Privacy Policy
Your data belongs to you. We protect it, we don't sell it, and we're transparent about how we use it.
Overview
GDPR Compliant
Full compliance with EU data protection regulations
EU Data Centers
All data stored in Frankfurt, Germany - never leaves EU
AI Transparency
We never train AI models on your project data
Encrypted Always
Data encrypted in transit and at rest
Personal Data We Process
We collect only what's necessary to provide our service.
User Data
Email Address
RequiredPurpose: Account login, password recovery, and optional notifications
Used for authentication and communication about your account
Name
OptionalPurpose: Team identification in tasks and reports
Can be a nickname - doesn't need to be your legal name
Country
RequiredPurpose: Working days calculation and holiday scheduling
Determines which days are workdays for time tracking statistics
Profile Photo
OptionalPurpose: Quick visual identification in team views
Optional - can use any image or leave blank
Address
OptionalPurpose: Team contact information
Only visible to your organization's administrators
Organization Data
Company Name & Address
RequiredPurpose: Invoicing and billing
Used on invoices and for business correspondence
VAT Number
OptionalPurpose: VAT compliance for EU businesses
Required only for VAT-registered companies
Account Code
RequiredPurpose: Unique identifier for your organization
Appears in URLs and API calls
Recovery Email
RequiredPurpose: Account access restoration
Used if primary account administrators are unavailable
AI & MCP Server Data
When you use mcptask.online with AI assistants via our MCP server:
AI Sees Only What You Authorize
AI agents access only tasks and projects you explicitly enable via MCP. Scoped access controls ensure AI sees the minimum data needed.
Full Audit Trail
Every AI action is logged: task reads, work reports, status changes. Complete transparency on what AI accessed and modified.
No AI Training on Your Data
We never use your tasks, projects, or any data to train AI models. Your work stays yours. Period.
Your Data Stays in EU
MCP server requests are processed in our EU infrastructure. Data never crosses to US or other regions.
Security Measures
Password Security
We never store or see your passwords. The application works only with password hashes generated using bcrypt with cost factor 12. Even we cannot retrieve your password.
Confidentiality
We maintain strict confidentiality of all personal data. All persons authorized to work with user data are bound by confidentiality agreements.
Security Breach Protocol
If any security breach occurs that affects personal data, we will notify you within 24 hours via email. Transparency is non-negotiable.
Your Rights
Under GDPR and our commitment to privacy, you have these rights:
Data Export
Export all your data anytime. Full JSON export of tasks, projects, time entries, and all associated data.
Data Deletion
Request complete deletion of all personal data. We will remove from active database immediately and from backups within 90 days.
Data Correction
Correct any personal data through your account settings or by contacting support.
Processing Objection
Object to specific data processing. Contact us to discuss your concerns.
Audit Rights
Request a reasonable-scope audit. Give us 30 days notice. Audit costs are user's responsibility. All findings are confidential.
Privacy Contact
Questions about privacy or data processing?
privacy@mcptask.onlineWe respond to privacy inquiries within 48 hours.
Policy Updates
We may update this privacy policy as our service evolves. Significant changes will be communicated via email. The current version is always available at this URL.