TaskAI
TaskAI

Privacy & Security

How TASKAI protects your data and keeps you safe

Our Commitment

TASKAI is built with privacy and security as core principles. We collect only the minimum data necessary to operate the service and never sell user information.

Data We Collect

Account Data

  • Telegram user ID (for account identification)
  • Username (optional, for support)
  • Timezone preference (if set)

Usage Data

  • Commands executed (for rate limiting and analytics)
  • Wallet address (if connected, read-only)
  • Scan history (for your reference, 30-day retention)

What We Don't Collect

  • Private keys or seed phrases
  • Transaction data beyond public blockchain info
  • Personal messages or chat content
  • IP addresses (Telegram handles this)

Wallet Security

Read-Only Access

When you connect your wallet, TASKAI only reads your token balance to verify your tier. We never request signing permissions or custody of funds.

No Private Keys

TASKAI never asks for or stores private keys, seed phrases, or signing capabilities. If anyone asks for these, it's a scam.

Secure Connection

Wallet connections use industry-standard protocols (Solana Wallet Adapter). The connection is verified client-side before any data is shared.

Data Storage

  • All data is encrypted at rest and in transit
  • Scan history and logs are automatically purged after 30 days
  • You can delete your data anytime with /delete account

Third-Party Services

TASKAI integrates with:

  • Solana RPC nodes (public blockchain data)
  • Twitter API (public tweet data for CT-Pulse)
  • Telegram (message delivery)

We do not share your personal data with these services beyond what's necessary for functionality.

Webhooks & API

If you use webhooks or API access (Pro tier):

  • Webhook URLs are encrypted and not logged
  • API keys are hashed and can be revoked instantly
  • Rate limits prevent abuse

Reporting Security Issues

If you discover a security vulnerability, please email:

security@taskai.xyz

We offer bounties for responsible disclosure. Do not share vulnerabilities publicly until we've addressed them.

Best Practices

  1. Never share your private keys with anyone, including TASKAI support
  2. Enable 2FA on Telegram to protect your account
  3. Verify bot username: Always use @TASKAI_bot (check for exact match)
  4. Be wary of impersonators: We'll never DM you first asking for funds or keys
  5. Keep your wallet software updated

Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access your data (/export)
  • Delete your data (/delete account)
  • Opt out of analytics (/settings privacy)
  • Request data portability (contact support)

Questions?

Read our full Privacy Policy or contact privacy@taskai.xyz