Aftertask
Log in Sign up
Product Features Pricing Log in
Sign up

Legal

Privacy Policy

Last updated: 2026-06-10

This page explains what data Aftertask collects, why, and how to exercise your rights over it.

1. Data we collect

  • Account: email, name, avatar, authentication status, and preferences.
  • Workspace content: workspaces, projects, tasks, labels, snapshots, reports, memberships, invites, and note text you submit to Notes-to-Tasks.
  • AI feature data: when you use Notes-to-Tasks, submitted note text and relevant project context are sent to OpenRouter for processing with Zero Data Retention enabled. The preview is returned for your review. If you apply a proposed change, the resulting task data is stored in your workspace.
  • AI usage and debug data: provider, model, token and credit counts, status, duration, error details, and AI processing logs that may include submitted note text and model output.
  • Billing: handled by Paddle as Merchant of Record or authorized reseller. We receive customer, subscription, transaction, and limited payment-method references, such as card brand and last four digits. We do not see full card details.
  • Operational: request logs (IP, user agent, request id) for security and debugging.
  • Essential cookies: session, CSRF protection, and app preference cookies needed to keep the service secure and usable. We do not use advertising cookies.

2. Why we collect it

  • To deliver the service you signed up for (contractual basis under GDPR Art. 6(1)(b)).
  • To keep the service secure and reliable (legitimate interest, Art. 6(1)(f)).
  • To process payments via Paddle (contractual basis).
  • To meter AI usage, prevent abuse, and troubleshoot AI processing issues (contractual basis and legitimate interest).

3. Sub-processors

We rely on the following third parties to operate Aftertask. Each receives only the data needed for their function:

  • Cloudflare: static hosting, object storage for uploaded avatars and backups when configured, DDoS protection, and TLS proxying.
  • AWS: transactional email through SES and infrastructure services when configured.
  • Paddle: Merchant of Record or authorized reseller for subscription and one-time payments.
  • Axiom: log aggregation for request logs and error reports.
  • Google: OAuth login. When you choose Sign in with Google, we receive your email, name, and avatar from your Google profile.
  • OpenRouter: AI request routing for Notes-to-Tasks. Our OpenRouter configuration uses Zero Data Retention routing so requests are limited to endpoints with zero-data-retention policies. We do not opt in to prompt logging.

4. Retention

We retain account and workspace data while your account or workspace remains active. If you delete your account from Account settings, we immediately sign you out, remove your active workspace access, delete or scrub account-linked personal data such as your name, email, avatar, authentication identities, preferences, reset tokens, and verification records, and anonymize retained workspace history so it no longer identifies you. If you are the only member of a workspace, that workspace is deleted; if other members remain, workspace content may stay available to them with your identity replaced by "Deleted user".

The anonymized account row is kept for 30 days to support security, abuse-prevention, and recovery controls, then hard-deleted by our scheduled purge process. We may retain limited records for legal, billing, tax, security, or abuse-prevention reasons where required or permitted by law. Backups are used only for disaster recovery and are retained for up to 14 days.

5. Your rights

You can access or correct account profile data from Account settings. You can delete your account from Account settings using the "Delete account" action. To request export, deletion assistance, or another privacy right, email privacy@aftertask.com. EU/UK users have the right to lodge a complaint with their national data protection authority.

6. Contact

Privacy questions: privacy@aftertask.com. General support: support@aftertask.com.