Privacy Policy

Taskora OS ("we," "our," "us") is dedicated to providing an ironclad, enterprise-grade governance environment for autonomous AI agents. This Privacy Policy details how our platform collects, processes, encrypts, and secures your infrastructure credentials, access tokens, and operational event data.

To act as an effective reverse proxy and infrastructure kill-switch for your autonomous workflows, Taskora OS collects information within three distinct technical boundaries:

• —Account Infrastructure: Your email address and basic profile parameters collected exclusively via secure passwordless Magic Links or Google OAuth gateways.
• —Encrypted Secrets Vault: Outbound third-party API keys (including OpenAI, Anthropic, Stripe, Slack, and Shopify).
• —Agent Execution Streams: Real-time JSON action payloads, tool execution parameters, timestamps, and human operator approval or abort choices.

We treat programmatic secrets with zero-trust protocols:

• —Encryption at Rest: All external API secrets committed to the Taskora Secret Vault are instantly encrypted utilizing a hardware-backed AES-256-GCM cipher prior to database insertion.
• —In-Memory Lifecycle: During Bring Your Own Key (BYOK) execution states, credentials are decrypted dynamically into server runtime memory only for the direct duration of the outgoing API proxy request. Plaintext keys are never written to disk, persistent cache, or stdout logs.

When your autonomous agent executes actions via https://taskora.eu/api/agent/execute:

• —Our servers intercept transmission parameters to validate tier constraints, look for high-risk method signatures, and log execution details.
• —We pass raw data payloads securely to target service providers (e.g., Stripe, Shopify) exclusively to satisfy your active agent scripts. We do not inspect message contents for advertisement profile tracking, nor do we sell execution metrics to third-party data aggregators.

Data storage lifetimes are strictly governed by your active billing tier:

• —Starter Tier ($0): Execution logs and decision trace artifacts are permanently erased via automated background workers after 7 calendar days.
• —Builder Tier ($29/mo): Data history persists for exactly 30 calendar days before lifecycle expiration.
• —Scale Tier ($99/mo): Hard data records are locked for exactly 1 year (365 days) to comply with mandatory systemic transparency laws, explicitly matching EU AI Act requirements.

You retain complete authority over your operational footprint. At any time via your account workspace dashboard, you may securely flush your Secret Vault credentials or initiate a complete profile deletion, which safely purges all associated historical trace logs from our physical database tables.

For formal data access requests, rectification, or erasure inquiries under GDPR, contact us at privacy@taskora.eu. We will respond within 30 days. If you are located in the EU/EEA and believe your rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: