Privacy — Taskhub
Last updated: July 3, 2026 · Version: 2026-07-03
Open Governance Inc. (d/b/a Baseproof) · 2261 Market Street STE 22646, San Francisco, CA 94114, USA
This page covers the Taskhub service. The platform-wide privacy notice — which this page is part of and consistent with — is at baseproof.ai/privacy.
In one paragraph: Taskhub lets your AI assistant (such as Claude) manage your Microsoft To Do tasks, only at your direction. We never store your tasks, we never see your password, and we keep no database about you. Your account is your sign-in identity at Auth0; your Microsoft credentials live in Auth0's encrypted Token Vault; your tasks stay in Microsoft To Do. One email deletes everything.
Data collection
With your consent, this service accesses:
Your Microsoft To Do data — task lists, tasks, and checklist items, via the
Microsoft Graph API, only under the scopes you approve at connection time
(Tasks.ReadWrite · User.Read · offline_access) — and only to
execute an action you asked your assistant to take.
Your sign-in identity — name, email, and a provider account identifier (e.g., a Google or Microsoft account ID), received via our identity provider, Auth0, from the sign-in option you choose.
Technical data — IP address, browser/device characteristics, timestamps, and request metadata (status codes, latency), used to operate and secure the service.
Never collected:
Your password (any password — sign-in happens directly with your provider); anything from your Microsoft account beyond To Do and basic profile; sensitive personal information; data from brokers or marketing sources.
Usage and storage
Tasks are never stored. Task content is processed in memory, per request, and discarded when the request completes. Never written to disk. There is no database.
Credentials are custodied by Auth0 in its encrypted Token Vault. Our servers hold only short-lived access tokens in memory while serving a request.
Your complete account record is your Auth0 profile: sign-in identity plus two timestamps (terms acceptance; Microsoft connection).
Logs contain metadata only — never task content, never credentials — and rotate automatically within weeks.
Your AI assistant: your conversation with it is governed by that assistant's own privacy policy (for Claude, Anthropic's). We only receive the requests the assistant sends on your behalf and return results to it.
Third-party sharing
No selling. No advertising. No tracking. Strictly necessary cookies only (encrypted sign-in and connection-flow cookies).
| Subprocessor | Role |
|---|---|
| Auth0 (Okta) | Sign-in, identity records, encrypted token custody |
| Microsoft (Graph API) | Where your tasks live; receives only the requests you direct |
| Render (United States) | Compute hosting |
Otherwise only: legally compelled disclosures (minimum required, with notice where permitted) and business transfers under this policy's protections. Processing occurs in the United States; users elsewhere (including EEA/UK/Switzerland) are protected per this policy and standard transfer safeguards.
Data retention
| Data | Retention |
|---|---|
| Task content | Zero — in-memory per request |
| Identity record & tokens | Until you delete them (below) |
| Technical logs | Auto-rotated within weeks |
| Support correspondence | Only as long as needed to resolve it |
Your rights and deletion
Three independent levers, strongest last — anytime:
1. Remove the connector in your AI assistant (Claude: Settings → Connectors →
remove).
2. Revoke access at Microsoft:
account.live.com/consent/Manage — every token
stops working.
3. Delete your account (erasure): email privacy@baseproof.ai from
your registered address. Your Auth0 identity record and stored Microsoft tokens are erased within
30 days, typically the same day. Your tasks remain untouched in Microsoft To Do.
Access, correction, and portability: same address, same timelines. Legal bases: contractual necessity and legitimate interest (security). The service is not directed at children under 18. Material changes bump the version above; the version you accepted at sign-up is recorded in your account.
Contact information
Privacy: privacy@baseproof.ai · Security: security@baseproof.ai ·
Support: support@baseproof.ai
Post: Open Governance Inc. (d/b/a Baseproof), 2261 Market Street STE 22646,
San Francisco, CA 94114, USA