Data subject rights

Last updated:

1. User rights

Pursuant to EU Regulation 2016/679 (GDPR) the user has the following rights over their personal data:

  • Right of access (art. 15) — to know which data we hold and obtain a copy.
  • Right of rectification (art. 16) — to correct inaccurate or incomplete data.
  • Right to erasure "right to be forgotten" (art. 17) — to delete the account and all associated data.
  • Right of restriction (art. 18) — to restrict processing in specific cases.
  • Right to portability (art. 20) — to receive personal data in a structured, readable format.
  • Right to object (art. 21) — to object to processing for legitimate purposes.
  • Right not to be subject to automated decisions (art. 22) — including the right to request human intervention on suspension/ban decisions.
  • Right to lodge a complaint with the supervisory authority (art. 77) — the data protection authority in the relevant EU country (e.g. the Italian Garante per la protezione dei dati personali, or the corresponding national authority in the relevant member state).

2. How to exercise rights — directly in the app

2.1 Access and portability

It is possible to download personal data using the built-in backup function:

  • iOS: Settings → Backup → Export backup (AES-256 encrypted format with a password chosen by the user).
  • Chat export: from the single chat, menu → Export chat (TXT file with history).

The backup contains messages, contacts, E2EE keys and optionally media. The format is documented to allow portability.

2.2 Rectification

  • Profile: Settings → Profile (name, photo, status).
  • Phone number: Settings → Change number.
  • Privacy: Settings → Privacy (who can see last seen, photo, status; read receipts, etc.).

2.3 Erasure

  • iOS: Settings → Account → Delete account. Irreversible operation.
  • Deletion entails the removal of all associated data (profile, server messages in queue, public keys, contacts, sessions).
  • Messages already delivered to recipients remain on their devices (we cannot delete them from there, they are out of our control after delivery).

2.4 Objection and restriction

  • TaskiAI: Settings → Privacy → TaskiAI → Disable.
  • Contact list sync: Settings → Privacy → Permissions → Revoke contacts (iOS system Settings).
  • Music status: Settings → Privacy → Music listening → Disable.
  • Read receipts: Settings → Privacy → Read receipts → Disable.
  • Notifications when Web is active: from the toggle at the top of the chat list.

3. Rights request form via email

For users who prefer to proceed via email or when the in-app function is not sufficient, requests can be sent to privacy@taski.chat including:

Request form:

  1. Right exercised: access / rectification / erasure / restriction / portability / objection
  2. The registered phone number (in international format, e.g. +39 333 1234567)
  3. Account ID (visible in Settings → Profile → tap on "Your ID")
  4. Description of the request: what is specifically requested
  5. Identity verification: confirmation that a verification code can be received at the indicated number

4. Identity verification

To protect users from fraudulent requests by third parties, before processing a request we must verify the identity:

  • We will send a verification code via SMS to the registered number.
  • For sensitive requests (deletion, full export) we may request a second element (e.g. screenshot of an active session).
  • If no response is received within 30 days, the request will be closed for inactivity.

5. Response times

  • Initial response: within 48 business hours of receipt.
  • Request execution: within 30 days of identity verification (extendable to 60 days for complex requests, pursuant to art. 12.3 GDPR; in such case the user will be informed of the extension).
  • Account deletion: immediate (in-app request) or within 7 days if via email (to allow possible cancellation).

6. Costs

The exercise of rights is free of charge. Pursuant to art. 12.5 GDPR, we may charge a reasonable fee or refuse the request only if it is manifestly unfounded or excessive (e.g. repeated).

7. Complaint to the supervisory authority

The user has the right to lodge a complaint with the competent supervisory authority in their country of residence. The relevant authority depends on the country of residence within the EU. Below are some examples; for a complete list see the European Data Protection Board.

Italy — Garante per la Protezione dei Dati Personali

Website: garanteprivacy.it

Complaint form: garanteprivacy.it/home/diritti

Email: protocollo@gpdp.it

For residents in other EU countries, see the list of national authorities maintained by the European Data Protection Board: edpb.europa.eu/about-edpb/members.

For general informational purposes, residents in the United Kingdom may refer to the Information Commissioner's Office (ICO), and residents in the United States may refer to the Federal Trade Commission (FTC) for consumer-protection matters. Note that Taski is established in the EU and is primarily subject to the GDPR.

8. Automated decisions (suspensions and bans)

Suspension decisions (7-day soft ban) and permanent ban are made by an automated system (Llama Guard 3 + Claude Haiku 4.5) with potentially significant legal consequences. The user has the right to:

  • Human intervention: request manual review of an automatic decision.
  • Express their point of view and obtain explanations on the logic of the decision (category of violation, applied thresholds).
  • Challenge the decision by writing to privacy@taski.chat with the account ID.

For details on the moderation system see the Acceptable use policy.

9. Language of communication

Requests can be submitted in Italian, English, Spanish or German. We will reply in the same language whenever possible.

10. Contact

Data controller: Stefano Bigioggero

Email: privacy@taski.chat

Website: taski.chat