Privacy Policy
This Privacy Policy explains how Task Manager (the "Service") and the Task Manager Chrome extension (the "Extension") collect, use, store, and share information.
Overview
Task Manager is available as a web app at https://taskmanager.3gus.click and as a Chrome Extension.
This Privacy Policy is provided for transparency, including for OAuth consent screen requirements. It should be read together with our Terms of Service at https://3gus.click/terms-of-service.html.
Chrome Extension
The Extension provides quick access to your Task Manager account so you can sign in, create tasks, view due tasks, and mark tasks complete.
The Extension requests limited Chrome permissions: storage (to store your Task Manager session token) and tabs (used only to open and close a temporary Google sign-in tab and detect the OAuth redirect during Google sign-in). The Extension has host permissions only for https://api.3gus.click/*.
When you use the Extension, we may process:
- Account identifiers: Email address (if you sign in with email)
- Authentication information: If email/password sign-in is available and you use it, your password is sent to our backend over HTTPS for authentication; it is not stored in the Extension
- User content: Task text and related task fields you create or update
- Local storage: Authentication/session tokens stored in Chrome extension storage to keep you signed in
The Extension does not collect your web browsing history, read arbitrary page content, perform keystroke logging, or collect precise location, health, or financial data.
Voice Notes (Speech-to-Text)
The web app offers an optional voice note feature: you can hold a button to record short voice clips, which are sent to our backend, transcribed into text via a third-party speech-to-text provider (OpenAI Whisper), and saved as task content.
When you use this feature we process:
- Voice/audio: Recorded only while you hold the button (up to 60 seconds). Audio is sent to our backend for transcription and is not stored after processing; only the resulting text is saved as part of your task.
Use of the voice note feature requires microphone access in your browser. You can decline or revoke microphone permission at any time; the rest of the Service works without it.
Google Sign-In (OAuth)
If you choose to sign in with Google, we use Google OAuth 2.0 to authenticate you. We only request basic identity scopes: openid, profile, and email. We do not request access to sensitive or restricted Google data (for example, Gmail or Drive).
As part of Google Sign-In, we may receive and process:
- OAuth authorization code (used to complete sign-in and establish a session)
- Basic Google account information: A unique Google user identifier, email address, and basic profile information (such as display name and profile picture), as provided by Google for the requested scopes
- ID token verification: Our backend exchanges the authorization code to obtain a Google ID token and verifies it with Google to confirm your identity
We do not store Google access tokens or refresh tokens. We store only a Task Manager session token (JWT) to keep you signed in to our Service.
We do not receive or store your Google password.
Microsoft Sign-In (OAuth)
If you choose to sign in with Microsoft, we use Microsoft OAuth 2.0 (Microsoft identity platform) to authenticate you. We only request the User.Read delegated permission from Microsoft Graph, which allows sign-in and reading your basic profile. We do not request access to mail, calendar, files, or other Microsoft 365 data.
As part of Microsoft Sign-In, we may receive and process:
- OAuth authorization code (used to complete sign-in and establish a session)
- Basic Microsoft account information: A unique Microsoft user identifier, email address, and basic profile information (such as display name and profile picture), as provided by Microsoft for the User.Read scope
- ID token verification: Our backend exchanges the authorization code and verifies the token with Microsoft to confirm your identity
We do not store Microsoft access tokens or refresh tokens. We store only a Task Manager session token (JWT) to keep you signed in to our Service.
We do not receive or store your Microsoft password.
Discord Integration
You may optionally connect your Task Manager account to Discord from the integration settings page
(/integration). This allows the Service to send you a daily task digest via Discord Direct
Message at a time slot you choose. Connection is initiated by you and requires your authorization in
Discord's OAuth2 screen.
Data we collect and store:
- Discord User ID (numeric) — stored in our integration link record to associate your account with Discord for sending digests.
- Digest preferences — whether the digest is enabled, your chosen delivery time slot (UTC-based), and timezone — stored until you disconnect.
Data used only during connection (not stored):
- Discord username and display name — used only during the connect flow; we do not persist them.
- OAuth2 access token — used once to add you to a designated Discord server (so the bot can send you DMs); we do not store it.
OAuth2 scopes we request:
- identify — to read your Discord ID, username, and avatar (for the connect flow).
- guilds.join — to add you to a specific Discord server on your behalf (one-time, with your consent on Discord's authorization screen); required for the bot to send you Direct Messages.
What the integration does:
- Sends automated daily Direct Messages containing a task summary (overdue, today, upcoming, etc.) at your chosen time.
- Adds you to a designated Discord server once, when you first connect (you see and approve this in Discord's authorization screen).
- Does not read your Discord messages, servers, or any other Discord data.
- Does not post in any channels — only sends private DMs to you.
Consent and control: You start the connection from the integration page; Discord's screen shows the permissions being granted. Each digest message includes a note that you subscribed yourself. You can disable the digest or fully disconnect Discord at any time from /integration; disconnecting removes the integration link and preferences and stops future digests. It does not remove you from the Discord server (you can leave the server yourself in Discord if you wish).
Delivery logs: We keep records of digest delivery attempts (user identifier, timestamp, success or failure) for diagnostics; these may be retained indefinitely.
Third-party: We use the Discord API (discord.com) for OAuth2, adding you to the server, and sending DMs. Our bot token is stored only on our servers and is never exposed to the client.
Slack Integration
You may optionally connect your Task Manager account to Slack from the integration settings page
(/integration). This allows the Service to send you a daily task digest via Slack Direct
Message at a time slot you choose. Connection is initiated by you and requires your authorization in
Slack's OAuth screen. Each user can connect their own Slack workspace; the Service supports multiple
workspaces (multi-workspace).
Data we collect and store:
- Slack User ID — stored in our integration link record to associate your account with Slack for sending digests.
- Workspace (team) ID — identifies the Slack workspace you connected; we store one bot token per workspace in our database.
- Bot token per workspace — obtained via Slack OAuth when you install the app in your workspace; stored server-side and used only to send you DMs.
- Digest preferences — whether the digest is enabled, your chosen delivery time slot (UTC-based), and timezone — stored until you disconnect.
Data used only during connection (not stored):
- Workspace (team) name — used during the connect flow; we may store it for display purposes only.
- OAuth access token — exchanged for a bot token; we store the bot token and do not retain the initial OAuth token.
OAuth scopes we request:
- chat:write — to send messages (task digest DMs) to you.
- im:write — to open Direct Message channels with you.
What the integration does:
- Sends automated daily Direct Messages containing a task summary (overdue, today, upcoming, etc.) at your chosen time.
- Does not read your Slack messages, channels, workspaces, or any other Slack data.
- Does not post in channels — only sends private DMs to you.
Consent and control: You start the connection from the integration page; Slack's OAuth screen shows the permissions being granted. You can disable the digest or fully disconnect Slack at any time from /integration; disconnecting removes the integration link and preferences and stops future digests. To remove the app from your Slack workspace, use Slack's app management settings.
Delivery logs: We keep records of digest delivery attempts (user identifier, timestamp, success or failure) for diagnostics; these may be retained indefinitely.
Third-party: We use the Slack API (api.slack.com) for OAuth and sending DMs. Bot tokens are stored per workspace on our servers and are never exposed to the client.
How We Use Information
We use information only to:
- Authenticate you and keep you signed in
- Create, display, and update your tasks
- Transcribe voice recordings to create tasks when you use the voice note feature
- If you connect Discord: link your account, add you to the designated server (one-time), and send daily task digest DMs at your chosen time
- If you connect Slack: link your account, store the bot token for your workspace, and send daily task digest DMs at your chosen time
- Provide support and respond to requests
- Protect the Service (fraud prevention, abuse prevention, and security)
Where Information Is Stored
Task data is stored on our backend service at https://api.3gus.click.
The Extension stores your Task Manager session token (JWT) and temporary sign-in state (if applicable)
in Chrome extension storage (chrome.storage.local). The web app stores your Task Manager
session token (JWT) in your browser storage (currently localStorage) to keep you signed in.
Data Sharing
We do not sell or rent your information. We may share information only with:
- Our backend: Task Manager backend (https://api.3gus.click) to provide core functionality
- Google: Only if you choose Google Sign-In, to complete authentication
- Microsoft: Only if you choose Microsoft Sign-In, to complete authentication
- Discord: Only if you connect Discord from the integration page — to complete OAuth2, add you to the designated server (one-time), and send you daily digest DMs; we use the Discord API server-side only
- Slack: Only if you connect Slack from the integration page — to complete OAuth, store the workspace bot token, and send you daily digest DMs; we use the Slack API server-side only
- OpenAI: When you use the voice note feature, your voice recording is sent to OpenAI (Whisper API) for transcription only; we do not use it for model training or other purposes beyond generating the transcript.
- Infrastructure providers: Hosting and networking providers used to operate the Service (acting as service providers/processors)
We do not share your data with advertisers or data brokers, and we do not use Google or Microsoft user data for advertising purposes. We do not use third-party analytics or advertising SDKs in the Service or Extension.
Retention & Deletion
We retain your task data for as long as your account is active or as needed to provide the Service. You can delete tasks in the app. Integration links and digest preferences for Discord and Slack are kept until you disconnect from the integration page; digest delivery logs (timestamps and outcomes) may be retained indefinitely for diagnostics. You can request account and data deletion by contacting us at avarvashin@gmail.com. Backups, if any, may persist for a limited period before being overwritten. At this time, account deletion is handled by email request (no in-app self-service delete-account button).
Security
All communication with our backend uses HTTPS (TLS). Authentication/session information is stored using standard browser or Chrome Extension storage mechanisms. We take reasonable measures to protect data, but no method of transmission or storage is 100% secure.
Your Choices
- You can sign out at any time.
- You can manage or delete tasks using the Task Manager web app.
- You can decline or revoke microphone access in your browser if you do not wish to use the voice note feature; no voice data will be recorded or sent.
- If you used Google Sign-In, you can revoke the app’s access in your Google Account security settings.
- If you used Microsoft Sign-In, you can revoke the app’s access in your Microsoft account (Manage app access).
-
If you connected Discord or Slack, you can disable the daily digest or fully disconnect at any time
from the integration settings page (
/integration); this stops all future digest messages.
Google API / Limited Use
The use and transfer of information received from Google APIs (including via Google Sign-In) will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Microsoft Graph
When you sign in with Microsoft, we use only the Microsoft Graph User.Read delegated permission. Our use of data received from Microsoft Graph complies with the Microsoft identity platform and Microsoft Graph terms and policies applicable to the permissions we request.
Contact
If you have questions about this Privacy Policy, contact: avarvashin@gmail.com.