Privacy Policy

Last updated: April 18, 2026

1. Introduction

TaskLedger.ai (“TaskLedger,” “we,” “us,” or “our”) is operated by We Are Mimic LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services at taskledger.ai.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through your Google account via OAuth 2.0 authentication provided by Auth0.

Email Data (Read-Only Access)

TaskLedger requests read-only access to your Gmail inbox. We access email metadata (sender, subject, date) and body content solely for the purpose of extracting actionable tasks. We cannot send, delete, modify, or forward your emails.

How We Process Email Data

Email content is analyzed in-flight by our AI model (Anthropic Claude) to identify action items.
Only structured task metadata (task title, sender name, priority, due date) is stored in our database.
Raw email content is never stored. It is discarded immediately after AI processing.
We never extract or store Social Security numbers, account numbers, passwords, credit card numbers, or other financial credentials from your emails.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number or banking details. We retain only your Stripe customer ID and subscription status.

Usage Data

We collect anonymized usage metrics including scan counts, token usage, and feature interaction data to improve our service.

3. Google API Services User Data Policy (Limited Use)

TaskLedger.ai's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, for data obtained via Google OAuth (including Gmail message content, metadata, and labels):

Limited purpose: We use Google user data solely to extract action items and tasks from your emails and display them within TaskLedger.ai, and to apply a single TaskLedger-owned Gmail label so we can track which messages we have already processed.
No transfer to others: We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features of TaskLedger.ai, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
No advertising use: We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
No human access: We do not allow humans to read Google user data unless we have obtained your explicit consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and de-identified (used for internal operations only).
No model training: We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Email content is passed to Anthropic (Claude) for inference only; per our agreement with Anthropic, your data is not used to train their models.

Google OAuth scopes we request and why:

gmail.readonly — read message content (subject, body, sender) to extract tasks via AI analysis.
gmail.labels — create and apply a single TaskLedger-owned label (e.g., “TaskLedger-Processed”) so we can avoid re-processing the same emails and so you can filter processed emails in Gmail.
userinfo.email — identify your Google account to associate Gmail data with the correct TaskLedger.ai user record.

4. How We Use Your Information

To provide and maintain TaskLedger's core functionality (email scanning, task extraction, daily digests)
To sync Gmail labels reflecting task status (Action Needed, Waiting, Done)
To send you daily digest emails summarizing your pending tasks
To process subscription payments
To improve our AI task extraction accuracy
To communicate service updates or respond to support requests

5. Data Security

Encryption at rest: All stored credentials (OAuth tokens) are encrypted with AES-256-GCM.
Encryption in transit: All data is transmitted over TLS 1.3 with HSTS enforced.
Infrastructure: Hosted on Render.com (SOC 2 Type II certified). Database is PostgreSQL with encrypted connections.
Authentication: Managed by Auth0 (SOC 2 Type II certified). We never handle or store passwords.
Access controls: API endpoints are rate-limited and authenticated. PII is hashed in logs.

6. Third-Party Services

We use the following third-party services to operate TaskLedger:

Google Gmail API — read-only email access for task extraction
Anthropic (Claude AI) — AI processing of email content to extract tasks
Auth0 — authentication and user management
Stripe — payment processing
Render.com — application hosting and database
Amazon SES — transactional email delivery (daily digests)

7. Data Retention

Task data: Retained while your account is active. Deleted upon account deletion.
Email content: Never stored. Processed in-flight and discarded.
OAuth tokens: Deleted immediately when you disconnect Gmail or delete your account.
Audit logs: Retained for 90 days for security purposes.

8. Your Rights

Disconnect anytime: Revoke Gmail access from TaskLedger settings or directly from your Google account.
Delete your account: Contact us and we will delete all your data, including tasks, tokens, and usage history.
Export your data: Contact us to request an export of your task data.
Revoke Google access: Visit Google Account Permissions to revoke TaskLedger's access at any time.

9. Children's Privacy

TaskLedger is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@taskledger.ai
Company: We Are Mimic LLC