1. Introduction
Taski is primarily a native app (iOS, Apple Watch). Cookies and similar technologies specifically concern the Web client (web.taski.chat) and this legal site (legal.taski.chat). The Desktop client (Tauri) uses local storage instead of HTTP cookies.
2. Technologies used
2.1 Strictly necessary cookies
On the Web client we use only strictly necessary cookies for the operation of the service. We do not have marketing, profiling, or third-party analytics cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| __cf_bm (Cloudflare) | Bot management and DDoS protection | 30 minutes |
| cf_clearance (Cloudflare) | Confirmation of passed anti-bot challenge | Session |
These cookies are automatically set by Cloudflare (our edge networking provider) and are necessary for the security of the service. They are exempt from prior consent under art. 122 of the Italian Privacy Code and art. 5(3) of the ePrivacy Directive.
2.2 Browser LocalStorage
The Web client uses the browser's localStorage for:
| Key | Content | Purpose |
|---|---|---|
| auth_token | Encrypted session token | Maintain login after refresh |
| linked_session_id | Device session ID | Identify the web session in the "Linked devices" panel |
| user_private_key | X25519 private key | Decrypt E2EE messages locally |
| address_book_snapshot | Encrypted contact list snapshot | Resolve iPhone contact list names locally |
| conversation_cache | Conversation list | Instant first paint |
| memory_taskiai_v2 | TaskiAI memory | Local persistence of per-chat memory |
| preferences | Theme, language, notifications | User preferences |
All this data remains on the user's browser and is deleted on logout or when the site's data is cleared. It is not shared with third parties.
2.3 IndexedDB
For messages and media the Web client uses IndexedDB (browser-side database) to:
- Store decrypted messages for fast access
- Cache decrypted media (photos, videos) to avoid re-download
- Cache contact avatars
IndexedDB also remains on the user's browser, local to the web.taski.chat domain.
2.4 Service Worker
The Web client registers a Service Worker for:
- Push notifications (Web Push API + VAPID)
- Static resource caching (PWA-like, partial offline access)
- Bridge for local resolution of contact list names in notifications
2.5 Cloudflare Pages cookies (this site)
The site legal.taski.chat is hosted on Cloudflare Pages. Cloudflare may set technical cookies for security (__cf_bm) and DDoS prevention. We do not use analytics or tracking pixels on this site.
3. Third-party cookies
We do not use third-party cookies for analytics, profiling, retargeting or advertising (e.g. Google Analytics, Facebook Pixel, etc.).
4. How to manage cookies and storage
- Block cookies: browser settings (Chrome, Safari, Firefox, Edge). Blocking strictly necessary cookies may make the Web client unusable.
- Clear storage: Browser settings → Privacy → Clear browsing data → Select cookies + site data. Causes logout from the web session.
- In-app logout: from the Web client, Settings → Log out. Deletes token and private keys from localStorage.
- Remote disconnection: from iOS, Settings → Linked devices → Revoke. Terminates the web session and invalidates the token server-side.
5. International transfers
Cloudflare technical cookies may involve data transfer to the global Cloudflare infrastructure, certified under the EU-U.S. Data Privacy Framework.
6. Changes
We may update this page if we add or remove storage technologies. The "Last updated" date will be updated.
7. Contact
Questions about cookies: privacy@taski.chat