Privacy Policy

Last updated: February 26, 2026

ZapTask (“we,” “our,” or “us”) is a desktop productivity application. We are committed to protecting your privacy and being transparent about how your data is handled. This policy explains what information ZapTask collects, how it is stored, and your rights regarding that data.

1. Information We Collect

ZapTask is designed with a local-first architecture. The majority of your data never leaves your device. We collect only what is necessary to provide the service:

  • Account information: Your email address, used for authentication and account recovery.
  • Integration tokens: OAuth access and refresh tokens for connected services (Jira, Asana, Monday.com, Notion, Todoist, Google Calendar, Outlook). These are stored locally on your device using encrypted storage.
  • Task data: Tasks synced from your connected platforms are stored in a local SQLite database on your device.
  • Preferences: Your energy profile, theme settings, and app configuration are stored locally.

2. How Integration Data Is Handled

When you connect a third-party service, ZapTask initiates a standard OAuth 2.0 flow with PKCE (Proof Key for Code Exchange). This means:

  • You authorize ZapTask directly with the service provider (e.g., Atlassian, Google, Microsoft).
  • Access tokens are encrypted using your operating system's secure credential storage (macOS Keychain / Windows Credential Manager via Electron safeStorage).
  • Tokens are refreshed automatically and are never transmitted to ZapTask servers.
  • Task data fetched from integrations is stored only in your local database and is never uploaded to our infrastructure.

3. Payment Processing

Payments for ZapTask Pro are processed by Stripe. Stripe collects and processes all payment information (credit card details, billing address) directly. ZapTask never receives, stores, or has access to your payment card details. Upon purchase, a license key is generated and stored securely. For more information, see Stripe's Privacy Policy.

4. Data Storage & Security

  • Local storage: Task data, preferences, and integration tokens are stored on your device in an encrypted SQLite database and secure credential store.
  • Authentication: Account authentication is handled via Supabase, with session tokens encrypted locally.
  • No cloud sync of task data: Your tasks and productivity data remain on your machine. We do not have access to your task content.

5. Data We Do Not Collect

ZapTask does not:

  • Sell, rent, or share your personal data with third parties
  • Track your browsing activity or use advertising trackers
  • Upload your task content or notes to any server
  • Use your data for AI training or profiling

6. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or similar privacy legislation:

  • Access: Request a copy of the personal data we hold about you (limited to your email and account metadata).
  • Deletion: Request deletion of your account. Since task data is stored locally, uninstalling ZapTask removes all local data.
  • Portability: Export your task data from the app at any time via the Day Summary feature.
  • Revoke integrations: Disconnect any integration at any time from Settings. This deletes the stored tokens from your device.

7. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or via email. The “Last updated” date at the top of this page reflects the most recent revision.

8. Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@zaptask.io.