Privacy Policy

Last updated: April 2026

1. Overview

Task Monitor is a self-hosted personal task management application. This policy describes what data is collected, how it is used, and your rights regarding that data. Because this application is self-hosted, the operator of this instance (the person who deployed it) is the data controller under GDPR and equivalent regulations.

2. Data We Collect

Data	Purpose	Stored
Username	Account identification & login	Server database
Email address	Daily report emails; account recovery	Server database
Password (hashed)	Authentication — bcrypt hash only, never plaintext	Server database
Task content	Core application function	Server database
Pushover keys (optional)	Push notification delivery	Server database
TOTP secret (optional)	Two-factor authentication	Server database
Session cookie	Keeping you logged in	Browser (session duration)
Layout & sort preferences	Remembering your display preferences	Browser localStorage only
Server access logs	Security & diagnostics	Server logs (gunicorn)

3. Cookies & Local Storage

This application uses:

Session cookie — a strictly necessary cookie required for login. No tracking or advertising purpose. It expires when you close your browser or log out.
localStorage (tm_layout, tm_sort) — stores your display preferences locally in your browser. This data never leaves your device and is not transmitted to the server.

No third-party cookies, analytics scripts, or advertising trackers are used.

4. Data Sharing

Data entered into Task Monitor is not shared with any third parties, except:

Resend (email delivery service) — if email notifications are enabled, your email address and task summary content are transmitted to Resend to deliver emails. Resend's privacy policy applies: resend.com/legal/privacy-policy.
Pushover (push notifications) — if configured, your Pushover user key and notification content are transmitted to Pushover. Pushover's privacy policy applies: pushover.net/privacy.

5. Data Retention

Your data is retained for as long as your account exists. You may request deletion of your account and all associated data by contacting the operator of this instance. Task data can be deleted at any time from within the application.

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

Access — request a copy of the personal data held about you
Rectification — correct inaccurate data via the Settings page
Erasure — request deletion of your account and data
Portability — receive your data in a portable format
Objection — object to processing where legitimate interests are relied upon

To exercise these rights, contact the operator of this Task Monitor instance directly.

7. Security

Passwords are stored using bcrypt hashing. Communication between your browser and this server should be protected by HTTPS. The operator is responsible for ensuring the server and database are secured appropriately.

8. Children

This application is not directed at children under 13 (or under 16 in the EEA). If you believe a child has provided personal data, contact the operator to have it removed.

9. Changes to This Policy

The operator may update this policy from time to time. Continued use of the application after changes constitutes acceptance of the revised policy.

10. Contact

For any privacy-related enquiries, contact the operator of this Task Monitor instance.