Last updated: May 3, 2026
Tasks Wiz ("we", "our", or "us") is a personal task management application currently in beta. As a beta product, features may change, and data is not guaranteed to persist across updates or maintenance. This policy explains what data we collect, how we use it, and your rights.
When you sign in with Google, we receive the following from your Google account:
We also store the following data you create within the app:
We do not store your Google profile picture or display name on our servers.
We also collect anonymous technical data via Google Analytics (GA4), including approximate geographic location, browser type, device type, and in-app actions (e.g. task created, task deleted). This data contains no personally identifiable information.
We do not use your data for advertising or sell it to third parties.
We do not sell or rent your personal data. Your tasks and account data are stored securely on AWS (Amazon Web Services) infrastructure and are accessible only to your account. Anonymous usage statistics are shared with Google via Google Analytics (see Analytics section below). When the app encounters a JavaScript error, technical diagnostic data is sent to Sentry for debugging purposes (see Error Reporting section below). No other third-party data sharing occurs.
All data is transmitted over HTTPS. Authentication tokens are stored in session storage and never persisted to disk. Access to your tasks requires a valid login token issued by AWS Cognito.
Tasks Wiz uses Google Analytics (GA4) to collect anonymous usage data including page views, session duration, general geographic region, browser and device type, and in-app actions such as task creation, deletion, and status changes. No personally identifiable information is included in these events. This data helps us understand how the app is used and improve it over time. Google Analytics may use cookies and similar technologies to collect this data. You can opt out via Google's opt-out browser add-on.
Tasks Wiz uses Sentry to capture JavaScript errors that happen in your browser. When an unexpected error occurs, the following technical data is sent to Sentry: the error message and stack trace, the page URL (with any authentication tokens or OAuth codes scrubbed beforehand), browser type and version, operating system, network connectivity diagnostics (online/offline status and, where the browser exposes it, an effective connection type such as "4g" or "3g"), and a sequence of recent in-app actions that led to the error. Sentry does not receive your task content, notes, account identifier, email address, or session tokens. This data is used only to diagnose and fix bugs. Sentry retains error data for up to 90 days.
Tasks Wiz uses cookies only for Google Analytics (see above). Session data required for authentication is stored in browser session storage and is cleared when you close the tab. We do not use advertising or tracking cookies beyond analytics.
Tasks Wiz exposes a public REST API at /* and a Model Context Protocol (MCP) endpoint at /mcp. Both require the same Cognito authentication token your browser uses, so they only ever return your own tasks and activity — there is no cross-user access. The same API also provides the export, granular-erasure, and audit-log capabilities described under "Your Rights" and "Operational Logs". It accesses the same account data and is governed by this same policy.
If you choose to connect a third-party tool (for example a Claude Desktop or Claude Code client) to the MCP endpoint, that tool will be able to read and write your tasks on your behalf. Sending your tasks to such a tool means the contents of those tasks will leave Tasks Wiz's infrastructure and be processed by whichever third party you've connected. Tasks Wiz itself does not send your task content to any AI model or other external system; this only happens if you actively configure an MCP/API client to do so. To revoke access, sign out (which invalidates your token) or delete your account.
MCP clients that authenticate via the standard OAuth flow store a refresh token on your local device (similar to how the website keeps you signed in across browser sessions). The refresh token lets the client renew access without prompting you to sign in again, and is valid for up to 30 days. Treat your AI app's configuration like a password: don't share it, don't commit it to git, and revoke access by changing your Tasks Wiz password if a device is lost or compromised.
Tasks Wiz lets you mark a task with a "delegate to AI" flag and optionally attach source material (an email thread, an article URL, a job description, etc.) in a task_context field. When you then run the agent in your AI client (for example by typing /work-on-my-tasks in Claude Desktop or ChatGPT), that AI client uses our MCP server to read the task description, the task_context, and any prior conversation, and sends those to whichever AI provider you have connected (e.g. Anthropic, OpenAI). The agent's output is written back into a new ai_result field on the task, alongside any URLs it fetched while working.
Tasks Wiz itself does not call any paid AI model for this feature — the inference happens entirely under the AI client and provider you have chosen, under your own Terms of Service with that provider. Tasks Wiz only stores the resulting ai_result, ai_question, and task_context fields alongside the task in our DynamoDB tables. To stop a task from being processed, untoggle the delegate flag in the app at any time; to clear the agent's output, hit Reject on the review panel.
For monitoring, security, and debugging, the API records standard server-side access logs (request ID, HTTP method, path, response status, response latency, and your browser's user-agent string) in AWS CloudWatch. These logs do not contain task content, account identifiers, or authentication tokens, and are automatically deleted after 30 days.
The versioned API additionally keeps a per-user audit log of account-changing requests (create/update/delete of tasks, settings changes). Each entry records the event type, request ID, the source IP address, the user-agent string, and which fields changed — so you (and we, for incident response) can answer "who changed that, and when". Audit entries are scoped to your account, are included in your data export, and are automatically deleted after 90 days (and immediately when you delete your account).
Your tasks and activity logs are retained for as long as your account is active. When you delete your account via the in-app account menu, all associated data is permanently removed immediately. Anonymous Google Analytics data is retained per Google's default retention policy (26 months). Server-side operational logs (see above) are retained for 30 days; the per-user audit log is retained for 90 days; generated data-export files are deleted after 7 days.
Beta notice: As Tasks Wiz is currently in beta, we cannot guarantee uninterrupted data persistence. Data may be lost due to infrastructure changes, resets, or maintenance. We recommend not relying on this app as your sole record for important information.
Tasks Wiz is not directed at children under 13. We do not knowingly collect data from children.
For privacy questions or data deletion requests, contact us at:
This policy may be updated occasionally. Continued use of the app after changes constitutes acceptance of the updated policy.