is available at supabase.com/privacy.

4.6 Realtime sync for shared lists

When you join a shared list, Taskr opens a Supabase Realtime channel (over a secure WebSocket connection to wss://qgeuniiclrzndzmayekt.supabase.co) to receive instant updates from other members. Edits you make while offline are queued locally and flushed when connectivity returns. The channel transmits only task content for that specific shared list; your private tasks never traverse this channel.

5. Sharing Data With Other Users (Shared Lists)

Taskr lets you collaborate on lists with other people. Sharing a list is fully opt-in and only happens when you explicitly create a share link or send an email invite.

5.1 What happens when you invite someone

• The invitee's email address is stored in the shared_list_members table (lowercase, trimmed). It is visible to you and to other accepted members of that list.
• The invitee receives a one-time invite link of the form https://bma-nexus.github.io/taskr-invite/?token=<UUID>.
• Invite link security: the token currently appears in the URL. Be aware that URLs may be retained in browser history, server-access logs (CDN, ISP), and referrer headers when the recipient opens the link. Treat invite links like passwords — do not share them publicly or post them in chat groups. A POST-based join flow (token in request body, not URL) is planned for a future version.
• Member cap: Free accounts can share with up to 2 members per list; Pro accounts up to 20 members.

5.2 What accepted members can see and do

• The list name, color, icon, and the e-mail addresses of every other member.
• The full content of every task in the list: text, subtasks, notes, deadlines, priorities, locations, attachments, completion state, recurring rules.
• Members can add, edit, complete and delete tasks. There is no per-field, per-task, or read-only permission system — every accepted member has equal access.
• When one member edits a shared task, all other members receive a push notification via Firebase Cloud Messaging. The notification body contains the task summary (see Section 1.8).

5.3 Stopping sharing

• If you are the owner, you can stop sharing the list at any time. This is a cascade delete: the shared-list record, its members, and its shared tasks are removed from the cloud. Every member loses access immediately. Members' local task copies remain on their devices unless they tap "Clear all data".
• If you are a member, you can leave the list at any time (Settings → tap the list → Leave). Your membership is removed; the owner and other members keep their access. Your past edits to shared tasks remain in the shared list — we cannot retroactively delete them without affecting other members' tasks.
• The owner can also remove individual members from a shared list at any time.

You are responsible for choosing who to invite and for the content you place in a shared list. We recommend not putting sensitive personal information of third parties into shared tasks unless those parties have consented.

6. Third-Party Services

Taskr uses the following third-party services. Each link points to that provider's own privacy policy.

6.1 Supabase

• Purpose: authentication, cloud database (PostgreSQL), file storage (S3-compatible), realtime subscriptions, transactional emails (verification, password reset).
• Region: EU (Frankfurt).
• Privacy policy: supabase.com/privacy

6.2 Firebase Cloud Messaging (FCM) — Google

• Purpose: delivering push notifications for shared-list activity to your device.
• Data shared with Google: the device FCM token and the notification payload (title and body, which may include task text such as "John added a task: Buy milk"). Sent only when a co-member of a list you own/joined triggers an event.
• Region: Google's FCM is a global service. Google may route notifications through servers worldwide.
• Privacy policy: policies.google.com/privacy

If you do not want push notifications, you can deny the POST_NOTIFICATIONS permission when prompted, revoke it later in Android Settings → Apps → Taskr → Notifications, or simply not sign in (push notifications are only used for shared lists).

6.3 Google Play Services

• Purpose: required by Android to use Firebase Cloud Messaging. Provided by the device manufacturer / Google.
• Privacy policy: policies.google.com/privacy

6.4 External maps applications (your choice)

If you add a location to a task and tap "Open in Maps", Taskr launches your device's default maps application (Google Maps, Apple Maps, etc.) with the address you entered. We do not send the location to any server — we simply hand off to your maps app. The maps app's privacy policy applies once the handoff occurs.

6.5 External browser (URL handoff)

Taskr automatically detects URLs in your task text, subtask text, and notes (matching https://... and www.... patterns). When you tap such a link:

• Taskr opens the URL in your device's default external browser (Chrome, Samsung Internet, etc.) via the Capacitor Browser plugin.
• Taskr does not validate, preview, or pre-fetch the URL — no network call is made by Taskr itself.
• Taskr does not track which links you tap. URL detection runs entirely on-device using a regular expression.
• Once the external browser opens the link, that browser's privacy policy applies (not Taskr's). The destination website may log your IP address, User-Agent, and other request metadata as with any normal web visit.

If you do not want a URL to open externally, simply do not tap it. URL detection is purely visual; the text itself is not modified.

6.6 Android share sheet (export and invite links)

Two features hand data to the Android share sheet, which allows you to forward it to any other app on your device (Email, SMS, WhatsApp, cloud storage apps, etc.):

• "Share invite link" (in the Share modal): hands the list name and the invite URL (containing the token, see Section 5.1) to the share sheet. The receiving app — and any app installed on the device — may briefly see this data while the share dialog is open.
• "Export data" (in Settings): hands a JSON or CSV file containing your tasks and lists to the share sheet so you can save it to cloud storage, e-mail it to yourself, etc. The file contains your full task content; treat it as you would any backup of personal data.

Taskr does not control what the receiving app does with the data once you tap "share". Choose the receiving app carefully.

6.7 Resend (transactional email service)

When you send an invite to a shared list using the e-mail field (instead of the share-link button), Taskr sends an automated invitation e-mail to the invitee through Resend (operated by Resend Labs Inc., USA, with EU region in Frankfurt, Germany). The same Resend service is also used to deliver Supabase Auth e-mails such as account confirmation and password reset.

• Data shared with Resend: the invitee's e-mail address, the inviter's e-mail address (displayed as "from" inside the message), the shared-list name and icon, and the one-time invite token (embedded in the link). For Supabase Auth e-mails: your e-mail address plus the confirmation/reset link.
• Region: Taskr uses Resend's eu-west-1 (Frankfurt) region so that e-mail processing remains within the EU. Resend's full data-processing policy: resend.com/legal/privacy-policy. DPA: resend.com/legal/dpa.
• Retention: Resend retains delivery logs (recipient, send timestamp, delivery status) for up to 30 days for operational and abuse-prevention purposes. E-mail body content is not retained after successful delivery.
• Legal basis: Art. 6(1)(b) — performance of contract (delivering the invite you initiated). For Supabase Auth e-mails: Art. 6(1)(b) for account confirmation and Art. 6(1)(f) (legitimate interest in account security) for password reset.

If you do not want an invite e-mail to be sent, use the "Share invite link" button instead (Section 6.6) — that pathway never touches Resend.

We do not embed any advertising networks, analytics platforms, behavioural-profiling SDKs or social-media SDKs.

7. International Data Transfers

Your account data and task data are stored in the EU (Frankfurt, Germany).

However, push notifications sent via Firebase Cloud Messaging may transit through Google servers located outside the EU. Google relies on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission to comply with EU data protection law for these transfers. Details: policies.google.com/privacy/frameworks.

8. Data Retention

• Local data on your device is kept until you uninstall the app or use Settings → Clear all data.
• Cloud account data is kept as long as your account is active.
• After account deletion request (see Section 10), we delete your account, your task data, your attachments and your FCM tokens from our active systems within 7 days. Backups may retain a copy for up to 30 additional days before being overwritten in the normal backup-rotation cycle.
• Email invitations you sent that have not yet been accepted are deleted when you delete your account or when the invited person rejects the invite.
• Server logs (e.g. error logs from edge functions) are kept by Supabase for up to 7 days for operational reasons and never include task content.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom or Switzerland, you have the following rights:

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — correct inaccurate or incomplete data (you can do this yourself from within the app, or contact us).
• Right to erasure (Art. 17) — request deletion of your account and all associated data (see Section 10).
• Right to restriction of processing (Art. 18) — ask us to limit how we use your data while a dispute is being resolved.
• Right to data portability (Art. 20) — receive your data in a machine-readable format. You can export all your task data yourself via Settings → Export data (CSV).
• Right to object (Art. 21) — object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — withdraw consent for processing where consent is the legal basis (you can disable notifications, sign out, or delete your account at any time).
• Right to lodge a complaint (Art. 77) — file a complaint with your national supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (AP).

To exercise any of these rights, contact us at bmanexusapps@gmail.com. We will respond within 30 days as required by GDPR Art. 12.

10. Account & Data Deletion

Creating an account is entirely optional. The app works fully offline without one.

10.1 Clear all data (in Settings)

Open the app → Settings → Clear all data. Taskr performs a synchronous wipe in this order:

1. Shared lists you own: each is unshared (cascade delete — see Section 5.3). All members lose access.
2. Shared lists you joined: you leave each (your membership is removed; the list survives for the owner and other members).
3. Attachments: every file you uploaded for any task is deleted from Supabase Storage.
4. On-device data: tf-v4 + all corruption backups + the cached shared-task snapshot are removed.
5. Cloud user data (if you are signed in): your user_data row is wiped (lists + tasks + settings set to empty).

This action is irreversible. Local notifications you previously scheduled are also cancelled. Note that "Clear all data" does not delete your Supabase Auth account itself (your e-mail + password remain) — see 10.2 for full account deletion.

10.2 Delete your account and all remaining cloud data

To delete your authentication account itself (e-mail + password in Supabase Auth) and any remaining cloud data, send an email to bmanexusapps@gmail.com with the subject "Account Deletion Request" and from the email address registered with Taskr.

We will:

• Verify the request (we may ask you to confirm from the registered email address).
• Delete your Supabase Auth row, your remaining user_data row, your FCM tokens and any shared-list memberships you forgot to leave, within 7 days.
• Backups containing residual copies are overwritten within 30 additional days.
• Send you a confirmation email once deletion is complete.

If you are the owner of a shared list at the moment of account deletion, that list is unshared (cascade delete) and all members lose access.

11. Children's Privacy

Taskr is suitable for users aged 13 and older.

In the European Economic Area, processing the personal data of a child under 16 on the basis of consent requires authorization from a parent or legal guardian (GDPR Art. 8). If you are under 16 in the EEA, please ask a parent or guardian to create the account on your behalf or to confirm your use of Taskr.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact bmanexusapps@gmail.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• The "Last updated" date at the top of this page will change.
• The version number will be incremented.
• For significant changes that affect your rights, we will display an in-app notice the next time you open Taskr (signed-in users will see a one-time banner).

Continued use of the app after changes constitutes acceptance of the updated policy. You can always review the latest version at the URL where this page is published.

12.1 Version history

Version 2.2 (May 27, 2026):

• Added Section 6.7 disclosing Resend as transactional e-mail subprocessor (Resend Labs Inc., USA, EU region eu-west-1 in Frankfurt). Used for shared-list invite e-mails initiated via the e-mail field, and for Supabase Auth e-mails (account confirmation, password reset).
• Detailed data shared with Resend (invitee + inviter e-mail, list name and icon, invite token), retention (30 days for delivery logs, no body content retained after delivery), legal basis (Art. 6(1)(b) and 6(1)(f)).
• Linked Resend's own privacy policy and DPA.
• Clarified that users can avoid Resend entirely by using the "Share invite link" button (Section 6.6) instead of the e-mail field — that pathway never touches Resend.

Version 2.1 (May 26, 2026):

• Added Section 1.6 disclosing on-demand location data collection (lat/lng via "Current location" button), including both ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions.
• Renumbered "What we DO NOT collect" to 1.7, with explicit statements about no background tracking, no geo-fencing, no automatic tagging, no advertising IDs, no analytics SDKs.
• Added Section 1.8 disclosing notification content (task text visible on lock screen, accessible to screen readers).
• Updated Section 4.1 with local storage key structure (tf-v4) and corruption-backup retention.
• Added Section 4.6 disclosing realtime WebSocket sync channel scope.
• Rewrote Section 5 with explicit disclosure of: invite-link security (token in URL), member access scope (no per-field permissions), cascade-delete semantics, owner-vs-member differences, Free/Pro member cap.
• Added Section 6.5 disclosing external browser handoff for URL taps.
• Added Section 6.6 disclosing Android share sheet for invite links and data export.
• Rewrote Section 10 with explicit "Clear all data" scope (5-step wipe order) and the distinction between "Clear all data" and full account deletion.

Version 2.0 (May 10, 2026): initial GDPR-compliant rewrite with Supabase + FCM disclosure. Superseded v1.0 (April 2026).

13. Contact & Data Controller

The data controller for the personal data we process is:

BMA Nexus
Email: bmanexusapps@gmail.com

For any privacy questions, data-subject access requests or complaints, please use the email address above. We aim to respond within 30 days as required by GDPR Art. 12.