Privacy Policy

TaskDrop ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, and protect your information in compliance with UK GDPR and the Data Protection Act 2018.

Last updated: March 2026

1. Who We Are

TaskDrop is a UK-based software service providing AI-powered document generation for tradespeople. For data protection queries, contact us at: support@taskdrop.co.uk For the purposes of UK GDPR, TaskDrop (operated by Owen Moore, a sole trader registered in the United Kingdom) is the data controller for personal data collected through this service.

2. What Data We Collect

We collect two categories of personal data:

Your business data (provided during onboarding):

• Your name and business name
• Your WhatsApp phone number
• Your business address, email and phone number
• Your VAT number (if provided)
• Your bank details — bank name, account number and sort code (stored to auto-fill invoices)
• Your business logo (stored as an image)
• Payment information (processed securely by Stripe — we never store card details)
• Stripe Connect account ID (if you connect TaskDrop Pay to receive card payments)

Your customers' data (submitted when generating documents):

• Customer names and addresses
• Customer email addresses
• Job descriptions and work details
• Generated quotes, invoices and reports

You are responsible for ensuring you have the right to share your customers' data with us for the purpose of generating documents. By using our service you confirm this.

3. How We Use Your Data

• To provide and operate the TaskDrop service
• To verify your subscription and plan entitlements
• To send documents via WhatsApp
• To process payments via Stripe
• To send service-related communications
• To improve our AI models and service quality

4. Legal Basis for Processing

We process your data on the basis of:

• Contract performance — to deliver the service you subscribed to
• Legitimate interests — to operate and improve our business
• Legal obligation — where required by law

5. Data Storage & Security

Your subscriber data is stored securely in Supabase (EU West — Ireland). All data in transit is encrypted via HTTPS/TLS. Bank details (account number and sort code) are stored encrypted and are only used to auto-populate your invoices — they are never shared with third parties. Generated documents (PDFs) are stored securely in Supabase Storage (EU region) for as long as your account is active. You can delete individual documents from your dashboard at any time. We do not automatically delete documents while your subscription remains active.

6. Third Party Services

• Stripe — payment processing (see Stripe's privacy policy)
• Resend — transactional email delivery (document emails, welcome emails, MTD summaries)
• Twilio — WhatsApp message delivery (see Twilio's privacy policy)
• Supabase — secure database hosting (EU region)
• Cloudflare — security and content delivery

7. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data — use the "Delete My Data" button in your dashboard, or contact support@taskdrop.co.uk
• Export a copy of your data — use the "Export My Data" button in your dashboard
• Object to processing of your data
• Data portability
• Withdraw consent at any time

To exercise any of these rights, email us at support@taskdrop.co.uk

8. Cookies

Our website uses the following cookies:

• cf_clearance — Set by Cloudflare, our security and performance provider. This cookie is used to confirm you have passed a browser security check and helps protect the site from malicious traffic. It is strictly necessary for security purposes and does not track you or collect personal data.
• _ga, _ga_* — Set by Google Analytics. We use Google Analytics to understand how visitors use our public website pages (such as which pages are visited, how long visitors stay, and what country they are from). This data is anonymous and aggregated — we cannot identify you personally from it. Google Analytics cookies are not placed on private pages such as the subscriber dashboard. You can opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.
• taskdrop_session — Set when you log into your subscriber dashboard. This keeps you logged in during your session using a secure random token. It is strictly necessary for the dashboard to function and expires after 7 days.

Strictly necessary cookies (cf_clearance, taskdrop_session) do not require consent under UK GDPR as they are essential for the service to function.

Analytics cookies (_ga, _ga_*) are placed only on public pages of our website, not on the subscriber dashboard. You can opt out at any time using the Google Analytics Opt-out Browser Add-on.

9. Data Retention

We retain your account data for as long as your subscription is active, plus 90 days after cancellation for accounting purposes. You can request earlier deletion at any time.