Privacy Policy

01 Who We Are

TaskBoard is an educational platform operated by Devansh Sharma, an individual based in India. TaskBoard provides students with a task management system, progress tracking, and access to paid and free mentorship sessions.

For all privacy-related matters, contact us at the details in Section 12.

02 Information We Collect

We collect the following categories of personal information:

• Account Information — Name, email address, and password (stored as a secure hash) when you register.
• Profile Data — First name, last name, and optional avatar image.
• Booking Information — For mentorship sessions: full name, email address, and phone number.
• Payment Information — Razorpay Order ID, Payment ID, amount, and timestamp only. We never store card numbers, UPI IDs, or banking credentials.
• Usage Data — Task completion status, notes, and in-app interaction data.
• Technical Data — IP address, browser type, device type, and access timestamps for security and debugging.
• Communications — Any messages you send us via email or the platform.

03 How We Use Your Information

• To create and manage your account and authenticate you securely.
• To display assigned tasks, track progress, and record completions.
• To process mentorship bookings and confirm session details.
• To verify payment transactions and maintain payment records.
• To send transactional emails — booking confirmations, payment receipts, session reminders. We do not send marketing emails without your explicit consent.
• To allow the admin (teacher) to manage tasks, view student progress, and administer mentorship slots.
• To detect and prevent fraud, abuse, or unauthorized access.
• To comply with applicable laws and legal obligations.

We do not sell, rent, or trade your personal information to any third party for commercial purposes.

04 Payment Data

All payment processing is handled by Razorpay Software Private Limited, a PCI-DSS compliant payment gateway. When you pay:

• Your card, UPI, or banking details are entered directly on Razorpay's secure interface and never transmitted to TaskBoard's servers.
• TaskBoard receives only a Razorpay Order ID, Payment ID, and HMAC-verified signature to confirm payment.
• These identifiers are stored solely for record-keeping, refund processing, and dispute resolution.

Razorpay's privacy policy is available at razorpay.com/privacy.

05 Data Storage & Security

Your data is stored on Supabase infrastructure (PostgreSQL on AWS). Security measures include:

• All data in transit encrypted with TLS 1.2 or higher.
• Passwords hashed with bcrypt — plaintext passwords are never stored.
• Row-Level Security (RLS) ensures each user can only access their own data.
• Payment verification uses HMAC-SHA256 cryptographic signatures server-side.
• API keys stored as encrypted environment variables, never in source code.
• Admin access restricted to a single verified email address.

No method of internet transmission is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

06 Third-Party Services

TaskBoard integrates with the following services, each governed by their own privacy policy:

• Supabase — Database and authentication. Privacy Policy ↗
• Razorpay — Payment processing. Privacy Policy ↗
• Brevo — Transactional email. Your email is shared solely to deliver system emails. Privacy Policy ↗

We share only the minimum data necessary. We do not authorize any third party to use your data for their own marketing or profiling.

07 Cookies & Local Storage

• Authentication tokens — Session token stored in browser memory to keep you logged in. Expires on logout or inactivity.
• Application cache (IndexedDB) — Task lists and config cached locally to improve load speed. Never transmitted to third parties.
• No advertising cookies — We do not use cookies for advertising, remarketing, or cross-site tracking.

You can clear browser storage anytime via browser settings. This will log you out and clear cached data.

08 Your Rights

Under India's Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

• Access — Request a copy of your personal data we hold.
• Correction — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your account and personal data, subject to legal retention obligations.
• Grievance Redressal — Raise concerns about data handling and receive a response within a reasonable time.
• Withdraw Consent — Where processing is consent-based, withdraw at any time without affecting prior processing.

Contact us (Section 12) to exercise these rights. We will respond within 30 days.

09 Data Retention

• Account data — Retained until you request deletion.
• Payment records — Retained for minimum 8 years per Indian financial law (Income Tax Act, GST regulations).
• Booking records — Retained for 2 years after session date.
• Technical logs — Maximum 90 days.

After account deletion, personal data is deleted or anonymized within 30 days, except where retention is legally required.

10 Children's Privacy

TaskBoard is designed for students. Users under 18 must have parental or guardian knowledge and consent to use the platform.

We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe this has occurred, contact us immediately and we will delete the data promptly.

11 Changes to This Policy

When we make material changes, we will update the "Last Updated" date on this page and notify you by email for significant changes. Continued use of TaskBoard after changes constitutes acceptance.

12 Contact Us

We aim to respond to all privacy-related requests within 20 days. If unsatisfied with our response, you may contact the relevant data protection authority in India.