Privacy Policy

Last updated: 30 March 2026

1. About This Policy

This Privacy Policy explains how Hivelight Pty Ltd (ABN 40 645 064 900) ("we", "us", "Hivelight") collects, uses, and protects your information when you use the tasksyncr platform ("Service"). We are committed to complying with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

2. Information We Collect

Account information — When you create an account, we collect your name, email address, and organisation name. If you sign in via Microsoft 365, we receive basic profile information from your identity provider.

Workspace data — The Service processes task titles, event details, workflow definitions, project names, and assignment metadata as part of its orchestration function. We do not collect or store the content of your files, emails, or documents.

Usage data — We collect server-side analytics including pages visited, features used, and workflow execution logs. We do not use third-party tracking cookies or advertising pixels.

3. How We Use Your Information

• Service provision — To sync tasks, events, and workflows between your connected platforms.
• Account management — To authenticate you, manage your subscription, and process payments via Stripe.
• Transactional communications — To send confirmations, security alerts, and service notifications.
• Product updates — To inform you of new features and changes, with your consent. You can opt out at any time.
• Aggregated analytics — To improve the Service using anonymised, non-identifiable data.

4. Data Storage and Security

Your data is stored on Supabase (hosted on AWS ap-southeast-2, Sydney, Australia). We use:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Row-level security to isolate organisation data
• Role-based access controls within the application

Access tokens for connected platforms (e.g. Microsoft 365) are stored encrypted and are only used to perform actions you have authorised.

5. Data Sharing

We never sell, rent, or trade your personal information. We share data only with the following service providers, solely to operate the Service:

• Supabase — Database and authentication hosting
• Cloudflare — Website and application hosting, CDN, and DDoS protection
• Stripe — Payment processing
• Microsoft Graph API — To sync tasks, events, and files to your Microsoft 365 tenant (using permissions you grant)

We may disclose information if required by law, regulation, or valid legal process.

6. Connected Platform Data

When you connect Microsoft 365 or other platforms, the Service reads and writes data on your behalf using the permissions your organisation administrator has granted. This data passes through our servers to perform sync operations but is not retained beyond what is necessary for the Service to function. You can revoke platform access at any time from your organisation's settings.

7. Cookies

We use essential cookies only — for authentication and session management. We do not use third-party analytics cookies, advertising cookies, or tracking pixels.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access your personal information we hold.
• Correct inaccurate or outdated information.
• Request deletion of your personal data.
• Export your data in a portable format.

To exercise any of these rights, contact us at privacy@tasksyncr.com.

9. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is available in read-only mode for 90 days, after which it is permanently deleted. Anonymised, aggregated data may be retained indefinitely for analytics purposes.

10. Policy Changes

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days in advance. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, contact us at privacy@tasksyncr.com.