Privacy Policy
TaskTrack — Task Management Mobile Application
At ANV Tech Private Limited (referred to as "TaskTrack," "We," "Our," "Us"), we prioritize your privacy and are committed to ensuring you have complete transparency and control over the data you share with us. By accessing and using the TaskTrack mobile application (App), you agree to the collection, use, and processing of your data as described in this Privacy Policy.
This Privacy Policy applies to all users of the TaskTrack App — including Administrators, Heads of Department (HODs), and Employees. "User," "You," "Your," and "Yourself" refer to anyone who accesses, uses, or registers on the App.
TaskTrack is committed to complying with all applicable laws and regulations, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and other relevant regulations governing the collection, processing, storage, and transfer of your personal data.
1. About Us
TaskTrack is a secure, real-time task management mobile application developed and maintained by ANV Tech Private Limited. The platform is powered by NestJS, GraphQL (Apollo Server), and MongoDB, providing enterprise-grade security and real-time task lifecycle management for organizations of all sizes.
608, Central Business Hub, ParlePoint, Surat – 395007, Gujarat, India
Email: helpdesk@anvtech.co
2. Data We Collect and Its Purpose
We collect certain data from you to provide, operate, and improve our services. Data may be directly provided by you during registration and use, or automatically collected as you interact with the App. The categories of data we collect include:
Account & Identity Information
When you register or log in, we collect your name, email address, and password (stored as a secure hash) to facilitate account creation, authentication, and access management. Your email is also used for OTP-based email verification and password reset communications.
Role & Department Data
We collect and store your assigned role (Admin, HOD, or Employee) and department affiliation. This information is used to enforce role-based access controls and organizational hierarchy within the App.
Task & Activity Data
We collect data related to tasks, subtasks, follow-ups, task updates (journal entries), bookmarks, and status changes that you create or interact with within the App. This data is used exclusively to provide the task management functionality of the platform.
Device & Push Notification Tokens
We collect your device's Firebase Cloud Messaging (FCM) push token to deliver real-time task notifications, deadline alerts, and escalation updates directly to your device. These tokens are tied to your user account and updated as needed.
Usage & Analytics Information
We may collect information about how you interact with the App, including session data, feature usage patterns, and performance metrics, to improve the App's functionality and user experience.
Audit Log Data
For security and compliance purposes, the platform maintains audit logs of significant system and task-related events associated with your account. These logs are retained for up to two (2) years as required for security compliance purposes.
3. How We Use Your Data
We collect and use your data for the following purposes:
- To register your account, authenticate your identity, and maintain secure access via JWT-based tokens.
- To provide the core task management functionality including task creation, assignment, tracking, subtask management, and status updates.
- To enforce role-based access controls (Admin, HOD, Employee) across all features and data within the App.
- To deliver real-time push notifications via Firebase Cloud Messaging for task events, deadlines, and escalation alerts.
- To send transactional emails, including email OTP verification and password reset links, via our mail dispatcher service.
- To run automated background operations such as task escalations, follow-up alerts, and scheduled data archival.
- To maintain audit logs for security monitoring and compliance purposes.
- To analyze and improve the App's functionality and user experience.
- To prevent fraud, abuse, and unauthorized access to the platform.
We do not use your data for any purpose other than those specified in this Privacy Policy or as expressly agreed upon by you.
4. Data Sharing
We do not sell, rent, or trade your personal data to any third party. Data sharing is limited to the following scenarios:
Internal Organizational Sharing
Within the Application, your task data, profile information, and activity are visible to other users within your organization according to the role-based access control settings (e.g., HODs can view tasks of their department members; Admins have broader visibility).
Third-Party Service Providers
We engage trusted third-party providers to operate the App, including cloud hosting and infrastructure providers, email delivery services (Nodemailer / ZeptoMail), and push notification services (Firebase Cloud Messaging). These providers are contractually bound to handle your data securely and only for the purposes necessary to deliver our services.
Webhook Recipients
If your organization has configured webhooks within the platform, certain system events may be forwarded to the configured external endpoints. Webhook configuration is controlled exclusively by Administrators.
Business Transfers
In the event of a merger, acquisition, or sale of assets involving ANV Tech, your data may be transferred as part of the transaction. We will ensure the receiving entity handles your data in accordance with this Privacy Policy.
Legal Obligations
We may disclose your information if required by applicable law, a court order, government authority, or to protect the rights, property, or safety of TaskTrack, its users, or the public.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law. Specific retention periods include:
- Account Data: Retained for the duration of your active account. Upon account deletion, personal data is removed within a reasonable period, subject to legal obligations.
- Audit Logs: Retained for up to two (2) years for security and compliance purposes (enforced via MongoDB TTL index).
- Password Reset Tokens: Automatically expired and deleted after one (1) hour (enforced via MongoDB TTL index).
- Task & Activity Data: Retained as long as your organization's account remains active or as agreed upon with your organization.
You may request deletion of your personal data by contacting us at helpdesk@anvtech.co. We will process your request within the bounds of applicable regulations.
6. Privacy Controls & Your Rights
We believe in giving you meaningful control over your data. The following rights and controls are available to you:
- Access Your Data: You can review your profile information and task activity through your user dashboard within the App.
- Update Your Data: You can update your profile information through the App's profile management features.
- Delete Your Data: You may request deletion of your account and associated personal data by contacting us at helpdesk@anvtech.co. Note that certain data (e.g., audit logs) may be retained for the legally required retention period.
- Manage Push Notifications: You can manage push notification preferences through your device's notification settings. Disabling push notifications may affect your ability to receive timely task alerts.
- Password Reset: You may initiate a secure password reset at any time via the App's "Forgot Password" feature, which delivers a reset link to your registered email address.
7. Data Storage & Transfer
All data collected through the TaskTrack application is processed and stored within India. We do not engage in cross-border transfer of personal data outside India unless required by law or explicitly authorized by you. Our data storage infrastructure uses MongoDB as the primary database, with all sensitive fields appropriately secured and encrypted.
8. Data Security
We implement industry-standard security measures to protect your personal data, including:
- JWT Authentication: Access and Refresh tokens issued via Passport.js JWT strategy to secure all API requests.
- Password Hashing: User passwords are never stored in plain text; they are stored using secure cryptographic hashing algorithms.
- Secure Password Reset: Cryptographically secure, time-limited tokens (1-hour TTL) are used for password reset operations.
- Role-Based Access Control (RBAC): Strict server-side enforcement of role permissions via Guards and decorators ensures users can only access data within their authorized scope.
- Email Verification: New accounts require OTP email verification before login is permitted, reducing fraudulent account creation.
- Audit Logging: Comprehensive audit trails of security and task activities are maintained for up to two years to support security investigations.
- Encrypted Transmission: All data transmitted between the App and our servers is secured via HTTPS/TLS encryption.
We continuously monitor our systems for vulnerabilities and strive to implement safeguards against unauthorized access, alteration, or disclosure of your information. However, no method of transmission over the internet or electronic storage is 100% secure.
9. Cookies and Tracking Technologies
The TaskTrack mobile application itself does not use browser cookies. However, our associated web portal may use session-based tokens and similar technologies to maintain your authenticated session. We may use analytics tools to understand aggregate usage patterns; such tools are configured to minimize the collection of personally identifiable information.
10. Children's Privacy
TaskTrack is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with personal data, please contact us at helpdesk@anvtech.co.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by providing a revised version within the App or via email. Your continued use of the App following notification of changes constitutes your acceptance of the updated Privacy Policy.
12. Grievance Redressal
If you have any concerns, complaints, or queries regarding this Privacy Policy or our data practices, please contact our Grievance Redressal Officer:
Name: Parth Mehta
Phone: +91 7433006722
Email: parth.m@anvtech.co
Address: 608, Central Business Hub, Parle Point, Surat – 395007, Gujarat, India
We will respond to your concerns within 30 days of receipt. We are committed to resolving all legitimate privacy complaints in a fair and timely manner.
This Privacy Policy applies exclusively to the TaskTrack mobile application and its associated web portal. It does not apply to any other applications, websites, or services operated by third parties linked from within the App.
By continuing to use the App, you consent to the terms of this Privacy Policy. If you have any questions, concerns, or requests related to your privacy, please contact us at helpdesk@anvtech.co.