Legal — Privacy

Privacy Policy

— Effective: 17 April 2026— Updated: 17 April 2026— Version 1.0

TSKR Labs Limited ("TSKR", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our AI-powered task and project management platform.

TSKR Labs Limited is incorporated in Ireland (Company No. TBC) and is subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") as retained in Irish law, and the Data Protection Acts 1988–2018. We act as the data controller for the personal data described in this policy.

Please read this policy carefully. By using our services, you acknowledge that you have read and understood it.

Who we are

Controller: TSKR Labs Limited, a company incorporated in Ireland.

Contact: eoin@tskr.app

As a controller established in the European Union, we are subject to the supervision of the Data Protection Commission (DPC), Ireland's national data protection supervisory authority.

Data we collect

We collect personal data in the following categories:

→Account data — name, email address, and password credentials provided at registration.
→Profile data — job title, organisation name, and any optional profile information you choose to provide.
→Payment & billing data — billing address and payment method details. Card data is processed directly by our payment processor and is not stored on our servers.
→Usage & platform data — tasks, projects, notes, comments, and other content you create or upload while using TSKR.
→Technical data — IP address, browser type and version, device identifiers, time zone, operating system, and pages visited.
→Communications data — records of correspondence if you contact our support team.
→Marketing preferences — your opt-in or opt-out choices for marketing communications.

We do not intentionally collect special category data (e.g. health, biometric, or political data) and ask that you do not include such data in your TSKR workspace.

Legal basis for processing

Under Article 6 GDPR, we process your personal data on the following lawful bases:

Basis

When we rely on it

Contract (Art. 6(1)(b))

To provide, maintain, and support the TSKR service you have signed up for.

Legitimate interests (Art. 6(1)(f))

To improve our platform, prevent fraud, ensure network security, and send service-related communications. We have carried out a legitimate interests assessment (LIA) and are satisfied our interests are not overridden by your rights.

Consent (Art. 6(1)(a))

For marketing emails and non-essential cookies where you have given explicit, freely given consent. You may withdraw consent at any time without penalty.

Legal obligation (Art. 6(1)(c))

To comply with applicable Irish and EU legal requirements, including tax, anti-money laundering, and regulatory obligations.

How we use your data

→To create and manage your TSKR account.
→To deliver and improve the AI-powered features of the platform.
→To process payments and manage subscriptions.
→To send transactional communications (e.g. receipts, security alerts).
→To send marketing communications where you have opted in.
→To conduct internal analytics and product research to improve TSKR.
→To detect, investigate, and prevent fraudulent or unauthorised activity.
→To comply with legal and regulatory obligations.

We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without first obtaining your explicit consent under Article 22 GDPR.

Cookies

We use cookies and similar tracking technologies on our platform. In line with the ePrivacy Regulations (SI 336/2011) and GDPR, we obtain your consent before setting any non-essential cookies.

→Strictly necessary cookies — required for the platform to function. No consent needed.
→Analytics cookies — used to understand how users interact with TSKR (e.g. pages visited, session duration). Consent required.
→Functional cookies — remember your preferences and settings. Consent required.
→Marketing cookies — used to deliver relevant advertising. Consent required.

You can manage your cookie preferences at any time via our cookie consent banner or your browser settings. Withdrawing consent for non-essential cookies will not affect the core functionality of TSKR.

Who we share your data with

We do not sell your personal data. We may share it with the following categories of recipients, all of whom are contractually required to handle your data in compliance with GDPR:

→Cloud infrastructure providers — for hosting and storage of the TSKR platform.
→Payment processors — to handle billing and subscription management securely.
→Analytics providers — to help us understand platform usage in aggregate.
→Customer support tools — to manage and respond to support queries.
→Email service providers — to send transactional and marketing communications.
→Professional advisers — including lawyers and accountants, under duties of confidentiality.
→Competent authorities — where required by law, court order, or to protect the rights of TSKR or others.

Where we engage third-party processors, we execute appropriate Data Processing Agreements (DPAs) as required by Article 28 GDPR.

International data transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). Where we transfer personal data to countries not recognised by the European Commission as providing an adequate level of protection, we ensure appropriate safeguards are in place, including:

→Standard Contractual Clauses (SCCs) approved by the European Commission.
→Binding Corporate Rules (BCRs) where applicable.
→Any other transfer mechanism permitted under Chapter V GDPR.

You may request details of the specific safeguards in place for any transfer by contacting us at the address below.

Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law. Our general retention principles are:

→Account data — held for the duration of your subscription and deleted within 90 days of account closure, unless a longer period is required by law.
→Financial & billing data — retained for 7 years to comply with Irish tax and accounting obligations under the Companies Act 2014 and the Taxes Consolidation Act 1997.
→Support communications — retained for up to 3 years for quality and legal purposes.
→Technical & log data — retained for up to 12 months, then anonymised or deleted.

When data is no longer required, we securely delete or anonymise it in accordance with our internal data disposal procedure.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

→Encryption of data in transit (TLS) and at rest (AES-256).
→Role-based access controls and least-privilege principles.
→Regular security assessments and vulnerability testing.
→Staff training on data protection obligations.
→Incident response procedures aligned with Article 33 GDPR breach notification requirements.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where required, notify affected individuals without undue delay.

Your rights

Under GDPR and the Data Protection Acts 1988–2018, you have the following rights in relation to your personal data. To exercise any of them, contact us at eoin@tskr.app. We will respond within one month as required by Article 12 GDPR.

Right of Access

Request a copy of the personal data we hold about you (Art. 15).

Right to Rectification

Ask us to correct inaccurate or incomplete data (Art. 16).

Right to Erasure

Request deletion of your data where no legitimate ground for retention exists (Art. 17).

Right to Restrict

Request that we limit processing in certain circumstances (Art. 18).

Right to Portability

Receive your data in a structured, machine-readable format (Art. 20).

Right to Object

Object to processing based on legitimate interests or for direct marketing (Art. 21).

Withdraw Consent

Withdraw consent at any time where processing relies on consent (Art. 7(3)).

Lodge a Complaint

Complain to the DPC if you believe your rights have been violated (Art. 77).

Children

TSKR is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will delete that data promptly.

If you believe a child under 16 has provided us with personal data, please contact us immediately at eoin@tskr.app.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify you by email or via a prominent notice on the platform at least 30 days before the changes take effect.

Continued use of TSKR after changes take effect constitutes acceptance of the revised policy. The version date at the top of this page will always reflect the most recent update.

Contact & complaints

For all privacy-related queries or to exercise your rights, contact us at:

Company

TSKR Labs Limited

Emaileoin@tskr.app

Jurisdiction

Ireland — subject to GDPR and the Data Protection Acts 1988–2018

Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC):

21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie

Registered in Ireland · GDPR compliant