Taskora Privacy Policy

Last Updated: 1/15/2026

1. Introduction

Taskora ("we," "us," or "our") provides a Chrome Extension and Web Application to facilitate workflow automation. This Privacy Policy explains how we collect, use, and disclose information. This Privacy Policy applies to users located in the United States and is intended to comply with applicable U.S. data protection laws.

2. Information We Collect

Account Information

When you sign in to the Taskora dashboard or extension, we collect your email address and authentication credentials. Passwords are salted and hashed via our authentication provider and are never accessible to us in plain text. We also store profile information you provide (such as names) and strictly limited audit logs (IP address, user agent) for security monitoring.

Extension Usage & Automation Data

The Taskora Chrome Extension operates on platforms enabled within your Taskora configuration ("Supported Platforms"). To provide automation features:

• Data Capture: To power automation features, the extension accesses structured responses from supported applications’ APIs along with HTML content. This data is processed only in response to user-initiated workflows. This allows Taskora to capture necessary context from Supported Platforms (such as record details, field values, or task payloads) strictly to execute the workflows you initiate.
• Data Destination: API responses captured by the extension are relayed exclusively to the Taskora backend for processing. This data is not shared with or sold to unrelated third parties.
• On-Demand Fetching: When you trigger Analyze, Refresh, or Re-Run actions, the extension may fetch task-specific context URLs or make direct API calls to the active platform on your behalf.
• Local Storage: We use Chrome’s local storage to cache run history, temporary logs, and user-specific encryption keys.

Device & Log Data

We collect standard application logs to monitor system stability. This may include timestamps, request URLs, and HTTP status codes. Remote logging is disabled by default in the extension; when enabled, sensitive headers are redacted. We also monitor session cookies in the background to ensure your authentication state remains synchronized.

3. Chrome Extension Permissions

To function correctly, the Taskora extension requires the following permissions, as defined in our manifest.json:

• storage: Used to store user preferences, cache task run data, and manage local encryption keys.
• activeTab: Allows the extension to display the Taskora side panel and interact with the specific tab you are working on when you click the extension icon.
• cookies: Used exclusively to read Taskora-related authentication cookies to sync your login session. The extension does not access cookies from unrelated domains.
• alarms: Used to schedule background checks for session token expiration to keep you logged in.
• Host Permissions: The extension requests access to supported third-party platforms (such as your CRM, field service software, or workflow management tools) strictly to inject the automation interface and capture API responses.
• Localhost Access: The extension may request permissions for localhost domains. This is strictly to support local development and testing workflows and is not used for production data collection.

4. Third-Party Service Providers

We utilize trusted third-party vendors to provide our infrastructure. We share data only to the extent necessary for them to provide their services:

• Core Infrastructure (Supabase): We use Supabase for secure authentication and database storage.
• AI Processing: When you utilize AI features, task context and prompts are sent to OpenAI, Google, and Anthropic for processing. We do not share your data with these providers for the purpose of training their models.
• Analytics & Logging: We use third-party providers (such as ClickHouse and Axiom) to store aggregated usage metrics, system logs, and error reports. These logs are stripped of sensitive user content where possible.
• Communication & Support: We use third-party services to deliver transactional emails and provide in-app customer support.

5. Data Retention

We retain personal data only for as long as necessary to provide the Taskora service.

• Account Data: Retained until you request deletion.
• Extension Cache: Local extension data (such as previous run history) is short-lived (typically clearing within minutes) and stored locally on your device.

6. Security Measures

We employ industry-standard security measures to protect your data:

• Encryption in Transit: All data exchanges between the extension, web app, and our servers occur over SSL/HTTPS.
• Encryption at Rest: Passwords and sensitive database fields are encrypted.
• Access Control: We use HttpOnly cookies for authentication and CSRF tokens to prevent unauthorized commands.
• Data Minimization: Backend logs are configured to redact sensitive headers and secrets.

7. Chrome Web Store Compliance

The Taskora extension adheres to the Chrome Web Store Program Policies and uses permissions only as required for user-initiated automation features. The extension does not transmit or store data unrelated to the user’s workflows, and does not monitor unrelated browsing activity.

8. Children’s Privacy

Taskora is not intended for children under 13 years old, and we do not knowingly collect personal information from them. If we become aware that a child has provided personal information, we will delete it promptly.

9. Your Rights & Contact Information

You may request access to, correction of, or deletion of your personal information. You can stop all data collection by the extension by uninstalling it from your browser; upon uninstallation, local storage and keys are immediately cleared by Chrome.

If you have questions about this policy or would like to request a copy of the data we’ve collected about you, please contact us:

• Email: support@gettaskora.com
• Mail: 206 Knowles Street, Raleigh, NC 27603