Privacy Policy

1. Introduction

This Privacy Policy describes how RightCode LTD ("we," "us," "our," or "TaskFlow Pro") collects, uses, and discloses personal information in connection with our TaskFlow Pro platform and related services (collectively, the "Services").

Our goal is to provide you with a clear understanding of our data practices. We are committed to protecting your privacy and handling your personal information in an open and transparent manner.

Our Role as a Data Controller and Processor

It is important to understand our role. When you, as an individual or a direct customer, create an account with us, we act as the "Data Controller" for the information you provide.

When our business customers (e.g., an organization you work for) use our Services to manage their own operations and personnel, they are the Data Controller. In this scenario, we act as the "Data Processor," processing data on their behalf and according to their instructions and our service agreement with them. This policy primarily addresses our practices as a Data Controller.

2. Personal Information We Collect and Use

We collect personal information that is necessary to provide and improve our Services. The table below outlines the categories of personal information we collect, our purposes for collection, and the legal bases for processing under GDPR.

Category of Personal Information	Examples	Primary Business Purpose(s) & Legal Basis
Identifiers	Real name, email address, postal address, phone number, unique online identifier, Internet Protocol (IP) address.	Purpose: To create and manage user accounts; provide, operate, and maintain the Services; communicate with you for support and administrative messages; and prevent fraudulent activity. Lawful Basis: Performance of a contract with you; Legitimate interests.
Professional or Employment-Related Information	Job title, employer name, work history, performance evaluations, training records, work contracts, and schedules.	Purpose: To provide HR-related features of the Services, such as organizational structure management, performance evaluation, and capacity building; to assign tasks and manage roles and permissions within the platform. Lawful Basis: Performance of a contract; Legitimate interests.
Internet or Other Electronic Network Activity Information	Log data, information about your device and browser, and your interaction with our Services (e.g., feature usage, clicks, performance data).	Purpose: To monitor and analyze trends and usage of the Services for improvement; to develop new products and features; and to identify and fix bugs or other technical issues. Lawful Basis: Legitimate interests; Consent (for non-essential cookies).
User-Generated Content	Any information you create or upload, such as procedures, tasks, comments, documents, and messages sent via the integrated chat or email features.	Purpose: To provide the core functionality of the Services, allowing you to build SOPs, track performance, and drive results. Lawful Basis: Performance of a contract.
Geolocation Data	We may collect your approximate location from your IP address.	Purpose: For security purposes (e.g., identifying suspicious logins) and for providing localized content or services. Lawful Basis: Legitimate interests.

Sensitive Personal Information: We do not intentionally collect sensitive personal information (such as health data or genetic data), unless it is uploaded by a customer as User-Generated Content. In such cases, we process it as a Data Processor on behalf of our customer.

3. Disclosure of Personal Information

We do not "sell" or "share" your personal information for purposes of cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We may disclose your personal information for business purposes to the following categories of third parties:

Service Providers: We share information with vendors and consultants who perform services on our behalf, such as cloud hosting (using technologies like Kubernetes), data storage (using technologies like Ceph), and data analytics. These providers are contractually obligated to protect your information and use it only for the services we request.
Legal and Law Enforcement: We may disclose your information if we believe it is required to comply with any applicable law, regulation, legal process, or governmental request.
Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, your information may be transferred as a business asset.

4. Your Privacy Rights and Choices

Depending on your jurisdiction (such as the EEA/UK or California), you may have the following rights regarding your personal information.

The Right to Know and Access: The right to request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting it, and the categories of third parties with whom it is shared.
The Right to Correct (or Rectification): The right to request that we correct inaccurate personal information that we maintain about you.
The Right to Delete (or Erasure): The right to request the deletion of your personal information, subject to certain exceptions.
The Right to Data Portability: The right to receive your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit this information to another entity without hindrance.
The Right to Object or Restrict Processing: The right to object to or request that we restrict certain processing of your personal information.
The Right to Limit the Use and Disclosure of Sensitive Personal Information: The right to direct us to limit the use of your sensitive personal information to that which is necessary to perform the Services.
The Right to Non-Discrimination: We will not discriminate or retaliate against you for exercising any of your privacy rights.

How to Exercise Your Rights: To exercise these rights, please submit a verifiable request to us at privacy@rightcode.io. We will respond to your request within the timeframes required by law.

5. Data Security

We use reasonable and appropriate administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, or disclosure. Our security measures include encryption, access controls, and secure authentication protocols to safeguard data integrity and confidentiality.

6. Data Retention

We retain personal information for as long as is necessary to fulfill the purposes for which it was collected. The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide the Services to you.
Whether there is a legal obligation to which we are subject.
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

7. Children's Privacy

Our Services are not intended for or directed to individuals under the age of 16, and we do not knowingly collect personal information from them.

8. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. For individuals in the European Economic Area (EEA), this means your data may be transferred outside the EEA. When we do so, we ensure that the recipient of your personal information offers an adequate level of protection, for instance by entering into Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Data Protection Officer (DPO)

If you have questions about this policy or if you are a resident of the EEA, you can contact our Data Protection Officer at dpo@rightcode.io.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with more prominent notice (such as a statement on our homepage or a direct notification).