Privacy policy

Last updated:

1. Data controller

The data controller of personal data is:

Stefano Bigioggero

Email: privacy@taski.chat

Location: Italy (EU jurisdiction)

2. Introduction

Taski is an instant messaging application available on iOS, Android, Apple Watch, Web (web.taski.chat) and Desktop (macOS and Windows via Tauri). It places privacy and security at the heart of its architecture.

Taski uses End-to-End Encryption for all 1-1 and group conversations, voice/video calls and media. Only the user and the recipients can read the messages. Not even we, as the developers, have access to their content.

3. Data we collect

3.1 Registration data

  • Phone number: primary identifier, verified via SMS (Twilio service).
  • Verification code: temporary 6-digit code sent via SMS, valid for 10 minutes.

3.2 Profile data

These are optional data the user may choose to provide:

  • Display name
  • Status/Bio (short description)
  • Profile photo (stored on our servers, accessible according to the user's privacy settings)

3.3 1-1 conversations (E2EE)

  • End-to-end encrypted with X25519 (key exchange) + AES-256-GCM (encryption).
  • Messages are not permanently stored on our servers. They remain in the offline queue for a maximum of 7 days to ensure delivery.
  • For synchronization across the user's devices (iPhone, Android, Watch, Web, Desktop), messages may remain in encrypted form for up to 7 days after delivery.
  • Once the period expires, messages are automatically deleted.

3.4 Group conversations (E2EE)

  • Encrypted with a symmetric AES-256 key shared among members, distributed via ECDH (Curve25519).
  • An additional layer of encryption at rest is applied on the server.
  • Group metadata (name, participants, administrators) is stored for management purposes.
  • Keys are regenerated whenever members change.
  • A minimum of 200 messages per conversation is retained to ensure history continuity.

3.5 Voice and video calls (E2EE)

  • Each call derives a unique AES-256-GCM key via HKDF (ECDH + random salt per call + call ID).
  • Not even the transport provider (Agora) can access the audio/video content.
  • No recording: calls are never stored.
  • Metadata retained: who called whom, type (audio/video), duration, date/time โ€” only for the call history within the app.
  • Heartbeat: every 15 seconds during an active call. If 3 consecutive heartbeats are missed (45 seconds), the call ends automatically.

3.6 Stories

  • The media (photo or video) is end-to-end encrypted: the server cannot view its content. Engagement metadata (views, "likes") are instead visible to the server in cleartext, as they are needed to show counts and the "who viewed" list to the creator. Replies to stories travel as regular 1-to-1 chat messages, so they are end-to-end encrypted.
  • They are automatically deleted after 24 hours.
  • The creator can see who has viewed their story.
  • It is possible to "like" and reply to stories.

3.7 Technical data

The technical data collected to operate the service are:

APNs / FCM push tokens
To send notifications to the user.
VoIP token
To receive calls when the app is in the background (PushKit).
Public encryption keys
For the secure exchange of E2EE keys. Private keys always remain on the user's device (iOS Keychain).
Contact list (optional)
If the user grants permission, only the cryptographic hashes (HMAC with pepper) of phone numbers are synchronized. Plaintext numbers are never sent to our servers.
Access timestamps
For "last seen" and message delivery (respecting privacy settings).
Conversation metadata
Conversation ID, timestamps, read/delivery status.
Linked devices
Platform, user-agent, session ID, last access.

3.8 Media

  • Images, videos, voice notes, documents, GPS locations: all end-to-end encrypted (AES-256-GCM) before upload, temporarily stored on Cloudflare R2.
  • GIFs: from Giphy via our proxy (the query is not associated with the user's account).
  • Emoji reactions: stored as metadata.
  • AI-generated stickers: generated on-demand via OpenAI gpt-image-1 (with Anthropic + Flux Schnell on Workers AI fallback). In "photo โ†’ sticker" mode the source image is sent in cleartext to the Taski worker and from there forwarded to the AI provider: it is NOT end-to-end encrypted at this stage (only protected by TLS in transit; the worker does not store it). The resulting sticker is then end-to-end encrypted like other media before being sent in chat.

3.9 Music listening (optional)

  • Taski can share the user's music listening status with their contacts (Apple Music or Spotify).
  • Data shared: track title and artist name currently playing.
  • Can be disabled in privacy settings. It is not saved on the servers.

3.10 Backup

  • iCloud backup: in the user's personal iCloud space.
  • AES-256 encryption with a password chosen by the user.
  • Includes messages, contacts, E2EE keys and optionally media.
  • We do not have access to user backups. If the password is lost, the data is unrecoverable.

4. How we use user data

We use the data we collect exclusively to:

  • Provide the messaging service (delivery, synchronization, notifications, calls).
  • Manage the user's account (authentication, verification, profile).
  • Ensure security (prevent abuse, spam, automated attacks).
  • Improve the app (anonymous analytics to identify bugs and optimize performance).
  • Comply with legal obligations if required by competent authorities.

We do NOT use user data for:

  • Targeted advertising or profiling
  • Selling or sharing with commercial third parties
  • Analyzing the content of E2EE messages (we cannot: they are encrypted)
  • Behavioral tracking for marketing purposes

5. Sharing data with third parties

5.1 Cloudflare

  • Service: backend hosting (Workers), D1 database, R2 storage, KV cache, WebSocket via Durable Objects, Web client hosting (Pages), bot protection (Turnstile).
  • Data shared: all data stored on our servers. For bot protection, Turnstile collects IP address, TLS fingerprint and User-Agent; these signals are classified as strictly necessary and are not used to identify, profile or track users.
  • Privacy Policy: cloudflare.com/privacypolicy
  • Turnstile Privacy: cloudflare.com/turnstile-privacy-policy

5.2 Apple (APNs and PushKit)

  • Service: push and VoIP notifications.
  • Data shared: APNs/VoIP tokens. The notification content is normally a placeholder; decryption happens locally in the notification service extension using the private key stored in the Keychain.
  • Privacy Policy: apple.com/legal/privacy

5.3 Google โ€” Firebase Cloud Messaging (FCM)

  • Service: push notifications for Android devices.
  • Data shared: FCM push token and the metadata needed to compose the notification (conversation and sender ID, sender display name and phone number, signed avatar URL). The message content is end-to-end encrypted and Google does not hold the keys to decrypt it. Only for non-encrypted service messages (e.g. support replies) the notification title and body are visible.
  • Privacy Policy: firebase.google.com/support/privacy

5.4 Twilio

  • Service: sending SMS for phone number verification.
  • Data shared: phone number, verification code.
  • Privacy Policy: twilio.com/legal/privacy

5.5 Agora

  • Service: infrastructure for voice/video calls.
  • Data shared: E2EE-encrypted audio/video stream (not accessible to Agora), channel ID, anonymized user ID.
  • Privacy Policy: agora.io/en/privacy-policy

5.6 Anthropic (TaskiAI)

  • Service: AI assistant for the inline @TaskiAI mode in chats with other people and for the dedicated "Taski AI" chat (Claude Sonnet 4.6 + Haiku 4.5).
  • Data shared (inline mode): ONLY upon explicit invocation of @TaskiAI โ€” last 20 messages of context, max 3 recent photos (described by Haiku as captions), name of the invoker, question.
  • Data shared (dedicated chat): on every message sent in the dedicated chat โ€” message text, any attached photos/PDFs, the chatbot's local persistent memory (max 30 facts) as part of the prompt.
  • Contractual guarantee: Anthropic does not use the data to train its models.
  • See also: TaskiAI policy
  • Privacy Policy: anthropic.com/legal/privacy

5.7 OpenAI

  • Services: on-demand AI sticker generation (gpt-image-1), TaskiAI image generation (inline and dedicated chat) on explicit user request (gpt-image-2), full-duplex voice call with the Taski AI chatbot (gpt-4o-realtime-preview + gpt-4o-mini-transcribe).
  • Data shared: text prompt (or source photo in sticker mode), microphone audio streaming during voice calls, initial system prompt with user's name and the chatbot's local memory.
  • Privacy Policy: openai.com/policies/privacy-policy

5.8 Giphy

  • Service: GIF library accessed via our proxy.
  • Data shared: search query (not associated with the user's account).
  • Privacy Policy: giphy.com/privacy

5.9 Amazon Web Services โ€” Key Transparency Witness

Taski publishes a public, append-only, verifiable log (Merkle tree, RFC-6962 standard) of users' public encryption keys (Key Transparency), so that clients can detect any covert key substitution. To also make a server equivocation detectable (showing divergent logs to different users), the log's fingerprints (Signed Tree Head) are co-signed by an independent witness hosted on Amazon Web Services (AWS Lambda, Tokyo region, Japan).

  • Data transmitted: exclusively aggregated cryptographic hashes (Merkle root hash), digital signatures and consistency proofs. No personal data, message content, private keys, phone numbers or user identifiers.
  • Purpose: to guarantee the integrity and non-equivocation of the public-key log.
  • How: co-signing happens server-side (clients never contact AWS) and only at the periodic sealing of the log (a few calls per day).
  • Privacy Policy: aws.amazon.com/privacy

6. Data retention

Data typeRetention period
1-1 messages (offline queue)Max 7 days (deleted after delivery)
1-1 messages (multi-device sync)Max 7 days after delivery, always E2EE encrypted
Group messages7 days after sync (minimum 200 per chat)
Videos7 days after sending
Images, documents, voice notes20 days after sending
Stories24 hours (automatic deletion)
Profile photos (avatars)Until account deletion
Call historyUntil account deletion
Failed push notifications7 days (with automatic retry)
SMS verification codes10 minutes
TaskiAI photo captions (cache)14 days per conversation
Contact list hashesUntil account deletion or permission revocation

Note: messages retained for synchronization remain end-to-end encrypted for the entire period. Neither we nor third parties can access them.

7. Technical security

  • E2EE: X25519 + AES-256-GCM for 1-1 chats and groups.
  • E2EE calls: HKDF (ECDH + random salt) + AES-256-GCM.
  • AKD (Auditable Key Directory): hash chain on key_events to detect tampering of public keys (MITM).
  • Key rotation: automatic regeneration of E2EE keys every 10 days (with a minimum of 7 days between consecutive rotations). Previous private keys remain available locally in a grace period to decrypt historical messages already received.
  • Encryption in transit: TLS 1.3 + secure WebSocket.
  • Encryption at rest: databases and storage protected with AES-256 (double layer for groups).
  • No plaintext fallback: in case of an encryption error, the message is not sent.
  • Authentication: SMS OTP + native iOS Passkeys (post-onboarding) + Face ID/Touch ID for app lock.
  • Anti-SIM-swap: SMS verification on web is blocked if the user has an active iOS device within 30 days.
  • App Attest (iOS): cryptographic attestation of app integrity via Apple App Attest, to block API access from tampered or counterfeit clients.
  • Rate limiting on all sensitive endpoints.
  • Device management: view and revoke sessions from settings.

8. Platforms and clients

  • iOS (iPhone): native app with all features, requires iOS 17.6 or later.
  • Android: native app with the E2EE features (chats, groups, calls, media, stories, voice messages, Key Transparency); requires Android 8.0 (API 26) or later. Push notifications via Firebase Cloud Messaging.
  • Apple Watch: companion to view and reply to messages (including E2EE voice notes).
  • Web: client accessible at web.taski.chat, linked via QR code. Supports chats, calls, media, all E2EE features.
  • Desktop: macOS and Windows (Tauri build), automatic signed updates.

Web/desktop sessions are visible and can be revoked at any time from Settings โ†’ Linked devices.

9. User rights (GDPR)

Pursuant to EU Regulation 2016/679 (GDPR), the user has the right to:

  • Access: obtain a copy of personal data (Backup function).
  • Rectification: correct inaccurate data from the app (Profile settings).
  • Erasure: delete the account and all associated data (Settings โ†’ Delete account).
  • Portability: receive personal data in a readable format (export backup).
  • Objection: object to processing for specific purposes.
  • Restriction: request restriction of processing.
  • Complaint: file a complaint with the competent data protection authority in the relevant EU country (e.g. the Italian Garante per la protezione dei dati personali โ€” garanteprivacy.it). Residents in other EU countries can find the relevant authority on the EDPB website.

For detailed instructions see: Data subject rights.

10. Privacy settings in the app

  • Last seen: everyone / contacts only / nobody.
  • Profile photo: everyone / contacts only / nobody.
  • Status/Bio: everyone / contacts only / nobody.
  • Read receipts: can be enabled/disabled.
  • Music listening: sharing can be enabled/disabled.
  • Notifications when Web is active: receive or not receive notifications on iPhone when Web is connected.
  • Block users: block without notice.
  • TaskiAI: full opt-out (see TaskiAI policy).
  • Anti-abuse system: transparency on moderation (see Acceptable use policy).
  • Linked devices: view and revoke Web/Desktop sessions.

Reciprocity: if the user disables last seen, read receipts and profile photo visibility, they will automatically no longer see the same information for their contacts.

11. Minors

Taski is intended for users aged 16 years or older. We do not knowingly collect data from minors under 16. Anyone who becomes aware that a minor has provided data is asked to contact us immediately for removal.

To protect minors, Taski adopts a zero-tolerance policy on child sexual abuse material (CSAM): see Acceptable use policy.

12. International transfers

User data is hosted on Cloudflare, which operates a global network. Data may be processed edge-side in the geographically closest data center. Cloudflare is certified under the EU-U.S. Data Privacy Framework for EU โ†’ US transfers. The Key Transparency witness is hosted on Amazon Web Services in Japan and receives only aggregated cryptographic hashes and signatures of the public-key log, which do not constitute personal data. Transfers to providers (Apple, Twilio, Agora, Anthropic, OpenAI, Giphy, Amazon Web Services) take place under Standard Contractual Clauses approved by the EU Commission.

13. Changes to this policy

We may update this policy to reflect changes to the service or to legal obligations. Material changes will be communicated via:

  • In-app notification
  • Update of the "Last updated" date at the top of this document

Continued use of Taski after the changes constitutes acceptance of the new policy.

14. On-device semantic search

Taski includes an intelligent semantic search across the user's chats that runs entirely on the user's device. No text, embedding or query ever leaves the device.

How it works

  • Messages are transformed into vectors (512-dim embeddings) using Apple's NLContextualEmbedding model, executed on-device.
  • The index is stored locally (SwiftData), encrypted at rest by the iOS system.
  • When the user runs a search, the query is also transformed into a vector on-device and compared locally.
  • Works offline / in airplane mode.

Two intelligence levels

  • Base version (all iOS 17+ devices): full semantic search with Apple embeddings, weighted stop-word pooling for IT/EN/ES/DE, time-decay scoring.
  • Advanced version (iPhone with Apple Intelligence, iOS 26+): additional re-ranker using Apple's on-device Foundation Model to better order results by relevance.

In both cases everything runs on-device: neither the Taski server, nor Apple, nor any provider receives text or queries. Apple does not receive the user's messages (models run locally).

Controls available to the user

  • Toggle ON/OFF in Settings โ†’ Privacy โ†’ Semantic Search.
  • The user may clear the index at any time; it will be rebuilt at the next bootstrap.
  • Faceted filters (date, message type, sender, chat) applied locally on ranked results.

15. In-app support

Taski provides a built-in support system, accessible from Settings โ†’ Support. Support conversations are not end-to-end encrypted, as support staff (and an AI first-response assistant) need to read messages in order to help.

  • Encryption at rest: support messages are encrypted server-side (AES-256) in a dedicated database. No data is transmitted or stored in plaintext.
  • Separate infrastructure: the support system runs on a dedicated Cloudflare Worker, database (D1) and storage (R2), fully isolated from user chat data.
  • AI assistant: a language model (Anthropic Claude Haiku) may process support messages to provide automated initial responses. The same conditions described in section 5.6 Anthropic (TaskiAI) apply.
  • Retention: support conversations are retained for the time needed to resolve the request and no longer than 12 months after ticket closure, after which they are automatically deleted.
  • Attachments (screenshots, logs) sent by the user to support are encrypted at rest on Cloudflare R2 and deleted together with the conversation.

16. Contact

Privacy email: privacy@taski.chat

Website: taski.chat

Response time: within 48 hours (business days)

โ†‘