Task ManagerBack to app

Privacy Policy

Effective date: June 30th, 2026 Who we are: Divergence Holdings Pty Ltd ("we", "us", "our"), the provider of Task Manager (the "Service"), accessible at www.taskmanager.smallbizsystems.com.au. Contact: steve@smallbizsystems.com.au

This policy explains how we handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. The short version

  • We collect the minimum data we need to run the Service.
  • We don't sell your data.
  • Your data is isolated from other users at the database level.
  • You can request an export or deletion of your data at any time.
  • We host the database in Australia (Sydney); some service providers process data overseas (see §6).

2. What we collect

Account information — email address and display name (via our authentication provider, Supabase Auth). Passwords are hashed by the provider; we never see them.

Content you create — the data you enter to use the Service:

  • Tasks, notes, due dates, buckets, and file attachments you upload.

Technical/usage data — basic logs needed for security and reliability (e.g. timestamps, error events). We configure logging so it does not capture the content of your tasks, transactions, or files.

3. Sensitive information

We do not seek "sensitive information" as defined by the Privacy Act (e.g. health, government identifiers).

  • Attachments are a general-purpose feature. You should not upload documents containing full payment-card numbers, government IDs, or other people's personal information without authority (see our Acceptable Use Policy). If you choose to upload such material, you do so at your own risk and consent to us storing it as part of the attachment.

4. How we use your information

  • To provide, maintain, and secure the Service.
  • To authenticate you and isolate your data from other users.
  • To send essential service emails (e.g. sign-up confirmation, password reset) via our email provider.
  • To power optional AI features you trigger (e.g. turning a voice note into a task) — only the text/audio you submit for that feature is sent to the AI provider (see §6).
  • We do not use your content to advertise to you, and we do not sell it.

5. Legal basis & APP compliance

We collect and handle personal information only as reasonably necessary to provide the Service, consistent with the APPs (collection, use, disclosure, security, access, and correction).

6. Who we share it with (service providers & overseas processing)

We don't sell or rent personal information. We use the following service providers ("sub-processors") to run the Service. Some are located overseas (mainly the United States), so providing your information to the Service may involve cross-border disclosure (APP 8):

ProviderPurposeLocation
SupabaseDatabase, authentication, file storageDB region: Australia (Sydney); company US-based
VercelApplication hostingUS / global edge
ResendTransactional emailUS
Anthropic / OpenAIOptional AI features (text/voice)US

We may also disclose information if required by law.

7. Security (APP 11)

We take reasonable steps to protect personal information, including:

  • Encryption in transit (TLS) and at rest.
  • Database Row-Level Security so a user can only ever access their own (or their household/tenant's) data.
  • Attachments stored in a private bucket, served only via short-lived signed links, with access restricted to members of the owning task area.
  • Access controls and least-privilege handling of administrative credentials.
  • Logging configured to exclude your content and sensitive data.

No system is perfectly secure; we cannot guarantee absolute security.

8. Data retention

  • Account and content data are retained while your account is active.
  • Attachments are retained until you (or an administrator of the task area) delete them, or you delete your account.
  • When you delete your account, we delete your personal information and content, including stored files, within 30 days. Backups are retained on a rolling 30 day cycle and then overwritten.

9. Accessing, correcting, exporting, and deleting your data (APP 12 & 13)

You can:

  • Access / export — request a copy of your data (JSON/CSV) by contacting us at steve@smallbizsystems.com.au.
  • Correct — edit your content directly, or contact us.
  • Delete — delete individual items yourself, or request deletion of your entire account and all associated data (including stored files) by contacting steve@smallbizsystems.com.au.

10. Data breaches

If a data breach occurs that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

11. Children

The Service is not intended for anyone under 18 years old. We do not knowingly collect their information.

12. Changes

We may update this policy. Material changes will be notified by email or in-app. The "Effective date" shows the latest version.

13. Complaints

To make a privacy complaint, contact us at steve@smallbizsystems.com.au. If unsatisfied, you may contact the OAIC (oaic.gov.au).