This policy explains what personal data ontask.day collects, why it's collected, how it's stored, and what your rights are. It's written in plain English because privacy policies should actually be readable.
Ryan MacGillivray, based in London, UK.
Email: [email protected]
If you have any questions about this policy, or want to exercise any of your rights, please get in touch at that address.
When you register, we store your email address (normalised to lowercase) and an encrypted, one-way hash of your password — we have no way to see or recover your actual password. We use this data to authenticate you. The legal basis is contract performance: we need it to provide the service you've signed up for.
We store the tasks you create, including their title, notes, due date, status, priority, and any reminder times. This data exists solely to provide the app's core functionality. The legal basis is contract performance.
ontask.day includes an optional daily journal. If you use it, we store:
Your free-text mood notes are encrypted at rest — we cannot read them. The numeric ratings and medication toggle are stored unencrypted but are only accessible to you.
This is health data under UK GDPR Article 9 ("special category data"), which receives stronger legal protection. We only process it with your explicit consent (Article 9(2)(a)), given during registration. You can stop journal data being collected at any time by turning off the journal in your account settings, or withdraw your consent entirely by contacting us — see "Your rights" below.
We store your timezone (so reminders fire at the right time), push notification subscription tokens (if you enable notifications), and session data to keep you logged in. Our hosting provider, Hetzner, also collects standard server access logs including IP addresses and user-agent strings as part of normal server operation.
We keep your data for as long as your account is active. When you close your account, your data is deleted. Account deletion is not yet available as a self-service feature — if you want your account and data removed, email us at [email protected] and we'll do it promptly. A self-service deletion option is on the roadmap.
We currently use one third-party data processor:
We do not sell your data. We do not share it with advertisers. We do not use it for any purpose other than providing ontask.day to you.
You have the following rights regarding your personal data:
To exercise any of these rights, email [email protected]. We'll respond within one month as required by UK GDPR.
If you believe we've handled your data incorrectly, you have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO): ico.org.uk.
If we make significant changes to this policy — for example, adding a new third-party processor — we'll update the "Last updated" date at the top of this page. We may also notify you by email if the changes affect how we process your health data.