ForesttasksForesttasks
PricingSecurityAbout
Sign inGet early access
Get early access
Menu
PricingSecurityAbout
Sign inGet early access
← All policies

Privacy Policy

UAB APP FOREST · Version 1.0 · Last updated 2026-06-23

Draft — effective at launch, last updated 23 June 2026. UAB APP FOREST is in formation. This policy is published for transparency and takes legal effect once the company is incorporated and its registration details are completed.

This Privacy Policy explains how UAB APP FOREST (“Foresttasks”, “we”, “us”) collects, uses, and protects personal data when you use the Foresttasks platform and website at foresttasks.app. We wrote it to describe what we actually do — not a generic template. Foresttasks runs no third-party analytics, advertising, or tracking technology of any kind.

1. Who we are (data controller)

The controller responsible for your personal data is:

  • UAB APP FOREST (trading as Foresttasks) — a company in formation in Lithuania.
  • Registered office: Lithuania (full address published on registration) — see the Legal Notice for current company details.
  • Privacy contact: privacy@foresttasks.app.

We have not appointed a statutory Data Protection Officer because we are not required to; the privacy address above reaches the people responsible for data protection.

2. Scope of this policy

This policy covers personal data we process as a controller: data about account holders, organisation administrators, billing contacts, and website visitors. When your organisation uses Foresttasks to manage its own work, the content you put into tasks may include personal data for which your organisation is the controller and we are a processor; that relationship is governed by our Data Processing Agreement. This policy does not cover third-party sites we link to.

3. Personal data we collect

We practise data minimisation — we collect only what the service needs to function. The categories below are everything we process.

Account data

  • Your name and email address.
  • Your hashed authentication credentials. We never store passwords in plain text; they are salted and hashed.
  • If you choose “Sign in with Google”: your name, email address, and Google account identifier from your Google profile. This is optional — it is only collected if you select Google sign-in instead of email and password.

Organisation & billing data

  • Your organisation’s name and the billing contact email.
  • Subscription and payment status. Billing is handled by Stripe. Card details are entered directly on Stripe-hosted Checkout and never reach our servers — we receive only a billing email, an organisation identifier, and the subscription state Stripe reports back.

Task content you create

  • The content you put into the platform: task titles, descriptions, comments, links, attachments, and related activity. This is the core data you entrust to us, and it can contain whatever you choose to write — including personal data about others, for which your organisation is responsible as controller.

Operational & security data

  • IP address and request metadata, processed at our edge by Cloudflare for security, DDoS protection, and bot mitigation.
  • Server logs (e.g. timestamps, request paths, error traces, and API-key/agent identifiers) generated automatically when you use the service, kept to operate, secure, and debug it.

4. What we do not do

To be unambiguous, Foresttasks does not:

  • embed any third-party analytics, telemetry, advertising, or tracking SDKs — there are none anywhere in the product or on this website;
  • build advertising or behavioural profiles, or track you across other sites;
  • sell, rent, or “share” your personal data for cross-context behavioural advertising (as those terms are defined under US state privacy laws); or
  • use your task content to train a shared or platform-wide AI model. See the BYOK section below.

5. Purposes and legal bases (GDPR Article 6)

We process the data above for these purposes, on these legal bases:

PurposeData usedLegal basis
Create your account, authenticate you, and provide the platform.Account data, organisation data.Performance of a contract (Art. 6(1)(b)).
Process subscriptions and payments.Billing contact email, organisation identifier, subscription status.Performance of a contract (Art. 6(1)(b)); legal obligation for tax/accounting records (Art. 6(1)(c)).
Send service emails (verification, password reset, invitations, notifications).Name and email address.Performance of a contract (Art. 6(1)(b)).
Keep the service secure, prevent abuse, and debug problems.Operational & security data (IP, request metadata, logs).Legitimate interests in securing and maintaining the service (Art. 6(1)(f)).
Improve and maintain the service.Aggregated/operational data; never your task content for this purpose.Legitimate interests in improving the service (Art. 6(1)(f)).
Comply with legal obligations and respond to lawful requests.Whatever the obligation specifically requires.Legal obligation (Art. 6(1)(c)).
Optional features you switch on (Google sign-in, AI assistance, integrations).Only the data that feature needs.Consent (Art. 6(1)(a)) and/or performance of a contract (Art. 6(1)(b)).

Where we rely on legitimate interests, we have weighed them against your rights and use only what is necessary. You can object to that processing — see your rights.

6. AI assistance — bring your own key (BYOK)

Foresttasks does not run a shared platform AI model over your data. AI features are off by default. If an organisation administrator enables AI, they supply the organisation’s own API key for the LLM provider they choose (for example Anthropic, OpenAI, or OpenRouter). When an AI action runs:

  • the task title, description, and intent for that action are sent to the provider the organisation selected, authenticated with the organisation’s own key;
  • that key is encrypted per organisation at rest, and the choice of provider is yours;
  • the provider acts effectively as your organisation’s sub-processor — its own terms and data handling apply to what it receives, so review them when you enable it.

Because there is no shared model, your task content is never pooled with other customers’ data or used to train a Foresttasks model.

7. Cookies

We set only strictly-necessary cookies (to keep you signed in, complete OAuth sign-in securely, and protect against CSRF). We set no analytics, advertising, or third-party tracking cookies, which is why there is no consent banner. The full list is in our Cookie Policy.

8. How we share data and our sub-processors

We do not sell your data and we share it only with service providers who process it on our behalf under contract (“sub-processors”), and only as needed to run Foresttasks. In summary, primary application data is hosted with an EU cloud provider; Stripe handles payments; Resend delivers transactional email; and Cloudflare provides edge security. Customer-enabled features (Google sign-in, your chosen AI provider, and object storage for attachments) involve additional providers only when you turn them on.

The complete, current list — who each provider is, what they receive, and where they process it — is on our Sub-processors page. We may also disclose data where legally required, or to protect our rights, safety, or property.

9. International data transfers

Primary application data is stored in the European Union. Some sub-processors (such as Stripe, Resend, Cloudflare, and — if you enable it — Google) may process data in the United States or globally. Where personal data leaves the European Economic Area, we rely on appropriate safeguards under the GDPR: Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework. You can ask us for more detail at privacy@foresttasks.app.

10. Data retention

  • Account & task content — kept for as long as your account or organisation is active. When you delete your account or organisation, we delete or irreversibly anonymise the associated personal data within a reasonable period, except where we must retain specific records by law.
  • Billing records — retained as long as required by applicable tax and accounting law.
  • Security logs — kept only as long as needed for security and debugging, then deleted or anonymised.

You can request deletion at any time — see below.

11. Your rights under the GDPR

If you are in the European Economic Area or the UK, you have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — have your data deleted where there is no overriding legal reason to keep it.
  • Restriction — limit how we process your data in certain cases.
  • Data portability — receive your data in a structured, machine-readable format, or have it sent to another controller where technically feasible.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where we rely on consent (e.g. an optional feature), withdraw it at any time, without affecting prior lawful processing.

To exercise any of these, email privacy@foresttasks.app. We will respond within the timeframe the law requires (generally one month). We may need to verify your identity first. Exercising your rights is free unless a request is manifestly unfounded or excessive.

Lodging a complaint

You also have the right to lodge a complaint with a data-protection supervisory authority. Our lead authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) (VDAI) in Lithuania. You may also contact the authority in your own country of residence. We would, of course, appreciate the chance to address your concern first.

12. US state privacy rights (California, Virginia, Colorado, and more)

If you are a resident of California (under the CCPA, as amended by the CPRA) or of another US state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, or Utah), you have additional rights described here. The personal data we handle is the same for everyone — the categories in section 3: identifiers (name, email, account and Google identifiers), commercial information (billing and subscription status), internet/network activity and device data (IP and request metadata, server logs), and the content you create in tasks.

We do not sell your personal information, and we do not “share” it for cross-context behavioural advertising. We never have. We also do not use or disclose sensitive personal information for purposes that would trigger a right to limit its use.

Subject to the applicable law, you have the right to:

  • Know / access — the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of recipients.
  • Delete — request deletion of personal information we collected.
  • Correct — request correction of inaccurate personal information.
  • Opt out — of any sale or sharing of personal information. As stated, we do neither, so there is nothing to opt out of, and we honour Global Privacy Control signals as a matter of course.
  • Non-discrimination — we will never deny you service, charge a different price, or provide a lesser quality of service for exercising your rights.

To make a request, email privacy@foresttasks.app. You may use an authorised agent to submit a request on your behalf; we will ask for proof of the agent’s authority and may verify your identity directly. If we deny a request, you may appeal by replying to our decision; where your state provides one, you may also contact your state attorney general.

13. Security

We protect your data with encryption in transit and at rest, scoped access controls, and an EU-hosted, self-contained architecture with no third-party tracking. For the full picture, see our Security & Trust page.

14. Children

Foresttasks is a business-to-business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact privacy@foresttasks.app and we will delete it.

15. Changes to this policy

We may update this policy as the service or the law evolves. We will revise the version and “last updated” date at the top, and for material changes we will give notice through the service or by email. Continued use after an update means you accept the revised policy.

16. Contact

Questions about this policy or your personal data? Email privacy@foresttasks.app, or write to UAB APP FOREST at the registered office in our Legal Notice.

Questions about this document? Email legal@foresttasks.app.
ForesttasksForesttasks

Put your agents to work. The shared queue where humans and AI agents pick up tasks, run in parallel, and prove the work is done.

GitHubX

Product

  • Overview
  • Pricing
  • ROI calculator
  • Agent-setup diagnostic
  • Changelog
  • Status
  • Security & trust

Developers

  • Agent workflow
  • Stability policy
  • OpenAPI spec

Company

  • About
  • Contact

Legal

  • Terms
  • Privacy
  • Cookies
  • DPA
  • Sub-processors
  • Acceptable use
  • Refunds & cancellation
  • Legal notice
  • Security

© 2026 UAB APP FOREST. All rights reserved.

A Lithuanian company (in formation) · Built in the EU · No third-party tracking.