Privacy policy

Contents

Data controller
Introduction
Data we collect
How we use user data
Sharing with third parties
Data retention
Technical security
Platforms and clients
User rights (GDPR)
Privacy settings in the app
Minors
International transfers
Changes to this policy
Contact

1. Data controller

The data controller of personal data is:

Stefano Bigioggero

Location: Italy (EU jurisdiction)

2. Introduction

Taski is an instant messaging application available on iOS, Apple Watch, Web (web.taski.chat) and Desktop (macOS and Windows via Tauri). It places privacy and security at the heart of its architecture.

Taski uses End-to-End Encryption for all 1-1 and group conversations, voice/video calls and media. Only the user and the recipients can read the messages. Not even we, as the developers, have access to their content.

3. Data we collect

3.1 Registration data

Phone number: primary identifier, verified via SMS (Twilio service).
Verification code: temporary 6-digit code sent via SMS, valid for 10 minutes.

3.2 Profile data

These are optional data the user may choose to provide:

Display name
Status/Bio (short description)
Profile photo (stored on our servers, accessible according to the user's privacy settings)

3.3 1-1 conversations (E2EE)

End-to-end encrypted with X25519 (key exchange) + AES-256-GCM (encryption).
Messages are not permanently stored on our servers. They remain in the offline queue for a maximum of 7 days to ensure delivery.
For synchronization across the user's devices (iPhone, Watch, Web, Desktop), messages may remain in encrypted form for up to 7 days after delivery.
Once the period expires, messages are automatically deleted.

3.4 Group conversations (E2EE)

Encrypted with a symmetric AES-256 key shared among members, distributed via ECDH (Curve25519).
An additional layer of encryption at rest is applied on the server.
Group metadata (name, participants, administrators) is stored for management purposes.
Keys are regenerated whenever members change.
A minimum of 200 messages per conversation is retained to ensure history continuity.

3.5 Voice and video calls (E2EE)

Each call derives a unique AES-256-GCM key via HKDF (ECDH + random salt per call + call ID).
Not even the transport provider (Agora) can access the audio/video content.
No recording: calls are never stored.
Metadata retained: who called whom, type (audio/video), duration, date/time — only for the call history within the app.
Heartbeat: every 15 seconds during an active call. If 3 consecutive heartbeats are missed (45 seconds), the call ends automatically.

3.6 Stories

They are not end-to-end encrypted, unlike messages and calls. They are protected by encryption in transit (HTTPS/TLS) and at rest on the servers.
They are automatically deleted after 24 hours.
The creator can see who has viewed their story.
It is possible to "like" and reply to stories.

3.7 Technical data

APNs/FCM push tokens: to send notifications to the user.
VoIP token: to receive calls when the app is in the background (PushKit).
Public encryption keys: for the secure exchange of E2EE keys. Private keys always remain on the user's device (iOS Keychain).
Contact list (optional): if the user grants permission, we synchronize only the cryptographic hashes (HMAC with pepper) of phone numbers. Plaintext numbers are never sent to our servers.
Access timestamps: for "last seen" and message delivery (respecting privacy settings).
Conversation metadata: conversation ID, timestamps, read/delivery status.
Linked devices: platform, user-agent, session ID, last access.

3.8 Media

Images, videos, voice notes, documents, GPS locations: all end-to-end encrypted (AES-256-GCM) before upload, temporarily stored on Cloudflare R2.
GIFs: from Giphy via our proxy (the query is not associated with the user's account).
Emoji reactions: stored as metadata.
AI-generated stickers: generated on-demand via OpenAI gpt-image-1; the source image (in photo mode) is E2EE encrypted like other media.

3.9 Music listening (optional)

Taski can share the user's music listening status with their contacts (Apple Music or Spotify).
Data shared: track title and artist name currently playing.
Can be disabled in privacy settings. It is not saved on the servers.

3.10 Backup

iCloud backup: in the user's personal iCloud space.
AES-256 encryption with a password chosen by the user.
Includes messages, contacts, E2EE keys and optionally media.
We do not have access to user backups. If the password is lost, the data is unrecoverable.

4. How we use user data

We use the data we collect exclusively to:

Provide the messaging service (delivery, synchronization, notifications, calls).
Manage the user's account (authentication, verification, profile).
Ensure security (prevent abuse, spam, automated attacks).
Improve the app (anonymous analytics to identify bugs and optimize performance).
Comply with legal obligations if required by competent authorities.

We do NOT use user data for:

Targeted advertising or profiling
Selling or sharing with commercial third parties
Analyzing the content of E2EE messages (we cannot: they are encrypted)
Behavioral tracking for marketing purposes

5. Sharing data with third parties

5.1 Cloudflare

Service: backend hosting (Workers), D1 database, R2 storage, KV cache, WebSocket via Durable Objects, Web client hosting (Pages).
Data shared: all data stored on our servers.
Privacy Policy: cloudflare.com/privacypolicy

5.2 Apple (APNs and PushKit)

Service: push and VoIP notifications.
Data shared: APNs/VoIP tokens. The notification content is normally a placeholder; decryption happens locally in the notification service extension using the private key stored in the Keychain.
Privacy Policy: apple.com/legal/privacy

5.3 Twilio

Service: sending SMS for phone number verification.
Data shared: phone number, verification code.
Privacy Policy: twilio.com/legal/privacy

5.4 Agora

Service: infrastructure for voice/video calls.
Data shared: E2EE-encrypted audio/video stream (not accessible to Agora), channel ID, anonymized user ID.
Privacy Policy: agora.io/en/privacy-policy

5.5 Anthropic (TaskiAI)

Service: inline AI assistant (Claude Sonnet 4.6 + Haiku 4.5).
Data shared: ONLY upon explicit invocation of @TaskiAI — last 20 messages of context, max 3 recent photos (described by Haiku as captions), name of the invoker, question.
Contractual guarantee: Anthropic does not use the data to train its models.
See also: TaskiAI policy
Privacy Policy: anthropic.com/legal/privacy

5.6 OpenAI (AI stickers)

Service: on-demand AI sticker generation (gpt-image-1).
Data shared: text prompt or source photo (in photo mode).
Privacy Policy: openai.com/policies/privacy-policy

5.7 Giphy

Service: GIF library accessed via our proxy.
Data shared: search query (not associated with the user's account).
Privacy Policy: giphy.com/privacy

6. Data retention

Data type	Retention period
1-1 messages (offline queue)	Max 7 days (deleted after delivery)
1-1 messages (multi-device sync)	Max 7 days after delivery, always E2EE encrypted
Group messages	7 days after sync (minimum 200 per chat)
Videos	7 days after sending
Images, documents, voice notes	20 days after sending
Stories	24 hours (automatic deletion)
Profile photos (avatars)	Until account deletion
Call history	Until account deletion
Failed push notifications	7 days (with automatic retry)
SMS verification codes	10 minutes
TaskiAI photo captions (cache)	14 days per conversation
Contact list hashes	Until account deletion or permission revocation

Note: messages retained for synchronization remain end-to-end encrypted for the entire period. Neither we nor third parties can access them.

7. Technical security

E2EE: X25519 + AES-256-GCM for 1-1 chats and groups.
E2EE calls: HKDF (ECDH + random salt) + AES-256-GCM.
AKD (Auditable Key Directory): hash chain on key_events to detect tampering of public keys (MITM).
Key rotation: periodic regeneration of E2EE keys.
Encryption in transit: TLS 1.3 + secure WebSocket.
Encryption at rest: databases and storage protected with AES-256 (double layer for groups).
No plaintext fallback: in case of an encryption error, the message is not sent.
Authentication: SMS OTP + native iOS Passkeys (post-onboarding) + Face ID/Touch ID for app lock.
Anti-SIM-swap: SMS verification on web is blocked if the user has an active iOS device within 30 days.
Rate limiting on all sensitive endpoints.
Device management: view and revoke sessions from settings.

8. Platforms and clients

iOS (iPhone): native app with all features, requires iOS 17.6 or later.
Apple Watch: companion to view and reply to messages (including E2EE voice notes).
Web: client accessible at web.taski.chat, linked via QR code. Supports chats, calls, media, all E2EE features.
Desktop: macOS and Windows (Tauri build), automatic signed updates.

Web/desktop sessions are visible and can be revoked at any time from Settings → Linked devices.

9. User rights (GDPR)

Pursuant to EU Regulation 2016/679 (GDPR), the user has the right to:

Access: obtain a copy of personal data (Backup function).
Rectification: correct inaccurate data from the app (Profile settings).
Erasure: delete the account and all associated data (Settings → Delete account).
Portability: receive personal data in a readable format (export backup).
Objection: object to processing for specific purposes.
Restriction: request restriction of processing.
Complaint: file a complaint with the competent data protection authority in the relevant EU country (e.g. the Italian Garante per la protezione dei dati personali — garanteprivacy.it). Residents in other EU countries can find the relevant authority on the EDPB website.

For detailed instructions see: Data subject rights.

10. Privacy settings in the app

Last seen: everyone / contacts only / nobody.
Profile photo: everyone / contacts only / nobody.
Status/Bio: everyone / contacts only / nobody.
Read receipts: can be enabled/disabled.
Music listening: sharing can be enabled/disabled.
Notifications when Web is active: receive or not receive notifications on iPhone when Web is connected.
Block users: block without notice.
TaskiAI: full opt-out (see TaskiAI policy).
Anti-abuse system: transparency on moderation (see Acceptable use policy).
Linked devices: view and revoke Web/Desktop sessions.

Reciprocity: if the user hides their last seen, they will not be able to see others'. The same applies to read receipts and profile photos.

11. Minors

Taski is intended for users aged 16 years or older. We do not knowingly collect data from minors under 16. Anyone who becomes aware that a minor has provided data is asked to contact us immediately for removal.

To protect minors, Taski adopts a zero-tolerance policy on child sexual abuse material (CSAM): see Acceptable use policy.

12. International transfers

User data is hosted on Cloudflare, which operates a global network. Data may be processed edge-side in the geographically closest data center. Cloudflare is certified under the EU-U.S. Data Privacy Framework for EU → US transfers. Transfers to other providers (Apple, Twilio, Agora, Anthropic, OpenAI, Giphy) take place under Standard Contractual Clauses approved by the EU Commission.

13. Changes to this policy

We may update this policy to reflect changes to the service or to legal obligations. Material changes will be communicated via:

In-app notification
Update of the "Last updated" date at the top of this document

Continued use of Taski after the changes constitutes acceptance of the new policy.

14. Contact

Privacy email: privacy@taski.chat

Website: taski.chat

Response time: within 48 hours (business days)