Back to Home

Privacy Policy

Effective Date: Dec 27, 2025

Last Updated: Jan 6, 2026

At EffortList AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our task management platform. Because our Service utilizes artificial intelligence and processes your documents and task data, we believe in complete transparency about where your data goes and how it's used.

1. Introduction

EffortList AI ("we," "us," "our," or "Company") operates a productivity and task management platform that uses artificial intelligence to help you organize your life. This Privacy Policy applies to all users of the EffortList AI web application and related services (the "Service").

By using EffortList AI, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address
  • Password (encrypted and managed by Firebase Authentication—we never see or store your actual password)
  • Display name or profile information (if provided)
  • Display name or profile information (if provided)

User Content:

  • Tasks, to-dos, and subtasks you create
  • Folder names and organizational structures
  • Task descriptions, titles, and notes
  • Due dates, times, and recurrence patterns
  • Links and attachments associated with tasks
  • Custom preferences and settings

Uploaded Documents:

  • PDF files, DOCX documents, spreadsheets, and text files you upload for AI processing
  • Extracted text content from these documents

AI Interactions:

  • Natural language prompts and questions you send to the Omni AI assistant
  • Conversation history with the AI

2.2 Information Collected Automatically

Usage Data:

  • Pages visited and features used within the Service
  • Time spent on different sections of the application
  • Actions performed (creating tasks, editing folders, etc.)
  • Device information (browser type, operating system, device identifiers)
  • IP address and approximate geographic location

Technical Data:

  • Log files and error reports
  • Performance metrics and analytics
  • Session data and authentication tokens

2.3 Information from Third Parties

We may receive information about you from third-party services:

  • Google Firebase: Authentication and database services
  • OAuth Providers: If you use social login features (e.g., "Sign in with Google")

3. How We Use Your Information

We use your information for the following purposes:

3.1 Core Service Functionality

  • Provide and maintain the Service: Store, sync, and display your tasks across devices
  • Authentication and security: Verify your identity and protect your account
  • AI-Powered features: Process your data through artificial intelligence to provide intelligent task management, suggestions, and document analysis
  • Scheduling and notifications: Calculate due dates, manage recurring tasks, and send reminders
  • Data synchronization: Enable real-time updates across your devices

3.2 Service Improvement and Analytics

  • Analyze usage patterns to improve features and user experience
  • Identify and fix bugs, errors, and performance issues
  • Develop new features and optimize existing functionality
  • Conduct internal research and analytics (using aggregated, anonymized data)

3.3 Communication

  • Send service-related notifications (account changes, subscription updates)
  • Respond to your support requests and inquiries
  • Send important updates about the Service or changes to our policies
  • Provide promotional communications (only with your consent, and you can opt out anytime)

3.4 Legal and Security

  • Comply with legal obligations and respond to legal requests
  • Enforce our Terms of Use and detect violations
  • Protect against fraud, abuse, and security threats
  • Defend our legal rights and interests

4. Artificial Intelligence & Data Processing (CRITICAL SECTION)

4.1 How AI Processes Your Data

This is the most important section to understand. When you use AI-powered features, your data leaves our primary database and is transmitted to third-party AI services for processing.

What happens to your data:

  1. Data Transmission: When you interact with the Omni AI assistant or upload documents for analysis, your task descriptions, document contents, and natural language prompts are transmitted securely to Google's Vertex AI and Gemini API for processing.

  2. Processing Purpose: Google's AI models analyze your data to:

    • Understand your natural language requests
    • Generate intelligent task suggestions and organization recommendations
    • Extract action items and deadlines from uploaded documents
    • Provide conversational assistance and answer questions about your tasks

  3. Temporary Processing: Your data is processed in real-time to generate responses and is not permanently stored in Google's AI systems beyond the processing session (in accordance with Google Cloud's enterprise API terms).

4.2 AI Training and Model Improvement

Your data is NOT used to train AI models:

  • We do not use your personal data to train our own proprietary AI models
  • Google does not use your data to train their public AI models when using enterprise API tiers (which we use for production)
  • Your tasks, documents, and conversations remain private and are not used to improve general AI capabilities accessible to other users

4.3 AI Processing is Opt-In

AI-powered features are triggered by your interactions (e.g., using the chat or uploading a document). If you do not interact with these features, your data is not transmitted to AI services.

4.4 AI Limitations and User Responsibility

As stated in our Terms of Use, AI-generated content may be inaccurate, incomplete, or inappropriate. You are responsible for reviewing and verifying all AI outputs. We are not responsible for decisions you make based on AI suggestions.

5. Document Upload Processing and Retention

5.1 How Document Uploads Work

When you upload a document (PDF, DOCX, Excel, text file) for AI analysis:

  1. Upload: The file is temporarily uploaded to our secure servers
  2. Text Extraction: We use libraries like mammoth and other parsers to extract text content from the document
  3. AI Processing: The extracted text is sent to Google's Vertex AI for analysis to identify tasks, deadlines, and action items
  4. Result Integration: AI-identified tasks are added to your task list (subject to your approval)

5.2 Document Storage and Deletion

We do NOT store your document files at all.

  • Original binary files (PDFs, DOCX, etc.) are processed immediately and never stored
  • Extracted text content is only used within the AI chat session for context and analysis
  • Once the chat session ends, extracted text is not retained
  • We do not save uploaded documents to any storage system (Firebase Storage, cloud storage, or otherwise)

This approach maximizes privacy protection—your documents are processed transiently and leave no permanent trace in our systems.

6. Third-Party Service Providers and Sub-Processors

Your data flows through several trusted third-party services. We carefully select partners that maintain high security and privacy standards.

6.1 Data Storage and Infrastructure

Google Firebase (Cloud Firestore & Firebase Authentication)

  • Purpose: Primary database for storing tasks, folders, to-dos, and user authentication
  • Data Processed: All user content, account information, authentication tokens
  • Location: Google Cloud data centers (region-specific)
  • Privacy Policy: https://firebase.google.com/support/privacy

6.2 Artificial Intelligence Processing

Google Cloud Vertex AI / Gemini API

  • Purpose: Natural language processing, task generation, document analysis
  • Data Processed: Task descriptions, user prompts, uploaded document text
  • Usage: Real-time processing only; data not used for model training
  • Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice

6.3 Hosting and Delivery

Vercel

6.5 Calendar Integration

Google Calendar API

  • Purpose: Synchronize tasks with Google Calendar events (optional feature)
  • Data Processed: Calendar event details, times, descriptions (one-time import)
  • Data Access: Read-only access to your Google Calendar (triggered manually by you)
  • Limited Use Compliance: See Section 18 for Google API Services User Data Policy compliance
  • Privacy Policy: https://policies.google.com/privacy

6.6 Analytics and Performance Monitoring (If Applicable)

If we use analytics tools (Google Analytics, Sentry, etc.), we will list them here and explain what data they collect.

7. Data Security

7.1 Security Measures

We implement industry-standard security practices to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Encryption at Rest: Data stored in Firebase Cloud Firestore is encrypted at rest
  • Authentication Security: Firebase Authentication uses secure token-based systems
  • Access Controls: Strict database security rules ensure users can only access their own data
  • Firebase App Check: We use Firebase App Check with Google reCAPTCHA v3 to protect our backend services from abuse and ensure requests originate from legitimate app instances
  • Regular Security Audits: We monitor for vulnerabilities and apply security patches promptly

7.2 Google reCAPTCHA

This site is protected by Google reCAPTCHA v3 to prevent bot abuse and protect our services. By using EffortList AI, you acknowledge that:

  • reCAPTCHA is subject to the Google Privacy Policy and Terms of Service
  • reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis
  • This data is used to verify that you are a human user and to improve reCAPTCHA and general security

7.3 Security Limitations

No system is 100% secure. Despite our best efforts:

  • We cannot guarantee absolute security against all potential threats
  • You are responsible for keeping your account credentials confidential
  • You should use a strong, unique password and enable two-factor authentication if available

7.4 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify you via email within 72 hours of discovering the breach
  • Provide details about what data was affected
  • Explain steps we're taking to address the breach
  • Recommend actions you can take to protect yourself

8. Data Retention and Deletion

8.1 How Long We Keep Your Data

Active Accounts:

  • Your data is retained for as long as your account remains active
  • Tasks, folders, and to-dos are stored indefinitely unless you delete them

Deleted Accounts:

  • When you delete your account, we begin the deletion process immediately
  • Your data is fully deleted from production systems within 90 days
  • Backups containing your data may persist for up to 90 additional days for disaster recovery purposes

Legal Holds:

  • We may retain data longer if required by law, regulation, or legal process
  • Data subject to ongoing investigations or disputes may be preserved as necessary

8.2 Your Right to Delete Data

You have the right to delete your data at any time:

  • Individual Items: Delete specific tasks, folders, or to-dos through the interface
  • Entire Account: Delete your account and all associated data through account settings
  • Contact Us: If you encounter issues deleting data, contact us at support@effortlist.io

9. Your Data Rights and Choices

9.1 Access and Portability

You own your data.

  • Access: View all your data at any time through the Service interface
  • Export: Use our built-in export feature to download your entire task history, project structure, and folders in JSON format
  • Portability: Export your data in machine-readable formats to transfer to other services

9.2 Correction and Update

  • You can edit, correct, or update your tasks, folders, and account information at any time
  • Changes are synchronized in real-time across all your devices

9.3 Deletion

  • Delete individual tasks, to-dos, folders, or your entire account
  • See Section 8 for retention timelines

9.4 Marketing Communications

  • You can opt out of promotional emails by clicking "Unsubscribe" in any marketing email
  • You cannot opt out of service-related communications (e.g., security alerts, billing notifications)

9.5 AI Processing Opt-Out

  • AI features are optional and triggered by user interaction
  • You can avoid AI processing by not using the AI assistant features

10. International Data Transfers

EffortList AI is based in Dallas, Texas, United States. If you access the Service from outside the United States:

  • Your data will be transferred to and processed in the United States
  • The United States may have different data protection laws than your country
  • By using the Service, you consent to the transfer of your data to the United States
  • We rely on third-party services (Google Cloud, Firebase) that may process data in multiple regions globally

For users in the European Economic Area (EEA) or United Kingdom:

  • We comply with applicable data protection laws (GDPR)
  • Google Cloud uses Standard Contractual Clauses (SCCs) for international data transfers
  • You have additional rights under GDPR (see Section 11)

11. Your Rights Under Privacy Laws

Depending on your location, you may have additional privacy rights:

11.1 GDPR Rights (EU/EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have the right to:

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time
  • Lodge a Complaint: File a complaint with your local data protection authority

11.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know: Request disclosure of personal information we collect, use, and share
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
  • Non-Discrimination: Not receive discriminatory treatment for exercising your rights

11.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: support@effortlist.io
  • Subject Line: "Privacy Rights Request"
  • Include: Your name, email address, and specific request

We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days).

12. Children's Privacy

12.1 Age Requirements

EffortList AI is available to users 13 years of age and older. We do not knowingly collect personal information from children under 13 without parental consent.

12.2 Parental Consent for Users 13-17

Users between 13 and 17 years old may use the Service only with parental or guardian consent. Parents are responsible for:

  • Supervising their child's use of the Service
  • Reviewing this Privacy Policy and our Terms of Use
  • Understanding that their child may upload personal information and documents

12.3 If We Discover Underage Users

If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us immediately at support@effortlist.io.

13. Cookies and Tracking Technologies

13.1 What We Use

We use cookies and similar tracking technologies to:

  • Maintain your login session (authentication cookies)
  • Remember your preferences and settings
  • Analyze usage patterns and improve the Service
  • Enable security features and prevent fraud

13.2 Types of Cookies

Essential Cookies:

  • Required for authentication and core functionality
  • Cannot be disabled without breaking the Service

Analytics Cookies:

  • Help us understand how users interact with the Service
  • Used for performance monitoring and improvement
  • You can opt out through your browser settings

13.3 Managing Cookies

You can control cookies through your browser settings:

  • Block All Cookies: Note that this may prevent the Service from functioning properly
  • Delete Cookies: Clear cookies at any time through browser settings
  • Third-Party Cookies: Manage third-party cookies separately

14. Do Not Track Signals

Some browsers include "Do Not Track" (DNT) signals. Because there is no industry consensus on how to respond to DNT signals, our Service does not currently respond to DNT browser settings.

15. Changes to This Privacy Policy

15.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

  • Changes to our data practices
  • New features or services
  • Legal or regulatory requirements
  • Security improvements

15.2 Notification of Changes

When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this document
  • Send you an email notification at your registered email address
  • Display a prominent notice within the Service
  • Provide at least 30 days' notice before material changes take effect

15.3 Continued Use

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may delete your account.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EffortList AI
Email: support@effortlist.io Subject Line for Privacy Requests: "Privacy Inquiry - EffortList AI"

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

17. Data Processing Summary (Quick Reference)

For transparency, here's a quick summary of how your data flows through our system:

Data TypeWhere It's StoredWho Processes ItWhy
Account Info (email, password)Firebase AuthenticationGoogle FirebaseLogin and security
Tasks, Folders, To-dosCloud FirestoreGoogle FirebaseCore functionality and sync
AI Prompts & ResponsesTemporary processing onlyGoogle Vertex AIIntelligence features
Uploaded DocumentsNOT STORED - Session onlyGoogle Vertex AIDocument analysis within chat
Google Calendar DataOne-time import (not cached)Google Calendar APICalendar import (optional feature)
Application LogsServer logs (temporary)VercelPerformance and debugging

18. Google API Services User Data Policy

18.1 Limited Use Disclosure

This section is required by Google for any application that accesses Google user data.

EffortList AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Limited Use: We only use data obtained from your Google Calendar to allow you to import events as tasks into EffortList AI.
  • One-Time Transfer: Data is transferred only when you explicitly initiate an import. We do not maintain a continuous background connection.
  • No Advertising: We do not use information from your Google Calendar for serving advertisements.
  • No AI Training: We do not use your Google Calendar data to train generalized AI models or share it with third parties for AI training purposes.
  • Human Review: We do not allow humans to read your Google Calendar data except:
    • When necessary to address security issues, bugs, or compliance requirements
    • With your explicit permission for support purposes
    • As required by law

18.2 What We Access from Google Calendar

When you authorize Google Calendar integration, we may access:

  • Calendar event titles, descriptions, and details
  • Event start and end times
  • Event attendees and locations
  • Recurring event patterns
  • Reminders and notifications

18.3 How We Use Google Calendar Data

We use your Google Calendar data solely to:

  • Display calendar events within the EffortList AI import interface
  • Create and update tasks from calendar events (Smart Sync)
  • Respect your local modifications by preventing overwrites of data you have customized within the Service
  • Provide intelligent scheduling suggestions based on your availability
  • Create calendar events from tasks at your direction
  • Detect scheduling conflicts and suggest optimal task timing

18.4 Data Retention for Google Calendar Integration

  • Permanent Storage of Imported Items: Events you select to import are converted into tasks/to-dos and stored permanently in our database, just like any other task you create.
  • No Implicit Deletion: Because this data serves as part of your task history, we do not automatically delete it. You must manually delete folders, tasks, or to-dos if you wish to remove them.
  • No Caching: We do not maintain a separate "cache" of your calendar. Data is either imported as a task or discarded after the selection screen is closed.

18.5 Revoking Google Calendar Access

You can revoke EffortList AI's access to your Google Calendar at any time:

  1. Visit your Google Account permissions page: https://myaccount.google.com/permissions
  2. Find "EffortList AI" in your connected apps list
  3. Click "Remove Access"

Alternatively, you can disconnect the integration through your EffortList AI account settings.

BY USING EFFORTLIST AI, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS DESCRIBED HEREIN.

End of Privacy Policy