← Back to AI Todo

Privacy Policy

Last updated: February 24, 2026

Introduction

AI Todo (“we”, “our”, or “the Service”) is an AI-native task management applicationwe collect, how we use it, and what controls you have.

AI Todo works as a plugin or connector inside AI assistants such as Claude, ChatGPT, Gemini, and other MCP-compatible platforms. The Service is accessed through these AI platforms and through our website at aitodo.ai.

Data We Collect

We collect only the minimum data necessary to provide the task management service:

Account Information

When you sign in with Google, we receive your email address and basic profile information (name and profile picture) from Google OAuth. We use your email as your account identifier.

Task Data

Tasks you create through the Service, including: task title, description, due date, priority level, category, and status. This is the core data you provide to use the Service.

Authentication Tokens

OAuth access tokens and refresh tokens are used to authenticate your requests. These are managed by our authentication provider and are not stored separately by AI Todo.

How We Use Your Data

We use your data exclusively to:

  • Provide the task management service (create, read, update, and delete your tasks)
  • Authenticate you and secure your account
  • Generate task summaries (counts, overdue items, and today's tasks)

We do not use your data for advertising, analytics profiling, or training AI models. We do not sell or share your data with third parties for marketing purposes.

Data Storage & Security

Your data is stored securely in Supabase, a managed PostgreSQL database service. Supabase provides:

  • Encryption at rest and in transit (TLS)
  • Row-level security policies that isolate your data
  • SOC 2 Type II compliance

Authentication is handled via Supabase Auth with Google OAuth 2.0 (PKCE flow). We never see or store your Google password.

Third-Party Services

AI Todo relies on the following third-party services:

  • Supabase — Database hosting, authentication, and row-level security
  • Google OAuth — Sign-in authentication
  • Vercel — Application hosting and serverless functions

When you use AI Todo through an AI platform (Claude, ChatGPT, Gemini), that platform may process your messages according to its own privacy policy. AI Todo only receives the specific tool call parameters (e.g., task title, priority) — not your full conversation.

Your Rights & Controls

You have full control over your data:

  • View — You can view all your tasks at any time through the AI assistant
  • Delete tasks — You can permanently delete any task through the AI assistant
  • Delete account — Contact us at privacy@aitodo.ai to request complete deletion of your account and all associated data
  • Data export — Contact us to request an export of all your data in a machine-readable format
  • Revoke access — You can revoke AI Todo's access through your Google account settings or the AI platform's connector settings at any time

Data Retention

Your task data is retained for as long as your account is active. When you delete a task, it is permanently removed from our database. If you request account deletion, all associated data is permanently deleted within 30 days.

Children's Privacy

AI Todo is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@aitodo.ai.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: privacy@aitodo.ai

Website: aitodo.ai