Privacy Policy

Effective: April 23, 2026 · Last updated: April 29, 2026

TaskTroll is a family coordination app. Your family's data belongs to you. We never sell or share it with advertisers, brokers, or data resellers.

1. Who we are

TaskTroll is operated by John Shoufler (Net87). Questions about this policy or your data: tasktroll.com/support.

2. What we collect

Account information

Name, email address, and password (hashed; we never see your plain-text password)
Profile photo you optionally upload
Family name and invitation codes you create

Children's information (collected and stored by you, the parent)

Child first name, optional birthdate, optional profile photo
A 4-digit PIN you create for each child's login
Chores completed, points earned, rewards redeemed — generated as children use the app

Children do not create Apple IDs or Google accounts to use TaskTroll. All child data is entered and controlled by the parent account holder. Parents can delete any child at any time.

Health information (optional, parent-entered)

Medications your family tracks, including reminders
Illnesses, diagnoses, and temperature logs you choose to record
Insurance card images you upload for the Babysitter Handoff feature

Health data is visible only to parents and explicitly invited family members (grandparents, babysitters) within your family. We do not share health data with third parties.

Financial information

Chore payouts, allowance balances, rewards pricing — all in-app virtual currency plus the real-dollar values you enter
Payment processing is handled by Stripe. We never see or store your credit card number — Stripe handles that per PCI-DSS requirements. We receive only a non-sensitive subscription token.

Connected calendars (optional)

If you choose to connect Google Calendar, we ask Google for read-only access to your calendars and store the following so we can render a merged family calendar inside TaskTroll:

An OAuth refresh token issued by Google, encrypted at rest with AES-256-GCM, used only to fetch your calendar events on your behalf
The email address of the connected Google account, so the app can show "Connected as you@example.com"
The list of calendars on your Google account (titles, default colors, primary flag) so you can pick which ones to share
For each calendar you choose to share with your family: event title, description, location, start/end times, attendee status, recurrence info, meeting URL — synced once every 15 minutes via Google's incremental sync API

Calendars you don't toggle "Share with family" are still listed for you, but their events are not stored or shown to anyone. You can revoke our access at any time by clicking Disconnect in Calendar Settings — this revokes the OAuth grant at Google and deletes the refresh token, the calendar list, and all cached events from our servers. Events you mark Private in Google Calendar are displayed to family members only as "Busy" with details hidden.

Limited use. TaskTroll's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use your Google calendar data to train AI/ML models, serve ads, or transfer to third parties for unrelated purposes. Calendar data is read-only and is used solely to render the in-app family calendar that you, the connecting user, can see.

Location (only if you opt in)

If you grant location permission, TaskTroll shares your device's location with other members of your family so you can see each other on a family map.
Location is stored on our servers only as long as needed to display recent positions (typically the last fix per device).
You can revoke location permission at any time in your device Settings, or by removing a family member from your household.

Device and usage data

Device model, operating system version, app version — for troubleshooting crashes and supporting older devices
Push notification tokens (FCM/APNs) — for sending you chore approval requests, messages, and alerts
Approximate IP address (from HTTP request logs) — for security and abuse prevention

3. How we use your data

Deliver the features you use (sync chores across devices, send notifications, show the family map, render the family calendar)
Process subscription payments via Stripe
Respond to support requests you submit
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations

We do not use your data to build advertising profiles, show targeted ads, or train AI models sold to third parties.

4. Who we share data with

We only share data with service providers required to run TaskTroll:

Stripe — payment processing (handles your card info directly; we never see it)
Firebase Cloud Messaging (Google) — push notification delivery
Apple Push Notification service — iOS push notification delivery
Google API Services — only if you connect Google Calendar; we call the Google Calendar API on your behalf using your OAuth grant to read events from calendars you've explicitly chosen to share. We do not send any of your TaskTroll data back to Google.
Apple Sign-in / Google Sign-in — only if you choose those login methods; the provider returns your verified email and a unique account ID, nothing else
RevenueCat — receipt validation and subscription state for App Store / Play Store purchases
OpenStreetMap — map tiles for the family map (does not receive your precise location — tiles are requested by approximate region)
DigitalOcean — hosting for our servers and databases (United States)
OpenAI — only if you use the optional AI medication-scanning feature; the photo you submit is sent for recognition and not stored after response

We never sell your data, and we never share it with advertisers or data brokers.

5. Your rights

Access — email us to request a copy of the data we hold about you.
Correct — edit your profile, family, children, medications, and other information directly inside the app at any time.
Disconnect connected accounts — revoke connected Google Calendar accounts at any time from Calendar Settings in the app, or directly from your Google Account permissions page. Disconnecting deletes your stored refresh token and all cached events from our servers.
Delete — delete your account permanently at tasktroll.com/delete-account. All associated family data, children profiles, health logs, calendar tokens, cached calendar events, and messages are removed within 30 days.
Export — email us to request a JSON export of your family's data.
California / EEA / UK residents — you have additional rights under CCPA, GDPR, and UK GDPR (rectification, restriction, objection, portability, non-discrimination). Email us to exercise them.

6. Data retention

Account data is retained as long as your account is active.
Connected-calendar refresh tokens and cached events are retained until you disconnect that account or delete your TaskTroll account, at which point they are deleted within 30 days.
When you delete your account, all personal data is erased within 30 days (some anonymized aggregate data — e.g., total active families — may be retained indefinitely).
Server access logs are retained for 90 days for security purposes.

7. Security

We use industry-standard safeguards: TLS/HTTPS for all traffic, bcrypt password hashing, AES-256-GCM encryption for stored OAuth refresh tokens, PostgreSQL with access controls, physical datacenter security via DigitalOcean. No method of online storage is perfectly secure, so we recommend using a strong unique password for your TaskTroll account.

8. Children under 13

Children use TaskTroll only with a parent's account. Parents create child profiles with a family-local PIN — children do not have their own email address, Apple ID, or Google account tied to TaskTroll. Parents are responsible for children's use of the app and may delete a child's profile at any time. TaskTroll does not knowingly collect personal information directly from children under 13 outside of the parent-controlled family context. If you believe we have unintentionally collected such information, contact us and we will delete it.

9. International users

TaskTroll servers are located in the United States. By using TaskTroll from outside the U.S., you consent to the transfer of your data to and processing in the United States.

10. Changes to this policy

If we make material changes, we will notify you via email or in-app notification and update the "Last updated" date at the top of this page. Continued use of the app after notice constitutes acceptance of the updated policy.

11. Google API Services Limited Use disclosure

TaskTroll's use of information received from Google APIs (specifically the Google Calendar API and Google account email) adheres to the Google API Services User Data Policy, including the Limited Use requirements:

We only request the calendar.readonly and userinfo.email scopes, and only after you click "Connect Google Calendar" inside the app.
We use Google calendar data only to render the in-app family calendar that you and the family members you've explicitly invited can see. We do not use it for ads, profiling, or model training.
We do not transfer Google user data to third parties except as necessary to provide the in-app family calendar (i.e., delivering the rendered events to your own family members), to comply with applicable law, or as part of a merger / acquisition / sale of assets with notice to users.
Human access to Google user data is limited to (a) you (the connecting user), (b) the family members you explicitly invite into your TaskTroll family, (c) automated systems that fetch and render events, and (d) authorized engineers responding to support requests you initiate or to investigate a security incident.

12. Contact

Questions, complaints, or data requests: tasktroll.com/support.