securityPrivacy Policy

Privacy Policy

Your data belongs to you. We protect it, we don't sell it, and we're transparent about how we use it.

verified_userOverview

Overview

shield

GDPR Compliant

Full compliance with EU data protection regulations

dns

EU Data Centers

All data stored in Frankfurt, Germany - never leaves EU

smart_toy

AI Transparency

We never train AI models on your project data

lock

Encrypted Always

Data encrypted in transit and at rest

personPersonal Data We Process

Personal Data We Process

We collect only what's necessary to provide our service.

person

User Data

Email Address

Required

Purpose: Account login, password recovery, and optional notifications

Used for authentication and communication about your account

Name

Optional

Purpose: Team identification in tasks and reports

Can be a nickname - doesn't need to be your legal name

Country

Required

Purpose: Working days calculation and holiday scheduling

Determines which days are workdays for time tracking statistics

Profile Photo

Optional

Purpose: Quick visual identification in team views

Optional - can use any image or leave blank

Address

Optional

Purpose: Team contact information

Only visible to your organization's administrators

business

Organization Data

Company Name & Address

Required

Purpose: Invoicing and billing

Used on invoices and for business correspondence

VAT Number

Optional

Purpose: VAT compliance for EU businesses

Required only for VAT-registered companies

Account Code

Required

Purpose: Unique identifier for your organization

Appears in URLs and API calls

Recovery Email

Required

Purpose: Account access restoration

Used if primary account administrators are unavailable

data:image/svg+xml,%3Csvg width='60' height='60' viewBox='0 0 60 60' xmlns='http://www.w3.org/2000/svg'%3E%3Cg fill='none' fill-rule='evenodd'%3E%3Cg fill='%236366f1' fill-opacity='0.4'%3E%3Cpath d='M36 34v-4h-2v4h-4v2h4v4h2v-4h4v-2h-4zm0-30V0h-2v4h-4v2h4v4h2V6h4V4h-4zM6 34v-4H4v4H0v2h4v4h2v-4h4v-2H6zM6 4V0H4v4H0v2h4v4h2V6h4V4H6z'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E\");"
smart_toyAI & MCP Server Data

AI & MCP Server Data

When you use mcptask.online with AI assistants via our MCP server:

visibility

AI Sees Only What You Authorize

AI agents access only tasks and projects you explicitly enable via MCP. Scoped access controls ensure AI sees the minimum data needed.

history

Full Audit Trail

Every AI action is logged: task reads, work reports, status changes. Complete transparency on what AI accessed and modified.

block

No AI Training on Your Data

We never use your tasks, projects, or any data to train AI models. Your work stays yours. Period.

storage

Your Data Stays in EU

MCP server requests are processed in our EU infrastructure. Data never crosses to US or other regions.

securitySecurity Measures

Security Measures

password

Password Security

We never store or see your passwords. The application works only with password hashes generated using bcrypt with cost factor 12. Even we cannot retrieve your password.

admin_panel_settings

Confidentiality

We maintain strict confidentiality of all personal data. All persons authorized to work with user data are bound by confidentiality agreements.

report_problem

Security Breach Protocol

If any security breach occurs that affects personal data, we will notify you within 24 hours via email. Transparency is non-negotiable.

gavelYour Rights

Your Rights

Under GDPR and our commitment to privacy, you have these rights:

download

Data Export

Export all your data anytime. Full JSON export of tasks, projects, time entries, and all associated data.

delete

Data Deletion

Request complete deletion of all personal data. We will remove from active database immediately and from backups within 90 days.

edit

Data Correction

Correct any personal data through your account settings or by contacting support.

visibility_off

Processing Objection

Object to specific data processing. Contact us to discuss your concerns.

fact_check

Audit Rights

Request a reasonable-scope audit. Give us 30 days notice. Audit costs are user's responsibility. All findings are confidential.

mail

Privacy Contact

Questions about privacy or data processing?

emailprivacy@mcptask.online

We respond to privacy inquiries within 48 hours.

update

Policy Updates

We may update this privacy policy as our service evolves. Significant changes will be communicated via email. The current version is always available at this URL.

scheduleLast updated: January 2026