At Blissful Tasks, we are committed to protecting your personal data and ensuring the highest standards of data security. This Data Protection Policy outlines our approach to safeguarding your information in compliance with applicable data protection laws and regulations.
1. Data Protection Principles
We adhere to the following data protection principles. Most importantly, we do not access, read, or view your task data:
- Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and transparently
- Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
- Data Minimization: We only collect data that is adequate, relevant, and limited to what is necessary
- Accuracy: We ensure your data is accurate and kept up to date
- Storage Limitation: We retain data only for as long as necessary
- Integrity and Confidentiality: We process data securely and protect against unauthorized access
- Accountability: We are responsible for demonstrating compliance with these principles
- Task Privacy: We do not read, view, or access your individual task content
2. Legal Basis for Processing
We process your personal data based on the following legal grounds:
2.1 Consent
We process your data with your explicit consent for specific purposes, such as:
- Creating and managing your account
- Providing task management services
- Sending service-related communications
2.2 Contract Performance
We process your data to fulfill our contractual obligations to provide task management services.
2.3 Legitimate Interests
We may process your data for our legitimate interests, such as:
- Improving our services
- Ensuring security and preventing fraud
- Providing customer support
3. Data Security Measures
Technical Security
- End-to-end encryption for data transmission (HTTPS/TLS)
- Secure authentication using Firebase Auth
- Regular security audits and penetration testing
- Multi-factor authentication support
- Secure data centers with physical security measures
- Zero-knowledge task storage: We cannot access your task content
Organizational Security
- Access controls and role-based permissions
- Regular staff training on data protection
- Incident response procedures
- Data breach notification protocols
- Vendor security assessments
4. Your Data Protection Rights
Under applicable data protection laws, you have the following rights:
4.1 Right of Access
You have the right to request access to your personal data and receive information about how we process it.
4.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
4.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data in certain circumstances.
4.4 Right to Restrict Processing
You can request that we limit how we process your personal data.
4.5 Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
4.6 Right to Object
You can object to the processing of your personal data in certain circumstances.
4.7 Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
5.1 Account Data
- Active accounts: Retained while account is active
- Deleted accounts: Removed within 30 days
- Inactive accounts: Reviewed after 2 years of inactivity
5.2 Task Data
- User tasks: Retained while account is active
- Deleted tasks: Removed immediately upon deletion
- Backup data: Retained for up to 90 days for recovery purposes
5.3 Log Data
- Security logs: Retained for 1 year
- Performance logs: Retained for 6 months
- Analytics data: Retained for 2 years
6. International Data Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure such transfers comply with applicable data protection laws through:
- Adequacy decisions by relevant authorities
- Standard contractual clauses
- Binding corporate rules
- Other appropriate safeguards
7. Data Breach Response
In the event of a data breach, we have established procedures to:
- Detect and assess the breach
- Contain and mitigate the impact
- Notify affected individuals and authorities as required
- Document and learn from the incident
- Implement measures to prevent future breaches
8. Third-Party Processors
We use trusted third-party service providers who process your data on our behalf. Important: These services store your data but we do not access or view your task content:
8.1 Firebase (Google)
- Authentication services
- Database storage (Firestore) - We do not read your task data
- Performance monitoring
8.2 Google Analytics
- Website usage analytics
- Performance monitoring
All third-party processors are bound by data processing agreements and security requirements.
9. Children's Data Protection
Our service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will take steps to delete it promptly.
10. Compliance and Monitoring
We regularly review and update our data protection practices to ensure compliance with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Other applicable data protection laws
- Industry best practices
11. Contact Information
For any questions about data protection or to exercise your rights, please contact us:
- Data Protection Officer: dpo@blissfultask.com
- General Privacy Inquiries: privacy@blissfultask.com
- Website: https://blissfultask.com
You also have the right to lodge a complaint with your local data protection authority.
Last updated: December 2024
Version: 1.0