What we collect, and why.
Last updated 2026-05-07
The short version: an email address so we can let you back in, payment info Stripe handles on our behalf, and the tasks you write so the app has something to render. We don’t sell any of it. We don’t use it to train a model. We don’t profile you to sell ads against your due dates. The long version follows.
What we collect
Account.When you sign up, Clerk handles the form and hands us back your email and (if you provided one) name. That’s the identity we attach your workspace to. If you signed in with Google or another OAuth provider, we get the same fields plus a stable provider ID, no contact list, no friend graph, no inbox access.
Payment. If you upgrade, Stripe collects your card. We never see the number. We get back a customer ID, the last four digits, the brand, and the country, enough to show you the right billing row in settings and run a refund.
Usage. PostHog records anonymous product analytics, which view you opened, whether the keyboard shortcut fired, how long a session lasted. We pair it with Sentry, which catches errors and stack traces so we know when something broke before you have to email us about it.
The work itself. Tasks, comments, attachments, board layouts, calendar placements, the lot. We store it because the product doesn’t function otherwise.
Who else sees it
We use a small list of subprocessors. Each one has its own privacy notice, linked below.
- Clerk , authentication, session management.
- Stripe , payments, invoices, refunds.
- PostHog , product analytics, feature flags.
- Sentry , error monitoring.
- Resend , transactional email (digests, password resets, receipts).
- Vercel , hosting, edge network, function execution.
That’s the entire list. If we add one we’ll add it here, with the date.
How long we keep it
Live data, your tasks, your account, your billing, stays until you delete the workspace. Encrypted backups roll off on a 30-day window after that, after which there’s nothing left to restore even if we wanted to. Server logs are kept for 30 days for debugging and security review.
Your rights
You can export every task you’ve created (JSON or CSV) from settings. You can correct the email or name attached to your account from settings. You can delete the whole workspace from settings, and we mean delete. See the retention paragraph above. If any of that doesn’t work or you want a human to do it for you, email hello@signalstudio.ie and we’ll handle it within five business days.
If you’re in the EU, the UK, California, or any other jurisdiction whose data law gives you specific rights (access, portability, restriction, objection), those rights apply here. Same email gets you to the same person.
Cookies
We set a session cookie via Clerk so signed-in users stay signed in, a small CSRF token, and a theme preference. PostHog runs in cookieless mode where the browser supports it and falls back to a single first-party cookie elsewhere, never a third-party tracker. No advertising cookies. No social-share pixels.
Children
Tasks is for people thirteen and older. If you’re under thirteen, please don’t sign up. If you find an account that belongs to someone under thirteen, email us and we’ll close it.
Changes
If we materially change this notice, a new subprocessor, a new data category, a new retention rule, we’ll email signed-up users before it takes effect and update the date at the top. Cosmetic edits (typos, link rot, rewording for clarity) we just make.
Contact
Privacy questions, deletion requests, data exports, anything in this notice you want explained: hello@signalstudio.ie. Mailing address: [NEEDS-REVIEW: add postal address once entity is formed].
A privacy policy you can read in one sitting beats a generated one nobody opens. This one is short on purpose.