Privacy Policy for TaskBox

Last Updated: May 7, 2025

1. Introduction

Welcome to TaskBox! This Privacy Policy explains how Affan ("we," "us," or "our") collects, uses, shares, and protects information in relation to our mobile application TaskBox (the "Service"). TaskBox is an AI-powered email and task management application designed to help you organize your communications and workflow. Your privacy is important to us, and we are committed to protecting your personal data.

2. Information We Collect

A. Information Related to Your Google Account (for Authentication):

When you choose to log in to TaskBox using your Google account, we use Firebase Authentication (a service provided by Google) to authenticate you. Firebase Authentication provides us with your basic Google profile information, such as your name, email address, and a unique Google Account ID. We use this solely for the purpose of creating and managing your TaskBox account session and verifying your identity.

B. Information You Provide Directly for Tasks:

We collect the information you provide when you create tasks, sub-tasks, and projects within TaskBox, including titles, descriptions, due dates, progress status, and any notes you add. This information is processed and stored by our backend systems.

C. Information Processed by Our Service to Provide Email Features (With Your Explicit Permission):

To provide email management features, TaskBox, through its backend systems, requires access to your emails via the Gmail API. This access is facilitated using authentication tokens provided by Firebase Authentication after your successful Google login. With your explicit permission, our backend systems access:

• Email Headers: Sender, recipients, subject, date.
• Email Body Content: The text and HTML content of your emails.
• Email Metadata: Labels, read/unread status, timestamps, and folder information.

This email information is processed by our backend to enable features such as displaying your emails, allowing you to send emails (if applicable), and for providing AI-powered features described below.

D. Prompts for AI Features:

If you use our AI-powered email generation or other AI interaction features, we collect the prompts you input. These prompts are sent to our AI service provider (Cohere AI) to generate the requested content or perform the requested action.

E. Information We Collect Automatically Through Your Use of the Service:

• Usage Data: We may collect information about how you use TaskBox, such as the features you interact with and the frequency and duration of your activities. This helps us understand how our Service is used and how to improve it.
• Device Information (Basic): We may collect basic, non-personally identifiable information about the device you use to access TaskBox, such as device model and operating system version, primarily for troubleshooting and ensuring compatibility.
• Crash Reports (If Implemented): If the app crashes, we may collect diagnostic information to help us fix the issue.

3. How We Use Your Information

• To Provide, Maintain, and Improve the Service:
  • To authenticate you using your Google account via Firebase Authentication.
  • To fetch, process, and display your emails via our backend systems as per your actions in the app.
  • To enable the creation, organization, and management of your tasks and projects, which are stored in our backend database.
  • To operate, maintain, and improve the features and functionality of TaskBox.
• To Provide AI-Powered Features (using Cohere AI):
  • To automatically categorize your emails.
  • To generate summaries of your email content.
  • To generate draft email responses based on your prompts.
  • Note on AI Model Training: We do not use your personal email content to train Cohere AI's models or any of our own AI models. Email content is sent to Cohere AI solely for the purpose of providing you with the requested AI-powered features. For more information, we recommend reviewing Cohere AI's privacy policy.
• For Security and Integrity: To detect, prevent, and address technical issues, fraud, or security concerns.
• To Comply with Legal Obligations: To comply with applicable laws, regulations, or legal processes.
• Communications with You (Limited): To respond to your support requests or feedback if you contact us.

4. How We Share Your Information

We do not sell your personal information. We only share your information with third parties in the following circumstances:

• Google (Firebase Authentication): We use Firebase Authentication for user login. Google handles the authentication process and provides us with the authentication status and basic profile information as described above.
• Cohere AI (AI Features): To provide AI-powered features such as email categorization and summarization, we send relevant email content or your prompts to Cohere AI. Cohere AI processes this data to provide the requested AI functionality. Cohere AI is subject to its own privacy and security commitments. We encourage you to review Cohere AI's Privacy Policy (available at https://cohere.com/privacy) to understand how they handle your information.
• Backend Hosting Provider (Railway.app): Our backend systems, which process your emails and store your task data (in a PostgreSQL database), are hosted on secure cloud servers provided by Railway.app. These servers are located in the us-west1 region (Oregon, USA). Railway.app only processes data on our behalf and under our instructions.
• Legal Requirements: We may disclose your information if required by law or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or property, or ensure the safety of our users or the public.
• Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
• With Your Explicit Consent: We may share your information for other purposes if you provide your explicit consent.

5. Data Storage and Security

• Authentication Information: Your Google account credentials are managed by Google through Firebase Authentication. We do not see or store your Google password.
• Email Data: Your emails are fetched and processed by our backend systems in real-time or near real-time to provide the Service's features while you are actively using the app. We do not permanently store your full email content on our backend servers beyond what is necessary for immediate processing (e.g., for AI analysis by Cohere AI) and to provide a seamless user experience during your active session. Any temporary caching is minimized, secured, and deleted when no longer needed for the active operation.
• Task Data: Your task and project information is stored in our PostgreSQL database, which is hosted by Railway.app in the us-west1 region (Oregon, USA) and protected by industry-standard security measures.
• Security Measures: We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, use, alteration, and destruction. This includes using encryption (such as HTTPS for data in transit), access controls, and secure server environments. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.

6. Data Retention

• We retain your task data for as long as your TaskBox account is active or as needed to provide you with the Service.
• Information related to your Firebase Authentication session is managed as per Google's policies.
• Information processed by Cohere AI is subject to Cohere AI's data retention policies.
• Upon request for account deletion, we will take steps to delete your task data and any other identifiable personal information stored on our backend systems within a reasonable timeframe, subject to any legal or operational retention needs.

7. Your Rights and Choices

• Access and Control: You can access and manage your task data within the TaskBox application.
• Account Deletion: You can request the deletion of your TaskBox account and associated task data by contacting us at syedaffan880@gmail.com or through any in-app account deletion mechanism we may provide. Deleting your TaskBox account will remove your task data from our backend systems but will not affect your Google account or emails stored in your Gmail.
• Managing Google Account Permissions: You can review and manage the permissions you have granted to TaskBox (via Firebase Authentication) through your Google account security settings at any time.

8. Children's Privacy

TaskBox is not intended for use by children under the age of 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the minimum age, we will take steps to delete such information as soon as possible.

9. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. Our primary backend infrastructure through Railway.app is located in the us-west1 region (Oregon, USA). If you are located outside the United States and choose to use our Service, please note that we transfer data, including personal data, to the United States for processing. Additionally, services like Cohere AI or Google may process data in other regions according to their own policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy within the app or on a designated website for the app (if available) and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us