TaskDesk — Privacy Policy

How TaskDesk collects, uses, shares, and protects your information across our marketplace and software.

Effective: 28 September 2025 · Last updated: 28 September 2025
Contents
Quick summary (not a substitute for the full policy): We collect account, profile, usage, and payment‑related data to run TaskDesk’s client–freelancer marketplace. We use it to provide features, prevent fraud, process payments, and improve the service. We share data with trusted processors (e.g., hosting, analytics, payment providers) and when required by law. You can access, correct, or delete your data, and opt out of marketing. Sensitive data is avoided unless strictly necessary and lawful.

1) Scope & Who We Are

This Privacy Policy explains how TaskDesk ("TaskDesk", "we", "us") handles personal data of visitors, registered users acting as Clients or Freelancers, and other individuals whose data we process in connection with our marketplace, websites, mobile apps, APIs, and related services (the “Service”).

For users in Uganda, TaskDesk complies with the Data Protection and Privacy Act, 2019 (Uganda) and applicable regulations. If you are in the EEA/UK, we also process data according to the EU/UK GDPR where applicable. Where local laws differ, we will honor rights required by your jurisdiction.

2) Data We Collect

2.1 Account & Profile
  • Name, username, password (hashed), email, phone, country and time zone.
  • Profile details: headline, skills, bio, portfolio links, avatar.
  • Business information (company name, registration number, VAT/TIN) if provided.
2.2 Identity & KYC (where required)
  • Government ID, selfie, date of birth, address, proof of address, and related verification metadata collected via third‑party verification providers.
2.3 Financial (limited)
  • Payment and payout metadata (e.g., transaction IDs, status, amounts, currency, partial card brand/last4 where provided by processors). We do not store full card numbers.
  • Mobile money identifiers to enable payouts where supported.
2.4 Marketplace & Communications
  • Task posts, proposals, milestones, messages, files, and activity history.
  • Reviews, ratings, and support tickets.
2.5 Usage & Device
  • Log data (IP address, device identifiers, browser type, pages viewed, referring URLs, date/time, language).
  • Product analytics events (feature usage, clicks, performance metrics, crash data).
  • Approximate location derived from IP (city/region level). We do not collect precise GPS unless you explicitly enable a location feature.
2.6 Optional Sensitive Data

We do not seek to collect special categories of data. If a user uploads such data within a task, they are responsible for having a lawful basis and for minimizing exposure. We may restrict processing or require deletion if risk is high.

3) Sources of Data

  • Directly from you: forms, profile, uploads, messages, support.
  • Automatically: through cookies, SDKs, and server logs.
  • Third parties: identity/KYC vendors, payment processors, analytics providers, fraud‑prevention partners, publicly available sources.

4) How We Use Data (Purposes & Lawful Bases)

We process personal data for the following purposes and, where applicable, under these lawful bases:

  • Provide the Service: account creation, authentication, profiles, project workflows, messaging, notifications (Contract; Legitimate interests).
  • Payments & payouts: charge Clients, remit to Freelancers, prevent fraud and chargebacks (Contract; Legal obligation; Legitimate interests).
  • Safety & compliance: KYC/AML screening, sanctions checks, preventing abuse and violations (Legal obligation; Legitimate interests).
  • Support & communications: respond to inquiries, service announcements (Contract; Legitimate interests).
  • Product improvement: analytics, A/B testing, debugging, training internal models to improve features (Legitimate interests; Consent where required).
  • Marketing: newsletters, promotions, referral programs (Consent where required; Legitimate interests otherwise).

5) Cookies, Analytics & Tracking

We use cookies and similar technologies to keep you signed in, remember preferences, measure traffic, and understand feature usage. Where required, we display a consent banner and honor your choices.

  • Essential: authentication, security, fraud prevention.
  • Functional: preferences, localization, improved experience.
  • Analytics: product analytics, performance, crash data.
  • Marketing: only with consent; you may opt out anytime.

You can control cookies via browser settings. Disabling essential cookies may break the Service.

6) Payments & Payouts

Payments are processed by third‑party providers (e.g., card networks, mobile money, payment gateways). We receive limited payment metadata needed to confirm status and deliver services. Payouts to Freelancers may require identity and account verification. Your use of a payment method is subject to the provider’s privacy policy and terms.

7) How We Share Data

  • Service providers (processors): hosting, cloud storage, analytics, email/SMS, KYC/AML, payments, customer support.
  • Other users: information you choose to include in profiles, proposals, tasks, reviews, and messages is visible as configured in the product.
  • Legal & safety: to comply with law, enforce terms, protect rights, security, and prevent fraud.
  • Business transfers: during mergers, acquisitions, financing, or sale of assets, subject to confidentiality.

We do not sell your personal data. We do not share for cross‑context behavioral advertising without your consent.

8) International Data Transfers

We may process data in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and enter into data processing agreements with our processors to protect your information.

9) Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations (e.g., accounting, AML), resolve disputes, and enforce agreements. Retention periods vary by category; for example:

  • Account & profile: for the life of the account, then deleted or anonymized within a reasonable period.
  • Transactions & invoices: typically retained for 5–7 years for tax/compliance, depending on jurisdiction.
  • Logs & analytics: retained for shorter periods necessary for security and product improvement.

10) Security Measures

We implement reasonable administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, access controls, and monitoring. No system is 100% secure; you are responsible for safeguarding your credentials and maintaining up‑to‑date software on your devices.

11) Your Privacy Rights

Depending on your location, you may have rights to:

  • Access and obtain a copy of your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your data (subject to legal exceptions).
  • Restrict or object to certain processing.
  • Data portability (receive data in a machine‑readable format).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (e.g., Personal Data Protection Office in Uganda; or your local DPA).

To exercise rights, see Contact & Requests. We may verify your identity before responding.

12) Marketing Preferences

You may opt out of marketing emails by using the “unsubscribe” link in messages or by updating your settings. Service and transactional communications (e.g., security alerts, receipts) are necessary and you cannot opt out of them while using the Service.

13) Children’s Privacy

The Service is not directed to children under the age of 13, or under the age of majority where higher by law. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to request deletion.

14) Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email and indicate the “Last updated” date above. Your continued use of the Service after the effective date means you accept the changes.

15) Contact & Requests

To ask questions or exercise your rights, contact us at support@taskdesk.ug or support@taskdesk.ug. For security reasons, we may require verification steps before fulfilling requests.

If you are in Uganda, you may also contact the Personal Data Protection Office. If you are in the EEA/UK, you can contact your local data protection authority. This document is informational and not legal advice; consider independent legal review for your circumstances.

16) Definitions

“Client”: a user purchasing services. “Freelancer”: a user providing services. “Personal data”: information relating to an identified or identifiable individual. “Processor”: a service provider processing data on our behalf.

We use cookies
We use essential cookies to make TaskDesk work and optional analytics cookies to improve it. See our Cookies page.