Taskaroo Privacy Policy

1. INTRODUCTION

Welcome to Taskaroo, Inc. and its corporate affiliates (collectively, "Taskaroo," "we," "our," or "us") a comprehensive marketplace platform including our websites at taskaroo.com and all associated subpages and subdomains, along with our mobile and desktop applications, any related apps, products, downloadable software, applications, or other services that we provide that link to this Policy (collectively, "Products"); and other interactions (e.g., customer service inquiries, events, conferences, etc.) you may have with us (the Websites, Products, and related interactions are collectively referred to herein as the "Services").

Data Controller vs. Data Processor Roles: This Policy applies when Taskaroo acts as the data controller of your information. When Taskaroo collects and processes data about end users of our direct customers ("Customer End Users") on behalf of such customers ("Customer Data"), in connection with the services we provide to customers pursuant to our agreements with such customers (each an "Agreement"), the customer is the "data controller" and Taskaroo is a "data processor." In such circumstances, Taskaroo processes Customer Data under the instructions of the relevant customer, as described in the applicable Agreement. Taskaroo's obligations with respect to Customer Data are defined in such Agreement, and in the event of a conflict between that Agreement and this Policy, the Agreement controls. If you are a Customer End User and you have questions about how Customer Data is collected and processed through the services we provide to the customer, please contact the customer for more information. Please also see the "Notice to Customer End Users" section below for additional information.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform, including our:

• Vendor CRM system and lead management tools

• Roo Pay financial services and payment processing

• Multi-device applications (desktop, iPad, and mobile)

• Business account management and employee access features

• Accounting software integrations and financial management tools

By using Taskaroo, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

Platform Overview

Our platform serves multiple user types:

• Business Owners/Vendors: Contractors and service providers using our CRM, payment, and business management tools

• Business Employees: Staff members with delegated access to business accounts

• Property Owners: Individuals seeking services for properties they own

• Tenants: Renters seeking services for their rental properties (subject to property owner approval where required)

2. INFORMATION WE COLLECT

2.1 Information We Collect from Consumers (Property Owners and Tenants)

We collect information about you that you directly provide to us when you use our consumer services, such as when you:

• Visit our Websites

• Register for a consumer account

• Create a service request

• Fill in forms or download materials

• Correspond with us via phone, email, chat functionality, or in-app messaging

• Subscribe to our mailing lists or newsletters

• Submit photos or videos of property issues requiring service

• Use Services that integrate with your device or apps, subject to permissions

Information We Collect from All Consumers:

• Contact information (first and last name, email address, postal address, telephone number)

• Log-in credentials (username, password, security questions)

• Property addresses and detailed property information

• Property characteristics, maintenance history, and service preferences

• Household information relevant to services requested

• Payment method tokens and transaction metadata (actual credit card and payment details are processed and stored by third-party processors like Stripe, not by Taskaroo)

• Service history and project documentation

• Platform communications: Messages with vendors, customer service interactions, and service-related correspondence

• Photos and videos related to service requests

• In accordance with applicable legal requirements, recordings or transcripts of customer service calls

• Subject to relevant permissions, information from your device features (calendar, address book, photo album)

• Any other information you choose to provide in connection with your use of the Services

Additional Information for Property Owners Only:

• Property ownership verification documents such as HUD/ALTA closing statements, property tax bills, deed copies, or other proof of ownership documents

Additional Information for Tenants Only:

• Rental agreement information or landlord contact details (when required for service authorization)

• Property access information and service preferences

• Note: Tenants do not provide property ownership documents as they do not own the property

If you choose not to provide certain information, we may not be able to provide the Services to you or respond to your requests.

2.2 Information We Collect from Vendors/Service Providers

We collect information about you that you directly provide to us when you use our vendor services, such as when you:

• Visit our Websites

• Register for a vendor account

• Respond to service opportunities

• Fill in forms or download materials

• Correspond with us via phone, email, chat functionality, or in-app messaging

• Subscribe to our business mailing lists or newsletters

• Complete background checks or verification processes

• Use Services that integrate with your device or apps, subject to permissions

• Attend our conferences or events, or interact with us at industry events

Information We Collect from Business Owners/Vendors:

• Contact information (first and last name, email address, postal address, telephone number)

• Log-in credentials (username, password, security questions)

• Business details (company name, business address, business type, DBA names)

• Professional information (licenses, certifications, insurance documentation, bonding information)

• Service areas, specialties, and service capabilities

• Tax identification numbers (for payment processing)

• Performance metrics and ratings

• Background check and verification documentation (where applicable)

• Business insurance and liability documentation

• Platform communications: Messages with consumers, customer service interactions, and business-related correspondence

• In accordance with applicable legal requirements, recordings or transcripts of customer service calls

• Subject to relevant permissions, information from your device features (calendar, address book, photo album)

• Any other information you choose to provide in connection with your use of the Services

Employee Management Information:

• Employee information for staff added to business accounts (names, emails, phone numbers, role access levels)

• Employee activity reports and usage analytics

• Role assignments and permission management

Financial Service Information (RooPay - Vendors Only):

• Taskaroo account balances, transaction histories, and transfer records (we maintain these for your RooPay account)

• Payment method tokens and transaction metadata (actual credit card and banking details are processed and stored by Stripe, not accessible to Taskaroo)

• Business financial transaction data and accounting integration records

• Revenue tracking and expense management records

• Invoicing history and payment collection data

• Accounting software integration data and synchronized records

• Tax information and financial reporting data

Information We Collect from Business Employees:

• Contact information (name, email, phone number)

• Role and access level within the business account

• Job title and responsibilities

• Device and usage information when accessing the platform

• Communication records related to assigned tasks and projects

If you choose not to provide certain information, we may not be able to provide the Services to you or respond to your requests.

2.3 Information We Collect Automatically

When you use our Services, we and our vendors automatically collect certain information about your device and how you use the Services, including:

Technical and Usage Information:

• IP addresses and approximate location derived from it

• Browser type, language, and operating system

• Device identifiers and hardware/software attributes

• Mobile device advertising identifiers

• Referring and exit pages and URLs

• Pages viewed and features used

• Time spent on pages

• Search terms and navigation paths

• Error logs and performance data

• Precise geolocation (only with explicit consent for features like service provider tracking)

• App usage patterns and preferences

• Device-based authentication: Our mobile and desktop applications support your device's built-in biometric authentication features (such as Touch ID, Face ID, or fingerprint sensors) for secure login. Your biometric data is processed entirely by your device's operating system and is never collected, transmitted to, or stored on our servers. We only receive confirmation that authentication was successful or unsuccessful.

To collect this information, we use:

Cookies and Similar Technologies: Small data files stored on your browser and device that help us recognize you, deliver features, understand usage, and improve your experience. You may control cookies through your browser settings, though some functionality may be impacted.

Log Files: Automatically collected server logs that record access times, actions taken, and system events for optimization and security purposes.

SDK and Analytics Tools: Software development kits and analytics services that help us understand app performance and user behavior.

2.4 Information from Third Parties

From time to time, we may collect information about you from other sources, including:

• Our corporate affiliates

• Marketing vendors and data enhancement services

• Public records and databases (for business verification)

• Social media platforms (when you interact with us)

• Industry conferences and events

• Customer references and reviews

• Third-party identity verification services (when applicable)

• Other users who refer you to our Services

• Background check services and credential verification providers

• Credit reporting agencies and financial institutions

• Accounting software providers and financial management platforms

• Social media platforms and professional networks

• Insurance companies and bonding agencies

We use this information to supplement what we collect directly from you, improve our Services, and provide more relevant experiences.

3. HOW WE USE YOUR INFORMATION

3.1 Core Platform Services

Service Delivery and Matching:

• Connecting vendors with appropriate service requests using AI matching algorithms

• Facilitating communication between vendors and property owners/tenants

• Managing job scheduling, routing, and completion tracking

• Providing lead generation and business development tools

• Training and improving our AI matching algorithms using aggregated and anonymized data

Account Management:

• Creating and maintaining user accounts

• Authenticating users and managing access permissions (including support for optional device-based biometric authentication for enhanced security)

• Providing customer support and technical assistance

• Processing account updates and preference changes

3.2 Financial Services

Payment Processing:

• Processing payments through our Roo Pay system

• Managing Taskaroo account balances and transfers

• Issuing and managing credit cards for business accounts

• Facilitating invoicing and payment collection

• Providing accounting and financial reporting tools

Fraud Prevention and Security:

• Monitoring transactions for suspicious activity

• Verifying user identities and preventing unauthorized access

• Conducting know-your-customer (KYC) verification

• Implementing anti-money laundering (AML) compliance measures

3.3 Business Operations

Platform Operations:

• Analyzing usage patterns to enhance user experience

• Developing new features and services

• Conducting research and analytics for business optimization

• Testing and improving platform performance and security

• Automated matching algorithms: We use automated systems to match service requests with appropriate vendors based on location, specialty, availability, and other factors. This automated decision-making helps ensure efficient service delivery but does not involve legal or similarly significant effects that would require human intervention under GDPR.

Legal and Regulatory Compliance:

• Fulfilling legal obligations and regulatory requirements

• Responding to law enforcement requests and legal proceedings

• Maintaining records for audit and compliance purposes

• Implementing data protection and privacy requirements

Communications:

• Sending transactional messages about Services

• Providing service updates and notifications

• Sending marketing communications (with consent where required)

• Delivering relevant content and recommendations

• Conducting surveys and gathering feedback

Health and Safety Information: When property services involve health or safety concerns (such as mold remediation, asbestos removal, or water damage), we may collect information about potential health hazards. This information is used solely for:

• Ensuring proper safety protocols for service providers

• Matching requests with appropriately certified professionals

• Maintaining safety records for liability protection

• Privacy Protection: We do not share specific health-related property conditions with advertising networks or non-essential third parties

Aggregate/De-Identified Information: We may aggregate and/or de-identify information so it cannot be linked to you or your device. We may use such de-identified information for any purpose, including research, analytics, and marketing, and may disclose it to third parties without restriction.

Legal Bases for Processing (GDPR): Where applicable, we rely on the following legal bases for processing your personal information:

• Performance of Contract: Processing necessary to provide our Services and fulfill our agreements with you

• Legitimate Interests: Processing for our legitimate business interests (such as fraud prevention, security, and service improvement) where not overridden by your privacy rights

• Legal Compliance: Processing necessary to comply with legal obligations and regulatory requirements

• Consent: Processing based on your explicit consent (which you may withdraw at any time)

• Vital Interests: Processing necessary to protect someone's life or physical safety (in rare emergency situations)

4. INFORMATION SHARING AND DISCLOSURE

4.1 Within the Platform

Vendor-Consumer Interactions:

• Sharing vendor profiles, credentials, and contact information with property owners and tenants

• Providing consumer contact information and service requests to matched vendors

• Facilitating direct communication between vendors and property owners/tenants

• Sharing service history and reviews between platform users

Business Account Sharing:

• Sharing information among employees within business accounts based on assigned access levels

• Providing business owners with employee activity reports and usage analytics

• Enabling collaboration tools and shared project management

4.2 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

Financial Services Partners:

• Payment processors and credit card companies

• Banking partners and financial institutions

• Credit reporting agencies and fraud prevention services

• Accounting software providers and financial management platforms

Business Services:

• Background check and credential verification services

• Insurance and bonding verification providers

• Customer support and communication services

• Cloud hosting and data storage providers

Analytics and Marketing:

• Analytics providers for usage tracking and optimization

• Marketing platforms for advertising and communication

• Survey and feedback collection services

4.3 Legal Requirements and Public Safety

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal process, court orders, or government requests

• Enforce our Terms of Service and other agreements

• Protect the rights, property, or safety of Taskaroo, our users, or others

• Prevent fraud, security breaches, or other harmful activities

• Emergency Situations: Prevent imminent physical harm when users report safety hazards through our platform (gas leaks, electrical dangers, structural hazards)

• National Security: Respond to national security requests where legally required

4.4 Government and Law Enforcement Requests

Legal Compliance:

• We carefully review all government requests for user information to ensure they meet legal requirements

• We provide only the minimum information necessary to comply with valid legal requests

• We maintain detailed logs of all government data disclosures as required by law

• We will notify affected users of government data requests when legally permitted to do so

4.5 Research and Development

Permitted Research Uses (with appropriate anonymization and aggregation):

• Platform optimization and user experience improvement

• Security and fraud prevention algorithm development

• Service matching algorithm enhancement

• Industry trend analysis for marketplace insights

4.6 Affiliates and Corporate Family

Taskaroo Corporate Family:

• We may share information with Taskaroo, Inc. subsidiaries and affiliates

• All entities follow privacy practices at least as protective as this Policy

• Shared information is used only for the purposes described in this Policy

4.7 Vendor Data Responsibility

Third-Party Service Provider Oversight:

• All service providers with access to personal data must sign comprehensive data processing agreements

• Contractual requirements for data breach notification and incident response

• Right to audit and inspect service provider data handling practices

Data Processing Standards:

• All third parties must implement privacy and security measures equivalent to our own standards

• Prohibition on service providers using your data for their own purposes beyond providing services to Taskaroo

• Requirements for data minimization, purpose limitation, and secure data destruction

• Regular certification and compliance verification for critical service providers

4.8 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy:

• Your information may be transferred to the acquiring entity

• The acquiring entity will be bound by the privacy protections outlined in this Policy

• We will provide advance notice to affected users of any business transfer

• Users will have the right to delete their data before any transfer if they object to the new ownership

• The acquiring entity must demonstrate equivalent privacy and security protections

Important Limitations on Data Sharing:

• Sensitive Health Information: We do not share information about health-related property conditions (mold, asbestos, water damage) with advertising networks or marketing partners

• Financial Account Details: Credit card numbers and banking information are processed by certified third parties (RooPay/Stripe) and not stored directly by Taskaroo

• Device Biometric Authentication: We do not collect, store, or share biometric data. Authentication is handled entirely by your device's operating system

• Property Ownership Documents: Shared only as necessary for service delivery and verification, not for marketing purposes

5. DATA STORAGE AND SECURITY

5.1 Security Measures

Technical Safeguards:

• Encryption of data in transit (TLS) and at restMulti-factor authentication for account access

• Secure cloud infrastructure with regular backups;

• Access controls and authentication requirements;

• Regular security assessments and penetration testing;

• Incident response procedures;

• Employee training on data protection.

Administrative Safeguards:

• Role-based access controls limiting employee access to necessary data

• Regular access reviews and permission updates

• Comprehensive audit logs for all data access and modifications

• Secure development and testing environments

• Background checks for all employees with data access

5.2 Incident Response

In the event of a data breach or security incident:

• Immediate Response: Containment and assessment procedures within 24 hours

• User Notification: Notification to affected users within 72 hours where required by law (or sooner when practical)

• Regulatory Reporting: Coordination with law enforcement and regulatory authorities as required

• Remediation: Implementation of additional security measures to prevent future incidents

• Legal Compliance: Full compliance with applicable data breach notification laws in all relevant jurisdictions

However, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

6. FINANCIAL DATA PROTECTION

6.1 Roo Pay System Security (Vendor Services Only)

Important Note: Roo Pay financial services (including Taskaroo accounts, credit cards, and enhanced payment features) are exclusively available to vendors and service providers, not to consumers. RooPay is built on Stripe's infrastructure to provide enterprise-grade financial security.

Account Protection:

• Multi-layered authentication for vendor Taskaroo accounts

• Real-time transaction monitoring and fraud detection

• Secure API connections for all financial transactions through Stripe's certified infrastructure

6.2 Banking and Transfer Security

Payment Processing Infrastructure:

• All sensitive banking information (account numbers, routing numbers) is processed and stored by Stripe, our certified payment processor

• Taskaroo does not directly store or have access to complete banking credentials

• Regular monitoring for unauthorized access attempts

PCI DSS Compliance:

• Stripe maintains PCI DSS Level 1 compliance for all payment card data processing

• Tokenization of sensitive payment information by Stripe

• Taskaroo systems only store non-sensitive transaction metadata and status information

7. BUSINESS ACCOUNT MANAGEMENT

7.1 Owner Responsibilities

Business owners are responsible for:

• Managing employee access permissions and role assignments

• Ensuring employee compliance with platform terms and policies

• Monitoring employee activity and usage within business accounts

• Maintaining accurate employee contact information and access levels

8. YOUR RIGHTS AND CHOICES

8.1 Account Management

Access and Correction:

• Review and update your personal information through your account settings

• Request copies of information we maintain about you

• Correct inaccurate or incomplete information

• Consent Withdrawal: Revoke previously given consent

Account Deletion:

• Delete your account and associated personal information 

• Note: Some information may be retained for legal, regulatory, or legitimate business purposes

• Business accounts: Coordinate with employees and complete outstanding transactions before deletion

8.2 Communication Preferences

Marketing Communications:

• Opt out of promotional emails and marketing communications

• Manage notification preferences for platform updates and announcements

• Control frequency and types of communications received

• Note: Transactional and security-related communications cannot be disabled

Text Messages and Phone Calls:

• SMS Consent: By providing your phone number and creating an account, you consent to receive transactional text messages related to your use of our Services (appointment confirmations, service updates, security alerts). Marketing text messages require separate opt-in consent.

• Phone Communication: We may call you for customer service, account verification, or security purposes. Marketing calls require separate consent.

• Opt-Out Rights: Reply STOP to any text message or contact us to opt out of non-essential phone communications

• TCPA Compliance: We comply with the Telephone Consumer Protection Act and maintain proper consent records for all communications

• Auto-Dialer Disclosure: We may use automated systems to send appointment reminders and service notifications to phone numbers you provide

8.3 Data Portability and Deletion

Data Export:

• Request export of your personal data in machine-readable formats

• Access comprehensive reports of your platform activity and transactions

• Coordinate data transfer for business account migrations

Right to Deletion (Right to be Forgotten):

• Request deletion of your personal information subject to legal and contractual obligations

• Understand retention requirements for financial and business records

• Coordinate deletion with associated business accounts and employee records

8.4 State-Specific Rights

California Residents (CCPA/CPRA):

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide additional rights and require specific disclosures.

Categories of Personal Information Collected, Used, and Disclosed: