TaskiAI policy

1. What is TaskiAI

TaskiAI is an optional AI assistant integrated into Taski, available in two distinct modes:

• Inline mode (@TaskiAI): explicitly invokable in 1-1 chats with other people (disabled in groups). Replies are visible to both chat participants. Covered by sections 2-15 of this document.
• Dedicated chat mode: a private 1-1 chat between the user and the assistant, accessible from the chat list (entry "Taski AI"). No third party is involved: messages and replies are visible only to the user. Covered by section 16.

In both modes the service is provided by Anthropic via the Claude Sonnet 4.6 (responses) and Claude Haiku 4.5 (photo captions, fact extraction for memory, moderation double-check) models, and by OpenAI (gpt-image-2) for image generation when explicitly requested by the user.

2. Exception to the E2EE model

3. What is shared with Anthropic

The following data is transmitted to the AI provider only upon explicit invocation of @TaskiAI:

• Last 20 messages of the current conversation, decrypted only in transit.
• Maximum 3 recent photos from the context, compressed to 768px and described in text by Claude Haiku 4.5. Generated captions are cached for 14 days per conversation to avoid expensive re-processing.
• The user's display name to correctly attribute the request.
• The explicit question written after @TaskiAI.

4. What we do NOT do

• ❌ The server never archives the plaintext of messages or photos at rest. It only sees them in transit, like a proxy.
• ❌ Anthropic does not use user data to train its models (Anthropic contractual policy).
• ❌ TaskiAI is never automatically invoked: only when the user writes @TaskiAI or uses the "Ask TaskiAI" actions from long-press on a message.
• ❌ No photo is sent if there are none in the 20 recent messages.
• ❌ In groups TaskiAI is disabled by design: the decision to share context must be unanimous, and maintaining bilateral consent is too fragile in a group.

5. Per-chat memory

TaskiAI can remember relevant facts that emerge in the conversation (e.g. "Stefano is celiac") to make subsequent answers more useful.

• Per-chat scope: facts from one conversation are never visible in others. Memory is isolated by (user, chat).
• Local storage + encrypted sync: facts are saved on the user's device (SwiftData on iOS, IndexedDB on Web, local file on Android) and synced across the user's devices via Cloudflare KV in end-to-end encrypted AES-256-GCM form. The key is derived from the user's private key via HKDF (salt = SHA256(convId), info = "taski-ai-memory:v1"). The server only stores encrypted data it cannot read.
• Automatic extraction: Claude Haiku 4.5 extracts facts from the context after each response. Cap: 50 facts / 2KB per chat with deterministic score-based compaction.
• Explicit commands: "remember that..." adds a fact with userStated flag (excluded from auto-compaction). "forget..." removes a fact.
• Full control: the user can disable memory, view and delete individual facts from the chat Profile → TaskiAI Memory.

6. Models used

• Claude Sonnet 4.6 (Anthropic): conversational responses, inline commands, decision to invoke the image generation tool.
• Claude Haiku 4.5 (Anthropic): fact extraction for memory, context photo description, moderation double-check, post-voice-call memory extraction (see section 16.5).
• gpt-image-2 (OpenAI): image generation when explicitly requested by the user (see section 14).
• gpt-realtime + gpt-4o-mini-transcribe (OpenAI Realtime API): full-duplex voice call with the dedicated chatbot (see section 16.5).

The actual model may vary over time to improve quality or reduce costs, always within the providers listed above (Anthropic for language models, OpenAI for image generation and realtime voice).

7. Opt-out

TaskiAI can be disabled completely in:

• iOS: Settings → Privacy → TaskiAI
• Android: Settings → Privacy → TaskiAI
• Web/Desktop: Settings → Privacy → TaskiAI

When both participants of a 1-1 chat have opt-out enabled, @TaskiAI mentions are rejected by the server.

8. Mandatory pre-invocation disclosure

The first time TaskiAI is invoked in a chat, the app shows a disclosure screen explaining what is about to be shared (including the update of the 20 messages and 3 photos). The user must confirm to proceed. The confirmation is stored locally; if we update the sharing terms (e.g. the number of messages or photos changes), the disclosure is shown again.

9. UX: skip push of the user message

When the user sends @TaskiAI ..., the other participant does not receive the push notification of that message (so they are not spammed). They only receive the push of the AI response, with TaskiAI's dedicated avatar. This reduces noise in the shared chat.

10. Contact list context in the prompt

To allow TaskiAI to refer correctly to participants, the 20 context messages are passed to the model with names from the device's address book (resolved locally on the user's device before sending) instead of numeric userIds. This improves the quality of the answers but means that Anthropic sees the names as they appear in the user's contact list.

11. Data retention

• Context messages: not persisted by the Taski server nor by Anthropic.
• Photos: not persisted. Only the generated captions (text) are cached for 14 days per chat in Cloudflare KV.
• AI responses: persisted normally in the chat messages (visible to both participants, with "✨ TaskiAI" label). They are not E2EE encrypted because the server generated them; they are protected by TLS in transit and encryption at rest.
• Memory: on the user's device (see section 5). KV ciphertext-only sync if active.

12. AI Sub-processors

AI data is processed by two distinct sub-processors, each for a specific task:

• Anthropic (Claude Sonnet 4.6 / Haiku 4.5): conversational responses, memory extraction, context photo description, moderation double-check, decision to invoke the image generation tool.
  • Privacy Policy: anthropic.com/legal/privacy
  • Acceptable Use Policy: anthropic.com/legal/aup
  • Commercial Terms: anthropic.com/legal/commercial-terms
• OpenAI: two distinct uses.
  • gpt-image-2 — image generation when the user explicitly requests it. Receives only the text prompt constructed by Claude (in English, max 1000 characters), not the original chat messages or photos.
  • gpt-realtime + gpt-4o-mini-transcribe (Realtime API) — full-duplex voice call with the dedicated chatbot. Receives streaming PCM16 audio, the transcripts generated for turn-detection, any photos the user sends during the call (max 768px, JPEG) and an initial system prompt with user name, current date/time and the chatbot's local memory. When the call is started from the dedicated chat, the system prompt also includes the last 5 text messages from that chat as passive reference context (the AI knows them but won't bring them up unless the user explicitly references them). Details in section 16.5.
  • Privacy Policy: openai.com/policies/privacy-policy
  • Business Terms: openai.com/policies/business-terms

13. Limitations and liability

• Probabilistic: TaskiAI can be wrong. Answers do not replace professional medical, legal, or financial advice.
• No persistent training: Anthropic states that it does not train models on data transmitted via the API for service purposes. However, in case of security or legal requests, transient data may be analyzed to identify abuse.
• No warranty: the service is in beta and provided "as is".

14. Image generation

When the user invokes TaskiAI with an explicit request to generate an image (e.g. "@TaskiAI draw me a sunset"), Claude Sonnet 4.6 may call an internal generate_image tool that produces the image through a second AI provider.

What is shared with OpenAI

• Only the text prompt, constructed by Claude in English (max 1000 characters), enriched with relevant details from the chat context (subject, style, mood).
• Never sent to OpenAI: original chat messages, photos, user identities, conversationId, userId.
• Style + aspect ratio chosen by Claude from a predefined set.

Where the generated image is stored

• The image is saved in the Cloudflare R2 bucket at path ai-generated/{conversationId}/{messageId}.jpg in plaintext (not end-to-end encrypted).
• Served to participants via signed URL HMAC-SHA256 with a 48h TTL, refreshable.
• Visible to both participants of the 1-1 chat, exactly as for AI text responses (section 11).

Retention and deletion

• 20 days from generation, aligned with the retention of normal chat images. Automatic cleanup via daily cron at 2 AM UTC.
• The user can manually save the image to their device gallery before expiry by tapping the image in chat.
• Once expired on R2, the image is no longer retrievable from the server, but remains visible locally on devices that have cached it.

Usage limits

• Maximum 2 images per day per user (global cap, valid across all chats). The counter resets 24h after the first generation of the window.
• If the limit is reached, a locally generated informational bubble notifies the user. No request is sent to OpenAI.

E2EE exception

15. Web search

When the user asks a question that requires fresh or recent information (weather, opening hours, current prices, today's news, recent events), Claude Sonnet 4.6 may autonomously decide to invoke a web search tool provided by Anthropic to retrieve information from the public web.

What is sent

• The search query formulated by the model based on the user's question, typically in English to optimize the search engine's result quality (e.g. "weather forecast May 5 2026"). The query is generated by the model, not written by the user, and does not include the user's precise location: only the country (IT) and timezone (Europe/Rome) are passed to the tool as localization parameters.
• The model receives up to 5 results per query (title, URL, preview snippet, page content).
• Results are included as input in the next Claude turn to produce the final reply, which cites the consulted sources.

Provider and localization

Web search is executed server-side by Anthropic via their web_search tool (Brave Search engine). Requests are localized to Italy by default (country: IT, timezone: Europe/Rome).

Limits and caps

• Maximum 2 searches per question turn (server-side cap enforced on the model).
• Maximum 5 searches per day per user (server-side cap, rolling 24h window). Once reached, the tool is no longer exposed to the model until reset; Claude will reply from its training knowledge without searching.
• The iOS client mirrors the cap for pre-empt UX: queries that look like web-search requests (keywords "search", "today", "tomorrow", "weather", "how much") are blocked locally when the cap is exhausted, avoiding wasted server calls.

Retention and privacy

• Search queries and results follow the same zero-retention agreement with Anthropic as section 11: no training, no logs beyond what is needed for the response.
• Taski does not log search queries, only an aggregate counter to enforce rate limit (KV key ai-websearch:userId with 24h TTL, holds only a number).
• Citations in the final reply (URLs and titles of consulted sites) are visible to both the user invoking @TaskiAI and the other participant of the 1-1 chat (same as the AI reply text).

16. Dedicated chat with TaskiAI (chatbot)

In addition to the inline @TaskiAI invocation described above, a private 1-1 chat with the assistant is available, reachable from the chat list under "Taski AI". It is a conversation between the user and the model, separate from any other chat: no third party sees or receives it.

16.1 What is shared with Anthropic

The following data is transmitted to the AI provider only during the active conversation:

• The text history of the dedicated chat (the user's messages and the assistant's replies).
• Photos and documents the user explicitly uploads in the chat (via the attachments button). Photos are resized and converted to text captions by Claude Haiku 4.5 before being passed to the response model.
• The dedicated chat's persistent memory (see 16.3), included in the system prompt as context.
• The user's display name, current date and time to personalize responses.

Messages from the user's other chats (1-1 with other people, groups, etc.) are never transmitted to the chatbot. The dedicated chat is isolated from all other Taski activity.

16.2 Exception to the E2EE model

16.3 Local persistent memory

• Local storage, E2EE-encrypted sync: the dedicated chat's memory is stored locally on the user's device. Where it is synced across the user's devices, this happens exclusively in end-to-end encrypted form (AES-256, key derived from the user's private key): the server only stores encrypted data it cannot read. The dedicated chat is available on iPhone and Android; Web, Desktop and Apple Watch have no access to it.
• Capacity: a limited number of facts per chat, with deduplication and automatic space management.
• Automatic extraction: Claude Haiku 4.5 extracts relevant facts after each assistant reply (skipped when attachments are present, for latency).
• Explicit commands: "remember that…" forces an addition, "forget…" removes a specific fact.
• Full control: from the dedicated chat screen the user can open "TaskiAI Memory", view the full list, delete individual facts or clear everything.
• Transmission to server: at invocation the memory is sent to the server as part of the prompt (needed by the AI model to respond) and is not stored in cleartext at rest; any multi-device synchronization happens only in end-to-end encrypted form (see above).

16.4 Image generation

When the user explicitly requests an image (e.g. "draw me…"), the chatbot can call the same generate_image tool described in section 14, with these differences:

• Usage limit: up to 2 images per day per user in the dedicated chat (counter separate from the 2-images-per-day limit of the inline mode).
• Storage: images are saved in the Cloudflare R2 bucket at ai-chatbot/{userId}/{messageId}.jpg, in clear (not end-to-end encrypted), with a 24-hour TTL.
• Local cache: after generation, the app downloads and keeps a local copy of the image on the device, which is preserved even after the R2 expiration. The user can save the image to the camera roll, share it or copy it via long-press.
• What OpenAI receives: identical to section 14 — only the text prompt built by Claude (max 1000 characters, in English), not the chat history or other photos.

16.5 Voice call with the chatbot

From the dedicated chat screen, the user can start a full-duplex voice call with TaskiAI by tapping the phone icon in the header. The conversation runs in real time over the OpenAI Realtime API; the Taski server acts as a WebSocket proxy between the user's device and OpenAI, without storing the audio.

What is shared with OpenAI during the call

• Microphone audio in PCM16 mono 24 kHz format, streamed continuously for the duration of the call.
• Transcripts generated by gpt-4o-mini-transcribe (user input) and by the gpt-realtime model (AI response) to allow natural interruptions and turn-detection (Server VAD).
• Photos sent by the user during the call: from the app, via the camera button, the user can take a photo or pick one from the gallery and send it to the AI while the call is ongoing. The photo is resized to max 768px (longest edge), JPEG-compressed and sent to OpenAI as input_image on the Realtime channel with low detail. The AI can see and comment on it by voice. The client allows one photo at a time (a second send is blocked until the receipt of the previous one is acknowledged); there is no numeric per-call cap. No photo is sent automatically: every send requires an explicit user action.
• Initial system prompt: contains the user's name, current date/time, the reduced capabilities active during the call and the local persistent memory of the chatbot (section 16.3) as context.
• Last 5 messages from the text chat (only if the call is started from the dedicated chat): to enable conversational continuity between text and voice modes, when the user starts the voice call by tapping the phone icon in the dedicated chat header, the device sends to the server the last 5 text messages of that chat (role + text, max 1900 characters per message). The server embeds them in the session instructions as a "RECENT TEXT CHAT CONTEXT (PASSIVE BACKGROUND REFERENCE ONLY)" block with explicit rules for the model: do not bring up these topics on its own, do not summarize them in the greeting, wait for the user to speak first, use them only if the user explicitly references them. If the user starts the call from a different entry point (iOS Recents, widget, etc.) no context message is sent. The 5 messages do not become turns of the voice conversation and do not flow into the transcripts passed to Claude Haiku 4.5 for post-call memory extraction.

Assistant voice

The AI speaks with OpenAI's "marin" voice (multi-language auto-match). The selection is fixed server-side and not user-configurable.

Reduced capabilities during the call

In voice mode TaskiAI cannot generate images or produce PDFs/documents: for those the user is redirected to the text chat after the call ends. It can: receive photos from the user during the call (see above) and comment on them by voice; create memos and schedule messages via dedicated tools. The persistent memory is shared between the two modes.

Post-call memory extraction

At the end of the call, the accumulated transcripts (cap 8000 characters) are sent once to Claude Haiku 4.5 (Anthropic) to extract any relevant facts to add to the user's local persistent memory (section 16.3). Facts are applied on the device via WebSocket. Transcripts are not persisted at rest by the Taski server.

Data retention

• Audio: never persisted — only in transit through the Taski → OpenAI WebSocket proxy.
• Photos sent during the call: never persisted on the Taski server. Transmitted to OpenAI inside the Realtime message and then discarded. On the user's device they remain in the local player cache only if the user took them from the in-app camera.
• Transcripts: kept in the Durable Object's memory during the session (cap 8000 characters, FIFO). At the end they are (a) sent to Claude Haiku 4.5 for memory extraction and (b) aggregated into a single TaskiAI message formatted as *You:* ... *TaskiAI:* ... inserted in the dedicated chat and shown to the user as a normal message. The dedicated chat history is kept only locally on the device (see 16.9): the server inserts the message in transit but does not persist it at rest beyond the standard delivery window.
• OpenAI may transiently retain audio and transcripts as per its own policy. OpenAI states that it does not train models on API data for service purposes.
• "Call ended" bubble: at the end of the session a system message (duration, outcome) is inserted into the chat, analogous to user-to-user voice calls. Persisted normally in the local dedicated chat history.

Usage limit

• Global cap of 2 minutes / 24 hours per user (separate from the message/image/document limits). The counter is persisted in Cloudflare KV (ai-voice-mins:{userId}, 24h TTL) and resets automatically.
• At least 30 seconds of remaining quota are required to start a call.
• When the quota is exhausted the server forces the session to close and the user sees an informational bubble.

E2EE exception

Availability

The voice call with the chatbot is available on iPhone and Android, exclusively in the dedicated chat. Web, Desktop and Apple Watch have no access to this feature.

16.6 Generated documents (PDF)

When the user explicitly requests it, the chatbot can produce a PDF document (e.g. a recipe, list, summary). The PDF is generated locally on the device by the app from the text returned by the model, and cached in the Documents/AIChatPDFs/ folder. It is never sent to OpenAI or any other provider: generation is entirely client-side. Tap the bubble → Quick Look preview with system buttons for sharing and saving.

16.7 Photos and documents uploaded by the user

• Photos: compressed and described as text by Claude Haiku 4.5 (as in inline mode). Photos are cached locally on the device for later viewing.
• Documents: the extracted text is included in the prompt sent to the model. The original binary file remains on the device.
• Neither photos nor documents uploaded by the user are persisted by the Taski server at rest.

16.8 Rate limits

• Messages: 3 messages per day per user (server-side and client-side rate limit, rolling 24h window). When reached, a banner notifies the user and temporarily blocks sending.
• Uploaded documents: 5 documents per day per user.
• Generated images: 2 per day (see 16.4).
• Voice call: 2 minutes / 24 hours total per user (see 16.5). Server-side cap persisted in Cloudflare KV.

The four limits are independent. The first three counters are persisted locally and survive app restarts; the voice-call counter is server-side persistent (KV).

16.9 Data retention

• Dedicated chat history: kept only locally on the user's device (the app's local database). Permanently deleted on logout, account deletion, or when the user manually clears the chat. Not synced to the server.
• Memory: local file, see 16.3.
• Generated images (R2): 24 hours, then automatic cleanup via daily cron.
• Generated PDFs: local app cache until logout or manual deletion.
• Voice-call audio: never persisted (see 16.5).
• Transient transmission: Anthropic and OpenAI may transiently retain data as per their respective policies (see section 12). Anthropic and OpenAI state that they do not train models on API data.

16.10 Multi-platform availability

The dedicated chat is available on iPhone and Android. Web, Desktop and Apple Watch have no access to the dedicated chatbot, its memory or the voice call.

16.11 Opt-out

The global TaskiAI opt-out from section 7 (Settings → Privacy → TaskiAI) disables both the inline mode and the dedicated chat (text and voice). Alternatively, the user may simply never open the dedicated chat or start the voice call: no request is sent to the AI providers until the user explicitly interacts.

17. Voice-scheduled messages

During a voice call with TaskiAI, the user may ask the assistant to schedule a future message to one of their contacts: e.g. "send Marco tomorrow at 10 the message: hi how are you". For full transparency, the complete step-by-step flow is described below.

17.1 What passes through OpenAI in cleartext

1. The user's voice is transcribed in real time by the OpenAI Realtime API on OpenAI's servers, in cleartext, with contractually zero retention (see section 12).
2. The AI extracts the three required parameters: recipient name, message text, future date/time.
3. In this step the message text passes through OpenAI in cleartext — this is unavoidable, because the AI needs to understand what to write in order to structure it correctly.

17.2 What happens on the device

1. The user's device receives the extracted parameters.
2. It identifies the matching Taski contact in the local address book (case-insensitive textual matching against contacts with whom a 1-1 chat already exists).
3. It prepares the message in cleartext locally.

17.3 E2EE encryption before delivery to the Taski server

1. Before sending to the server, the message is end-to-end encrypted with AES-256-GCM and a symmetric key shared via X25519, exactly like a regular message.
2. The Taski server receives only the encrypted version, stored in the scheduled_messages table.
3. At the scheduled time, a server cron job delivers the encrypted message to the recipient via WebSocket or push.
4. The recipient decrypts the message on their own device: the Taski server never has access to the plaintext.

17.4 Confidentiality summary

OpenAI temporarily sees the message text (because it transcribes the user's voice and processes it to extract the parameters), but the final message reaches the recipient E2EE like any other Taski message. The Taski server never sees the plaintext. The AI provider (OpenAI) sees it only in transit for the time strictly necessary for processing, under a zero-retention contract (see section 12).

17.5 Usage limits (MVP)

• Works only with contacts the user already has a 1-1 chat open with.
• Name matching is textual (case-insensitive contains): if the user has multiple contacts with the same name, the AI will ask to specify more precisely.
• Text only: photos, voice messages, videos and documents cannot currently be scheduled by voice.
• The date/time must be in the future. The AI computes relative dates ("tomorrow at 10", "tonight at 8") in the device's local timezone.

17.6 100% E2EE alternative without AI provider

A user who prefers not to let the message text transit through OpenAI even temporarily may always schedule messages manually from the chat interface, via the clock icon in the input bar. Manual scheduling is 100% E2EE end-to-end and does not involve any AI provider: the message is encrypted on the device before leaving, like any other Taski message.

17.7 Opt-out

The global TaskiAI opt-out described in section 7 also disables the ability to schedule messages by voice (the voice call with TaskiAI is no longer available). Manual scheduling from the chat interface remains available at all times and is not affected by the AI opt-out.

18. Contact