Privacy Policy

Last updated: April 2026

1. Introduction

TaskNext.AI ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data when you use our AI-powered social media management platform (the "Service").

TaskNext.AI is operated by a sole trader registered in England and Wales. For data protection enquiries, contact jessedu29200@gmail.com. We are in the process of registering with the Information Commissioner's Office (ICO).

By accessing and using TaskNext.AI, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name, password, account preferences, and any other details you provide. We use this information to authenticate you, provide customer support, and send service-related notifications.

2.2 Social Media OAuth Tokens

To enable content posting, we securely store OAuth access tokens and refresh tokens for connected social media platforms (Instagram, X, LinkedIn, TikTok). These tokens are encrypted at rest and transmitted securely. We never store your social media passwords—only the OAuth tokens authorised by you.

2.3 Content Data

We store the content you create, schedule, or publish via TaskNext.AI, including text, images, videos, and metadata. This includes draft content, scheduled posts, and historical records of published content.

2.4 AI-Generated Content Inputs

When you use our AI content generation feature, we send your prompts and inputs to Anthropic's Claude API to generate content on your behalf. These inputs may include your brand voice, target audience descriptions, hashtag preferences, and topic keywords. Review the Anthropic Privacy Policy at https://www.anthropic.com/privacy for details on how Claude API processes your data.

2.5 Usage Analytics

We collect data about your use of the Service, including: IP addresses, browser type, operating system, pages visited, features accessed, time spent, error logs, and interaction patterns. This helps us improve the Service, detect security issues, and understand usage trends.

2.6 Payment Information

Payment processing is handled securely by Stripe. We do not store credit card numbers directly. We retain invoice records, billing email, subscription tier, billing cycle dates, and payment status. See Stripe's Privacy Policy at https://stripe.com/privacy.

2.7 Communications

If you contact us via email or support form, we retain your messages, attachments, and our responses to provide support and improve our Service.

3. How We Use Your Information

  • To deliver, maintain, and improve the Service
  • To authenticate users and manage accounts
  • To process payments and manage subscriptions
  • To generate and optimise AI-powered content
  • To detect, prevent, and address fraud or security issues
  • To respond to your inquiries and provide customer support
  • To send service updates, newsletters, and promotional content (with your consent)
  • To analyse usage patterns and improve user experience
  • To comply with legal obligations

4. Third-Party Data Sharing

We do not sell your personal data. We share data with trusted service providers only as necessary to deliver the Service:

Anthropic Claude API

Your content prompts are sent to Anthropic to generate AI content. Anthropic's API Privacy Policy applies—review it at https://www.anthropic.com/privacy.

Supabase (Database)

Your data is stored in Supabase (PostgreSQL database). Supabase is GDPR-compliant and SOC 2 Type II certified. See https://supabase.com/privacy.

Stripe (Payments)

Billing and payment processing is handled by Stripe. Your payment data is encrypted and never stored on our servers. See https://stripe.com/privacy.

Social Media Platforms

When you post content via TaskNext.AI, your content and data are shared with Instagram, X, LinkedIn, and TikTok via their official APIs. These platforms process data according to their own privacy policies.

Railway (Hosting)

Our application is fully deployed on Railway. Railway has access to your data as a service provider. See https://railway.app/legal/privacy.

5. Data Retention

We retain your data for as long as your account is active or as necessary to provide the Service. Specific retention periods:

  • Account data: Retained until account deletion. After account deletion, we retain minimal data (email, billing records) for 7 years for tax/legal compliance.
  • OAuth tokens: Retained until revoked or account deleted. Refresh tokens automatically expire after 90 days of inactivity.
  • Content data: Retained until deleted by you. We retain backups for 30 days after deletion for disaster recovery.
  • Usage analytics: Aggregated logs retained for 90 days; detailed logs retained for 30 days.
  • Payment records: Retained for 7 years for tax and legal compliance (UK VAT records).

6. Your Privacy Rights

Under UK GDPR and EU GDPR, you have the following rights:

Right of Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days in a portable, structured format.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements. After account deletion, we retain only essential billing and tax records for 7 years as required by UK law.

Right to Data Portability

You can request your data in a machine-readable format (CSV, JSON) to transfer to another service.

Right to Restrict Processing

You can request that we limit how we process your data while you investigate a dispute.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. You can opt out of marketing emails at any time.

Right to Lodge a Complaint

If you believe we've violated your privacy rights, you can lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk (UK) or your local data protection authority (EU/EEA).

To exercise any of these rights, email us at support@tasknextai.one with your request. We will respond within 30 days.

7. Cookies and Tracking

We use cookies to authenticate you, remember preferences, and analyse usage. Types:

  • Essential cookies: Required for login and security (e.g., session tokens). Not optional.
  • Performance cookies: Analyse user behaviour to improve the Service. You can opt out.
  • Marketing cookies: Track behaviour for promotional purposes (used sparingly). You can opt out.

You can control cookies via your browser settings. Disabling essential cookies may prevent login.

8. Data Security

We employ industry-standard security measures:

  • End-to-end HTTPS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Secure OAuth token storage with encrypted fields
  • Regular security audits and penetration testing
  • Access controls and role-based permissions for staff
  • Automated threat detection and incident response

However, no system is 100% secure. You are responsible for keeping your password confidential.

9. International Data Transfers

If you are located in the EU/EEA, your data may be processed in the UK, US, or other locations. We comply with UK GDPR Standard Contractual Clauses (SCCs) and ensure appropriate safeguards are in place. Anthropic and Stripe may transfer data to the US. You can request details on safeguards by emailing support@tasknextai.one.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a notice on the Service. Your continued use of TaskNext.AI after such notice constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

TaskNext.AI

Email: support@tasknextai.one

We aim to respond to all privacy requests within 30 days.