Privacy Policy

Close

Privacy Policy

Last updated: February 20, 2026

TaskScape is an Old School Runescape goal-tracking app. It is an independent fan project and is not affiliated with Jagex Ltd.

1. Who We Are

TaskScape is the data controller for personal data processed through this app.

  • Contact: support@taskscaping.com

2. Data We Process

Direct personal identifiers are intentionally minimized. In normal operation, the primary direct identifiers we store are:

  • Session-related IP address metadata (for account/session security)
  • Email address when you use email/password sign-in, so we can authenticate your account and send password reset emails when needed.

For social login, app-facing identity values are pseudonymous hashed identifiers rather than raw social profile identity fields.

2.1 Authentication data

If you use email and password sign-in, we process:

  • Email address
  • Password hash (not plaintext password)
  • Email verification and password-reset records needed for account security

If you use Google or Discord sign-in, we are configured to minimize profile data in app-facing user fields:

  • App-facing user identifiers are generated as pseudonymous HMAC digests derived from provider subject IDs
  • We do not intentionally store raw social profile email/name/image in app-facing user fields
  • Authentication linkage metadata required by the auth system may still be stored to maintain sign-in/account linking

2.2 Session security data

For signed-in sessions, authentication/session records may include:

  • Session token metadata
  • IP address
  • User agent

Why we keep IP address with sessions:

  • Detect suspicious sign-ins and possible account compromise
  • Investigate abuse and repeated unauthorized access attempts
  • Support session security controls (for example anomaly and fraud checks)

2.3 App data you create

When you use TaskScape, we process:

  • Character/profile data (for example player name and account type)
  • Goal data (type, targets, wishlist entries, progress, status)
  • App state (active profile, cached hiscores, selected theme)

2.4 Support data

If you use support tools, we process:

  • A short-lived signed support code linked to your internal account ID and expiry

Support codes are designed so you can request account support without sharing character names or email in the support conversation.

2.5 Technical and diagnostics data

We may process operational data such as:

  • Request/network metadata
  • Error and diagnostic logs
  • Product/performance telemetry (for example Vercel Analytics / Vercel Speed Insights)

3. How We Use Data

We use data to:

  1. Authenticate users and secure accounts/sessions.
  2. Provide app functionality (profiles, goals, sync, preferences).
  3. Prevent abuse, detect suspicious activity, and protect service integrity.
  4. Deliver account support (including support-code verification).
  5. Operate, troubleshoot, and improve reliability/performance.
  6. Comply with legal obligations.

4. Storage and Infrastructure

  • Auth and app state are stored in PostgreSQL-backed storage.
  • Limited browser storage may be used for UX state (for example reducing duplicate sync toast behavior).

5. Sharing

We share data only where needed to operate TaskScape:

Recipient / CategoryPurposeTypical Data
Google / Discord (optional)Social sign-inProvider auth/account metadata
Email delivery provider (optional)Verification/reset emailsEmail address, auth email content
Database/hosting/infrastructure providersCore service deliveryAccount/session/app state and diagnostics
Analytics/performance providersReliability and product telemetryPseudonymous technical/event metrics

We do not sell personal data.

6. Retention

We keep data only as long as needed for service delivery, security, and legal obligations.

  • Account/app data: retained while account is active unless deleted.
  • Session data: retained according to session/auth lifecycle settings.
  • Support codes: short-lived and expire automatically.
  • Logs/diagnostics: retained for limited operational and security windows.

You can use in-app deletion controls to remove account and app data.

8. International Transfers

Some service providers may process data outside your country. Where applicable, we rely on appropriate transfer safeguards required by law.

9. Security Measures

We use technical/organisational measures including:

  • Password hashing for email/password auth
  • Encrypted transport (HTTPS)
  • Encrypted OAuth token storage in auth configuration
  • Pseudonymisation for app-facing social identity fields
  • Access controls and audit/troubleshooting procedures

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or request portability of your personal data.

To exercise rights: support@taskscaping.com

UK users can also complain to the ICO: https://ico.org.uk/make-a-complaint/

11. Children

TaskScape is not directed to children under 13.

12. Changes

We may update this policy from time to time. The latest version is published at this page.