Task Expander
Privacy Policy
Last Updated: January 2025
Effective Date: January 2025
Effective Date: January 2025
This Privacy Policy describes how Task Expander ("we," "our," or "the app") handles your information when you use our iOS and macOS application.
Privacy-First Approach: Task Expander is designed with privacy at its core. Your personal data stays on your device, and we only use external services when necessary for core AI functionality.
1. Information We Collect
Information You Provide
- Goals and Tasks: The goals you enter and the tasks generated from them
- Knowledge Vault: Skills, tools, contacts, and resources you add to your personal vault
- Progress Data: Check-ins, progress notes, and completion status
- Preferences: Your tracking preferences, goal categories, and app settings
Information We Generate
- Device Identifier: A hashed, anonymous identifier for rate limiting API requests
- Usage Patterns: Your preferences for planning frequency and goal domains (stored locally for personalization)
- Planning Metadata: Tags, relationships, and timestamps for your goals and resources
2. How We Use Your Information
- AI Planning: Your goals are sent to Meta's Llama API to generate actionable step-by-step plans
- Personalization: We learn your preferences locally to provide better suggestions over time
- Reminders Integration: Creating and managing tasks in Apple Reminders app
- Rate Limiting: Using anonymous device identifiers to prevent API abuse
3. Data Storage
Local Storage (Your Device)
Primary Storage: All your personal data is stored locally on your device:
- iOS: App's private sandboxed Documents directory
- macOS:
~/Documents/TaskExpanderVault/
- Goals, tasks, and progress are saved as markdown files
- Your knowledge vault is stored in organized folders
- Preferences are saved in local JSON files
- You have complete control over this data and can access it directly
What We Don't Store
- No cloud storage or synchronization
- No server-side user accounts or profiles
- No long-term storage of your goals or personal information
4. Third-Party Services
Meta Llama API
- Purpose: AI-powered analysis and step generation for your goals
- Data Sent: Your goals and relevant context from your knowledge vault
- Security: Requests are encrypted and sent through our secure proxy
- Retention: Meta processes your data according to their privacy policy
Cloudflare Worker (Our Proxy)
- Purpose: Secure API key management and request validation
- Security: HMAC-signed requests with timestamp validation
- Rate Limiting: 60 requests per 10 minutes per device
- No Data Storage: Processes requests without permanent storage
5. Permissions
Apple Reminders Access
Task Expander requests full access to Apple Reminders to:
- Create a dedicated "TaskExpander" reminder list
- Add, update, and manage your tasks and subtasks
- Organize your plans with proper grouping and tags
Privacy Notice: "This app creates reminders for your plans"
File System Access
- Read-only access to user-selected files (for vault imports)
- Write access to Documents folder for vault storage
- App runs in macOS/iOS sandbox for security
6. Data Security
- Local Encryption: Your device's built-in file system encryption protects your data
- Secure Transmission: All API requests use HTTPS encryption
- Request Signing: HMAC-SHA256 signatures prevent request tampering
- Anonymous Identifiers: Device IDs are hashed and not traceable to you
- Sandboxed Environment: App runs with restricted system permissions
7. What We Don't Do
- No Analytics: We don't collect usage analytics or crash reports
- No Advertising: No ads, trackers, or marketing integrations
- No Social Media: No social media SDKs or sharing integrations
- No Data Sales: We never sell, rent, or share your personal data
- No Background Tracking: No location tracking or background data collection
8. Your Rights and Control
- Data Access: All your data is stored in accessible formats in your Documents folder
- Data Deletion: Delete your vault folder to remove all stored data
- Export: Your data is stored in standard markdown and JSON formats
- No Account Required: No user accounts to manage or delete
- Offline Capable: Core app functions work without internet access
9. Children's Privacy
Task Expander does not knowingly collect personal information from children under 13. The app is designed for users who can independently set and manage personal goals.
10. Changes to This Policy
We may update this Privacy Policy occasionally. When we do:
- We'll update the "Last Updated" date at the top
- Significant changes will be communicated through app updates
- Your continued use constitutes acceptance of the updated policy
11. Contact Information
If you have questions about this Privacy Policy or Task Expander's privacy practices:
- Email: umuteser@gmail.com
- Developer: Umut Eser
12. Legal Basis (GDPR)
For users in the European Union, our processing is based on:
- Legitimate Interest: Providing AI-powered goal planning functionality
- Consent: Using Apple Reminders (through iOS/macOS permissions)
- Contract Performance: Delivering the core app functionality you expect