Our Privacy Policy
Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.
Last Updated on June, 6, 2025
Who we are
Tanwar Consultancy Services (Proprietorship)
RZH‑4/6/1, KH 79/13, Mahavir Enclave, New Delhi 110045, India
Data‑controller contact: Priyanshu Tanwar — hi@dodotasks.com
Scope
This Policy explains how DodoTasks ("the Service") collects, uses and protects information when you—
install or use the DodoTasks Slack app, or
visit our marketing site (dodotasks.com) and receive product e‑mails.
It applies worldwide and is designed to comply with the EU GDPR, California CCPA/CPRA, and India DPDP.
What We Collect & Why
Category | Data elements (examples) | Purpose / legal basis* |
|---|---|---|
Slack workspace & OAuth data | team ID, channel IDs, bot token, installer user ID, scopes (app_mentions:read, etc.) | Contractual necessity — operate the app |
Task records | task ID, title, description, assignee ID, creator ID, deadline, priority, status, timestamps | Contractual necessity — display, update, remind & sync tasks |
Subscription info | active plan, renewal date, workspace billing e‑mail | Legitimate interest — manage paid plans & notices |
Support messages | E‑mails or Slack DMs you send us | Legitimate interest — respond & improve service |
Payment details | None stored by us. Card/bank data handled exclusively by our payment processor | N/A — handled under processor’s own policy |
Chat snippets | Limited message text sent transiently to OpenAI API for analysis | Contractual necessity — AI‑powered task extraction |
* For EU users, the listed purposes align with GDPR Art. 6 legal bases.
How Processing Works
Secure transfer to OpenAI — When you mention @DodoTasks in Slack, the relevant message text is sent over HTTPS (TLS 1.2+) to the OpenAI API using the official client library.
OpenAI handling & retention — OpenAI stores request data for up to 30 days to monitor abuse and explicitly does not use it to train or fine‑tune its models. After that window, the data is deleted according to OpenAI’s policy.
Structured task storage — Only the structured fields returned by OpenAI (title, assignee ID, deadline, etc.) are saved in our encrypted Supabase database (region: Oregon, USA).
No raw chat storage — DodoTasks never stores full Slack message content.
Data Retention & Deletion
Data set | Retention period | Deletion method |
Task & subscription tables | Kept until workspace owner requests deletion | E‑mail hi@dodotasks.com from an admin account |
Installation records & tokens | Kept until revocation or deletion request | Same as above |
Chat snippets at OpenAI | Up to 30 days (OpenAI policy) | Automatic expiry |
We cannot currently detect app uninstalls automatically. If you uninstall and want data removed, please contact us.
Security Measures
TLS encrypted connections (HTTPS)
AES‑256 encryption at rest (Supabase‑managed)
Role‑based, least‑privilege access controls
Automated daily backups
Incident‑response plan
Hosting and storage vendors with SOC 2 controls
International Transfers
All data is processed and stored in the United States (Oregon). We rely on Standard Contractual Clauses (SCCs) and vendor SOC 2 safeguards for EU/UK personal data transferred outside the EEA.
Third‑Party Processors
Processor | Purpose | Location |
OpenAI, LLC | Natural‑language processing | USA |
Supabase, Inc. | Managed PostgreSQL & storage | USA |
Render, Inc. | Application hosting | USA |
Payment processor (TBD) | Subscription billing | Varies |
All processors are bound by agreements that forbid secondary use or sale of your data.
Your Rights
You may e‑mail hi@dodotasks.com to:
access or correct personal data we hold;
request deletion ("right to be forgotten");
receive a portable copy;
object to processing or withdraw consent;
lodge a complaint with a data‑protection authority.
We respond within 30 days.
Children’s Privacy
DodoTasks is not directed to children under 16. We do not knowingly collect personal data from anyone under that age. If we learn that we have, we will delete it promptly.
Changes to This Policy
We may update this Policy periodically. Material changes will be announced by:
a banner notice on dodotasks.com; and
e‑mail to the workspace billing contact.
Contact
Questions about privacy? Reach us at hi@dodotasks.com.