Privacy Policy

Last updated: April 2026

1. Who We Are

Taskra ("we", "us", "our") is an AI-powered customer support platform for ecommerce sellers. Our registered address is in the United Kingdom. You can contact us at hello@taskra.ai.

2. What Data We Collect

From merchants (store owners):

  • Account information: name, email address, password (hashed)
  • Store information: Shopify store domain, product data, store policies
  • Training data: brand voice, custom FAQs you provide
  • Billing information: processed via Stripe — we never store card details
  • Usage data: number of AI replies used, messages processed

From customers of your store (end users):

  • Customer name and email address (from inbound messages)
  • Message content (the text of customer support enquiries)
  • Channel information (whether the message came via email, chat, etc.)

We do NOT collect:

  • Payment card details (handled by Stripe/Shopify)
  • Passwords in plain text
  • Sensitive personal data (health, financial, biometric)

3. How We Use Your Data

  • To provide the service: AI reply generation, inbox management, store sync
  • To communicate with you: Onboarding emails, billing reminders, service updates
  • To improve the service: Aggregated, anonymised usage analytics
  • To comply with legal obligations: GDPR requests, fraud prevention

Customer messages are processed by Anthropic (Claude AI) to generate support replies. We do not use your store's customer data to train Anthropic's models.

4. Legal Basis (GDPR)

  • Contract: Processing necessary to provide the service you signed up for
  • Legitimate interests: Security, fraud prevention, service improvement
  • Consent: Marketing communications (you can unsubscribe at any time)
  • Legal obligation: GDPR data subject requests, tax records

5. Data Sharing

We share data with the following third-party processors:

  • Anthropic — AI reply generation
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Shopify — Store integration (OAuth, product data, webhooks)

We do not sell your data to any third parties. We do not share data for advertising purposes.

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of deletion request.
  • Customer messages: Retained for 12 months, then automatically deleted.
  • AI replies: Retained for 12 months alongside message records.
  • Billing records: Retained for 7 years as required by UK tax law.

7. Your Rights

Under UK GDPR and GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, email us at privacy@taskra.ai. We will respond within 30 days.

8. Cookies

Taskra uses a minimal session cookie to keep you logged in. We do not use advertising cookies or third-party tracking.

9. Security

AES-256-GCM encryption for stored access tokens, bcrypt hashing for passwords, HTTPS/TLS for data in transit, HMAC signature verification for webhooks.

10. Contact

For privacy-related questions: