Privacy — Taskhub

Last updated: July 3, 2026 · Version: 2026-07-03
Open Governance Inc. (d/b/a Baseproof) · 2261 Market Street STE 22646, San Francisco, CA 94114, USA

This page covers the Taskhub service. The platform-wide privacy notice — which this page is part of and consistent with — is at baseproof.ai/privacy.

In one paragraph: Taskhub lets your AI assistant (such as Claude) manage your Microsoft To Do tasks, only at your direction. We never store your tasks, we never see your password, and we keep no database about you. Your account is your sign-in identity at Auth0; your Microsoft credentials live in Auth0's encrypted Token Vault; your tasks stay in Microsoft To Do. One email deletes everything.

Data collection

With your consent, this service accesses:

Your Microsoft To Do data — task lists, tasks, and checklist items, via the Microsoft Graph API, only under the scopes you approve at connection time (Tasks.ReadWrite · User.Read · offline_access) — and only to execute an action you asked your assistant to take.

Your sign-in identity — name, email, and a provider account identifier (e.g., a Google or Microsoft account ID), received via our identity provider, Auth0, from the sign-in option you choose.

Technical data — IP address, browser/device characteristics, timestamps, and request metadata (status codes, latency), used to operate and secure the service.

Never collected:

Your password (any password — sign-in happens directly with your provider); anything from your Microsoft account beyond To Do and basic profile; sensitive personal information; data from brokers or marketing sources.

Usage and storage

Tasks are never stored. Task content is processed in memory, per request, and discarded when the request completes. Never written to disk. There is no database.

Credentials are custodied by Auth0 in its encrypted Token Vault. Our servers hold only short-lived access tokens in memory while serving a request.

Your complete account record is your Auth0 profile: sign-in identity plus two timestamps (terms acceptance; Microsoft connection).

Logs contain metadata only — never task content, never credentials — and rotate automatically within weeks.

Your AI assistant: your conversation with it is governed by that assistant's own privacy policy (for Claude, Anthropic's). We only receive the requests the assistant sends on your behalf and return results to it.

Third-party sharing

No selling. No advertising. No tracking. Strictly necessary cookies only (encrypted sign-in and connection-flow cookies).

SubprocessorRole
Auth0 (Okta)Sign-in, identity records, encrypted token custody
Microsoft (Graph API)Where your tasks live; receives only the requests you direct
Render (United States)Compute hosting

Otherwise only: legally compelled disclosures (minimum required, with notice where permitted) and business transfers under this policy's protections. Processing occurs in the United States; users elsewhere (including EEA/UK/Switzerland) are protected per this policy and standard transfer safeguards.

Data retention

DataRetention
Task contentZero — in-memory per request
Identity record & tokensUntil you delete them (below)
Technical logsAuto-rotated within weeks
Support correspondenceOnly as long as needed to resolve it

Your rights and deletion

Three independent levers, strongest last — anytime:

1. Remove the connector in your AI assistant (Claude: Settings → Connectors → remove).
2. Revoke access at Microsoft: account.live.com/consent/Manage — every token stops working.
3. Delete your account (erasure): email privacy@baseproof.ai from your registered address. Your Auth0 identity record and stored Microsoft tokens are erased within 30 days, typically the same day. Your tasks remain untouched in Microsoft To Do.

Access, correction, and portability: same address, same timelines. Legal bases: contractual necessity and legitimate interest (security). The service is not directed at children under 18. Material changes bump the version above; the version you accepted at sign-up is recorded in your account.

Contact information

Privacy: privacy@baseproof.ai · Security: security@baseproof.ai · Support: support@baseproof.ai
Post: Open Governance Inc. (d/b/a Baseproof), 2261 Market Street STE 22646, San Francisco, CA 94114, USA