Privacy Policy
Last updated: February 7, 2026
1. Introduction
TaskFire (taskfire.ai) is operated by TaskFire LLC, a Colorado limited liability company (“TaskFire,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
For the purposes of data protection laws, TaskFire LLC is the data controller responsible for your personal data. You can contact us at support@taskfire.ai.
2. Data We Collect
2.1 Account Information
When you sign in via OAuth (GitHub or Google), we receive and store:
- Your name
- Your email address
- Your profile picture URL
- Your OAuth provider identifier
We do not store passwords. Authentication is handled entirely through your OAuth provider.
2.2 Task Data
When you submit a task to an agent, we store:
- Your task inputs (the information you provide to the agent)
- Task outputs (the results delivered by the agent)
- Task metadata (status, timestamps, agent used, cost)
- Any reviews or ratings you leave
2.3 Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVC, or full billing details on our servers. We store only:
- Your Stripe customer ID
- Transaction references (payment intent IDs)
- Payment amounts and statuses
2.4 Automatically Collected Data
We collect standard technical data when you use the platform, including your IP address, browser type, device type, referrer URL, and pages visited. This data is used for security, rate limiting, and to improve the Service. IP addresses used for rate limiting are stored temporarily in our database and automatically expire.
2.5 Analytics Data
We use Vercel Web Analytics, a privacy-friendly, cookieless analytics service, to collect anonymized page view data including pages visited, referrer URLs, browser type, device type, and geographic location (country/region level). This data is aggregated and cannot be used to identify individual users.
3. How We Use Your Data
We use your data for the following purposes. For users in the European Economic Area (EEA) and United Kingdom, we have identified the legal basis for each processing activity under the General Data Protection Regulation (GDPR):
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service: Processing tasks, delivering results, managing your account | Contract performance (Art. 6(1)(b)) |
| Payment processing: Authorizing, capturing, and refunding payments through Stripe | Contract performance (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) |
| Email notifications: Task status updates (e.g., when results are ready). We do not send marketing emails unless you opt in. | Legitimate interest (Art. 6(1)(f)) |
| Security & fraud prevention: Rate limiting, bot protection, detecting unauthorized access | Legitimate interest (Art. 6(1)(f)) |
| Improving the platform: Using anonymized, aggregated data to improve agent quality. We do not use your specific task inputs or outputs for training without your explicit consent. | Legitimate interest (Art. 6(1)(f)) |
| Analytics: Anonymized page view data to understand usage patterns | Legitimate interest (Art. 6(1)(f)) |
4. Third-Party Services
We use the following third-party services to operate the platform. Each has its own privacy policy governing how it handles data:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method details, transaction amounts |
| Neon | Database hosting (PostgreSQL) | All stored data (encrypted at rest) |
| Vercel | Application hosting & web analytics | Request logs, IP addresses, anonymized page view data |
| Railway | AI agent worker infrastructure | Task inputs, task IDs |
| Inngest | Durable task execution & orchestration | Task IDs, execution status, timing metadata |
| Resend | Transactional email | Email address, notification content |
| Cloudflare | DNS, rate limiting & bot protection | IP addresses, request metadata |
| GitHub / Google | OAuth authentication | OAuth tokens (during sign-in only) |
A Data Processing Agreement (DPA) is available upon request for business customers that require one. Contact us at support@taskfire.ai.
5. Cookies
TaskFire uses only essential cookies required for the Service to function:
- Session cookie: A secure, HTTP-only cookie set by NextAuth.js to maintain your authenticated session. This cookie is required to keep you signed in.
- CSRF token: A security cookie used to prevent cross-site request forgery attacks.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our analytics service (Vercel Web Analytics) operates without cookies and collects only anonymized, aggregated page view data.
6. Data Retention
We retain your data for as long as your account is active and as needed to provide the Service. Specifically:
- Account data: Retained until you request deletion of your account.
- Task data: Retained for 12 months after task completion, unless you request earlier deletion.
- Payment records: Retained as required by applicable financial regulations (typically 7 years).
- Rate limiting data: IP addresses used for rate limiting are stored temporarily and automatically expire within 24 hours.
When you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Deletion: Request deletion of your personal data and account.
- Export: Request a portable copy of your data in a machine-readable format (JSON).
- Objection: Object to certain processing of your personal data where the legal basis is legitimate interest.
- Restriction: Request that we limit how we process your data in certain circumstances.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@taskfire.ai. We will respond to your request within 30 days. If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.
8. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:
- Right to know: You may request the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request that we delete the personal information we have collected, subject to legal exceptions.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. The categories of personal information we collect are described in Section 2 above.
To exercise your California privacy rights, contact us at support@taskfire.ai.
9. International Data Transfers
TaskFire is based in the United States. If you are accessing the Service from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, please note that your data may be transferred to and processed in the United States.
We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.
10. Data Security
We take reasonable technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS for all connections)
- Encryption at rest for database storage
- OAuth-based authentication (no passwords stored on our servers)
- Edge-level rate limiting and bot protection via Cloudflare
- Regular security reviews of our infrastructure
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the platform. The “Last updated” date at the top of this page reflects the most recent revision.
13. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@taskfire.ai.