Privacy Policy

Last Updated: January 1, 2025Effective Date: January 1, 2025

Your privacy is important to us. This policy explains how Task Bunny collects, uses, and protects your personal information.

Privacy at a Glance

We never sell your personal data
Your tasks and notes are encrypted
You control your data - export or delete anytime
We comply with GDPR, CCPA, and international privacy laws

Our Privacy Principles

Security First

End-to-end encryption and industry-standard security measures

Transparency

Clear information about what data we collect and why

Your Control

Access, export, or delete your data whenever you want

1. Introduction and Scope

This Privacy Policy describes how Task Bunny ("we," "us," "our," or the "App"), developed and operated by Olena Group, collects, uses, stores, shares, and protects your personal information when you use our mobile application and related services.

Developer Information:
Task Bunny is developed by Olena Group
Contact: privacy@taskbunny.app
Address: [Your Business Address]

By using Task Bunny, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please do not use the App.

2. Information We Collect (Data Safety Disclosure)

Google Play Data Safety

This section complies with Google Play Store Data Safety requirements. We disclose all data collection practices.

2.1 Personal Information You Provide

Account Information:

Email address (required for account creation, password resets)
Name or username (optional, for personalization)
Profile picture (optional)
Password (encrypted with bcrypt, never stored in plain text)

App Content (User-Generated):

Tasks and to-do items (titles, descriptions, due dates, priorities, completion status)
Habits (habit names, tracking records, streaks, goals)
Projects (names, descriptions, team members, timelines)
Notes, tags, categories (custom labels, organization preferences)
AI chat history (interactions with Bunny AI Assistant for context)

Backend Infrastructure: Appwrite

All user data is securely stored using Appwrite, an open-source backend-as-a-service platform. Your tasks, habits, projects, and personal information are stored in encrypted Appwrite databases hosted on enterprise-grade cloud infrastructure. Appwrite provides:

Database Encryption: AES-256 encryption at rest
Secure APIs: TLS 1.3 encrypted data transmission
Access Control: Role-based permissions and authentication
Data Isolation: Each user's data is isolated and protected
Backup & Recovery: Automated daily backups with 90-day retention

Storage Location: Your data is stored in Appwrite cloud servers located in secure, SOC 2 compliant data centers. See our Terms of Service for details.

Purpose: To provide core productivity features and cloud sync across your devices.

2.2 Information Collected Automatically

Device & Technical Information:

Device model, manufacturer, operating system version
Unique device identifiers (UDID, Advertising ID - for analytics only)
IP address (anonymized for security and regional analytics)
App version, installation date, app language
Crash reports and diagnostic data (error logs)

Purpose: Security, troubleshooting, app performance optimization.

Usage & Analytics Data:

Features used (which screens viewed, buttons tapped)
Session duration, frequency of use
Aggregated productivity metrics (anonymized task completion rates)
In-app search queries (to improve search quality)

Purpose: Improve app features, understand usage patterns, optimize UI/UX.

Location Data (Optional):

Location Permission

Location access is optional and only requested for specific features:

Approximate location (city/region) - for time zone detection
Precise location (GPS) - only if you enable location-based reminders

You can disable location anytime in device settings. The app works fully without location access.

2.3 Information from Third Parties

Social Login Providers: If you sign in with Google, Apple ID, or Facebook, we receive: name, email, profile picture (as permitted by each platform).
Payment Processors: Subscriptions are processed by Apple App Store or Google Play. We receive subscription status only (not payment card details).
Analytics Services: Firebase Analytics, Google Analytics (anonymized usage data only, no PII).

2.4 Permissions We Request (Android & iOS)

Required Permissions:

Internet: Cloud sync, AI features, app updates
Storage: Save app data and user files locally

Optional Permissions (You Control):

Notifications: For task reminders and habit alerts
Camera: Profile picture upload only (if you choose)
Photo Library: Attach images to tasks (optional)
Location: Location-based reminders (completely optional)
Calendar: Sync tasks with device calendar (optional)

3. How We Use Your Information

We use collected information for legitimate purposes in accordance with GDPR, CCPA, and international privacy laws:

3.1 Core Service Delivery:

Create and authenticate your account
Store and sync tasks, habits, projects across devices
Provide Bunny AI Assistant features (using OpenAI API)
Send reminders and notifications you enable
Process subscription payments via app stores

3.2 App Improvement & Personalization:

Analyze usage to optimize features and performance
Train AI models (using anonymized, aggregated data only)
Personalize recommendations and smart suggestions
A/B test new features with user consent

3.3 Security & Fraud Prevention:

Detect and prevent unauthorized access
Monitor for spam, abuse, and fraudulent activity
Verify user identity during login
Enforce Terms of Service compliance

3.4 Communication:

Transactional emails (account verification, password resets)
Respond to support requests and feedback
Product updates and feature announcements (opt-out available)

Legal Basis (GDPR Compliance)

For EU/EEA users, we process data based on:

Contractual Necessity: To provide services you requested
Legitimate Interest: Security, fraud prevention, app improvement
Consent: Marketing communications, optional features (location, camera)
Legal Obligation: Comply with applicable laws

4. Data Sharing and Third Parties

We Never Sell Your Data

Task Bunny does not and will never sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

We share data only in these limited circumstances:

4.1 Trusted Service Providers (with Data Processing Agreements):

Backend Infrastructure (Primary): Appwrite - Open-source backend platform providing database, authentication, and storage services with enterprise-grade security and encryption
Cloud Hosting: AWS/Google Cloud via Appwrite infrastructure (encrypted data storage, SOC 2 compliant)
AI Services: OpenAI API (for Bunny AI Assistant, anonymized queries only, no PII stored)
Analytics: Firebase Analytics, Google Analytics (anonymized usage data, no personally identifiable information)
Authentication: Appwrite Auth, Apple Sign-In, Google OAuth (social login providers)
Email Services: SendGrid (transactional emails: password resets, notifications, account confirmations only)

Data Processing Agreements (DPAs)

All service providers listed above have signed Data Processing Agreements and are GDPR, CCPA, and SOC 2 compliant. They are contractually bound to:

Process data only according to our instructions
Implement appropriate security measures
Not use your data for their own purposes
Delete data upon contract termination

Appwrite Security: As our primary backend, Appwrite provides built-in security features including rate limiting, DDoS protection, and automatic security patching. Learn more about our technical stack in our Support Center.

4.2 Legal Requirements:

We may disclose information if legally required:

Court orders, subpoenas, legal process
Law enforcement requests (with valid warrant)
Emergency situations (imminent danger of death/injury)

We will notify you unless prohibited by law.

4.3 Business Transfers:

If Task Bunny or Olena Group is acquired or merged, your data may transfer to the new entity. We'll notify you 30 days before any transfer.

4.4 Team Collaboration (User-Controlled):

If you invite team members to shared projects, they see only the data you explicitly share (project tasks, comments).

5. Data Security Measures

We implement industry-leading security practices to protect your data:

Encryption

• TLS 1.3 encryption for data in transit
• AES-256 encryption for data at rest
• Bcrypt password hashing (industry standard)

Access Controls

• Multi-factor authentication (MFA) available
• Role-based access for employees (least privilege)
• Regular security audits & penetration testing

Monitoring

• 24/7 security monitoring and intrusion detection
• Automated threat detection systems
• Incident response team on standby

Compliance

• SOC 2 Type II certified cloud infrastructure
• GDPR & CCPA compliant data handling
• Regular third-party security assessments

Security Disclaimer

While we implement robust security measures, no system is 100% secure. You are responsible for maintaining password confidentiality. If you suspect unauthorized access, contact us immediately at shakir@olenagroup.dev.

6. Data Retention Policy

We retain your data only as long as necessary:

Active Accounts: Data retained while account is active
Inactive Accounts: Accounts inactive for 24 months may be deleted after 30-day email notice
Account Deletion: Personal data permanently deleted within 30 days (except legal requirements)
Backup Systems: Deleted data may persist in backups for up to 90 days
Anonymized Analytics: Aggregated, non-identifiable data may be retained indefinitely
Legal Hold: Data retained longer if required for legal proceedings or regulatory compliance

7. Your Privacy Rights (GDPR, CCPA, International)

You have comprehensive control over your personal data:

🔍 Right to Access

Request a copy of all data we hold about you (provided in CSV/JSON format within 30 days).

✏️ Right to Rectification

Correct inaccurate or incomplete data. Update most info directly in Settings.

🗑️ Right to Deletion ("Right to be Forgotten")

Request permanent deletion of your account and all data. Visit Delete Account.

📦 Right to Data Portability

Export your data in machine-readable format (JSON). Go to Settings → Export Data.

🚫 Right to Object/Restrict Processing

Object to certain data uses (marketing, analytics). Manage in Settings → Privacy.

❌ Right to Withdraw Consent

Revoke consent for optional processing (notifications, location) anytime in device/app settings.

🇺🇸 California Residents (CCPA/CPRA)

• Right to know what data is collected and shared
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising rights

How to Exercise Your Rights

To exercise any right:

Email: shakir@olenagroup.dev
In-App: Settings → Privacy → Data Request
Web: Contact Form

Response Time: 30 days (GDPR) or 45 days (CCPA). No fees unless excessive.

8. Children's Privacy (COPPA Compliance)

Age Restriction: 13+

Task Bunny is not intended for children under 13. We do not knowingly collect personal information from children under 13.

If you are a parent/guardian and believe your child under 13 has provided personal information, contact us immediately at shakir@olenagroup.dev. We will delete such data within 72 hours.

For users aged 13-17: We recommend parental guidance. Parents can review this policy and help teens understand data privacy.

9. International Data Transfers

Task Bunny operates globally. Your data may be transferred to and processed in countries other than your own, including the United States.

For EU/EEA Users (GDPR):

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers certified under EU-U.S. Data Privacy Framework
• Additional safeguards: encryption, pseudonymization, regular audits
• You can request a copy of safeguards at shakir@olenagroup.dev

By using Task Bunny, you acknowledge and consent to international data transfers with appropriate safeguards.

10. Cookies and Tracking Technologies

We use cookies and similar technologies:

Essential Cookies:

Required for authentication, security, and core functionality (cannot be disabled).

Analytics Cookies:

Firebase Analytics, Google Analytics (anonymized). Opt-out in Settings → Privacy.

Advertising ID:

Used for attribution and analytics only (never for targeted ads). Reset in device settings:
• iOS: Settings → Privacy → Advertising → Reset Advertising Identifier
• Android: Settings → Google → Ads → Reset Advertising ID

Do Not Track (DNT)

We respect Do Not Track signals. When DNT is enabled, we disable non-essential tracking.

11. Third-Party Services and Links

Task Bunny may link to third-party services (Google Calendar, Apple Reminders). We are not responsible for their privacy practices.

Third-party integrations: When you connect external services, you authorize us to access specific data (e.g., calendar events). Review each third party's privacy policy.

12. Changes to This Privacy Policy

We may update this policy periodically. Material changes will be notified via:

Email to your registered address
In-app notification banner
Updated "Last Updated" date

Continued use after changes constitutes acceptance. Major changes notified 30 days in advance.

13. Contact Us & Data Protection Officer

Questions, concerns, or requests regarding this Privacy Policy or your data:

General Inquiries:

Email: shakir@olenagroup.dev

Phone: +44 7493 057836

Website: Contact Form

Mailing Address:

Olena Group

Task Bunny Privacy Team

Attn: Shakir Hussain

Office 15282, 182-184 High Street North

East Ham, London E6 2JA

United Kingdom

Data Protection Officer (DPO):

For EU/EEA users:
Email: shakir@olenagroup.dev

File a Complaint:

If concerns unaddressed, you can lodge a complaint with your local data protection authority:

• EU/EEA: National supervisory authority
• UK: Information Commissioner's Office (ICO)
• California: CA Attorney General's Office

Your Privacy Matters to Us

We're committed to transparency and protecting your data. If you have questions or concerns, we're here to help.

Related Resources