Privacy Policy

This Privacy Policy explains what information TaskDrive ("we", "us") collects when you use the Service, how we use it, and the choices you have. It should be read alongside our Terms of Service.

1. Information We Collect

When you create an account, we collect your email address, name, and use case, and if you sign up via Google or GitHub, the identifier from that provider. If you set a password, we store it as a salted bcrypt hash — we never store or have access to your plaintext password.

To operate a runner on your behalf, you provide integration credentials — a GitHub access token, a Linear API key, and optionally a Telegram or Slack bot token for feedback notifications. These are encrypted at rest with AES-256-GCM before being written to our database; they are decrypted only in memory, at the moment a runner needs them.

2. Repository & Ticket Content

TaskDrive's core function is to read your Linear tickets and your repository, and to produce pull requests. This means your provisioned runner accesses your repository's code and clones it into an isolated container to do that work, and sends relevant signals (such as your file tree, manifest files, and README) to the AI model providers we use for repository analysis and code generation. We do not sell this content, and we do not use it to train models we operate ourselves.

3. Billing Information

Payments are processed by Stripe. We never see or store your card number or other raw payment details — Stripe collects those directly. We store your Stripe customer ID and the resulting subscription status (plan, active/trialing/cancelled, renewal date) so the Service can enforce your plan's limits.

4. Cookies & Session Storage

We use a single session cookie to keep you signed in. It is HttpOnly (inaccessible to page scripts) and marked Secure in production, so it cannot be read by client-side JavaScript or sent over plain HTTP. Your browser's local storage may separately hold a small, non-sensitive UI state — such as your email address and referral code — used only to render the signed-in navigation and prefill forms.

We use Umami, a self-hosted, cookieless analytics tool, to understand aggregate traffic to this site. It does not set tracking cookies or share data with ad networks.

5. How We Use Information

6. Sharing

We share information only with the third parties needed to run the Service: Stripe (billing), GitHub (repository access via your token), Linear (ticket access via your API key), the AI model providers used for repository analysis and code generation, and infrastructure providers that host the Service. We do not sell your personal information.

7. Data Retention & Deletion

We retain account and integration data for as long as your account is active. If you close your account, we delete your stored integration credentials and personal information, except where we are required to retain billing records for legal or accounting purposes. To request deletion, email support@taskdrive.dev.

8. Security

Integration credentials are encrypted at rest with AES-256-GCM; passwords are hashed with bcrypt. Session authentication uses an HttpOnly cookie. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed to individuals under 18, consistent with the age requirement in our Terms of Service. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted here with an updated date; continued use of the Service after changes take effect constitutes acceptance.

11. Contact

Questions about this Privacy Policy or your data can be sent to support@taskdrive.dev.