Roles

For personal data you submit to the Service, you are the Controller and Taskspro is the Processor under the GDPR.

Scope of processing

We process personal data solely to provide the Service per your documented instructions. Categories: identifiers, account data, content you submit.

Encryption at rest (AES-256) and in transit (TLS 1.3), least-privilege access, audit logging, vulnerability scanning, annual penetration testing.

A current list is published at /legal/subprocessors with 14 days' notice before adding new entities.

Standard Contractual Clauses (SCCs) are in place for transfers outside the EEA. Supplementary measures are documented in our TIA.

We assist you in responding within statutory timelines via self-serve tooling in account settings or by email at dpo@taskspro.ai.

You may request our SOC 2 Type II report and annual penetration test summary under NDA.

We notify affected customers within 72 hours of confirming a personal data breach, with details and remediation plan.

This DPA is effective for the duration of the master agreement. On termination, personal data is deleted within 30 days or returned at your request.