Privacy, in plain words

Your data lives in your Drive. Not ours.

TaskSpark has no backend database. No analytics pixel. No login server with your password in it. Here's exactly what that means.

Last updated April 16, 2026 Effective v3.0 and later

TL;DR

  • Your tasks live in a Google Sheet in your Drive, or on your own machine if you're signed out. We don't have a copy.
  • We use the Google drive.file scope. That means TaskSpark can only see files it created. Your other Drive files are invisible to us.
  • We don't have analytics, tracking pixels, session replay, or a marketing database.
  • Revoke access from your Google account any time, tasks stay in the Sheet, the app just stops syncing.

What we actually store

On our servers: nothing personal. The auto-updater fetches release metadata from GitHub, which logs standard request headers (IP, user agent) under GitHub's privacy policy. That's the only outbound call TaskSpark makes on its own behalf.

The contact form on this website goes through Formspree, which holds the submission long enough to email it to me. See their privacy notice for specifics.

What we never see

  • Your tasks, task titles, descriptions, or tags.
  • Your other Drive files (PDFs, Docs, Sheets not created by TaskSpark).
  • Your Gmail, Google Calendar, contacts, photos, or anything else in your Google account.
  • Your Outlook mail, contacts, or any calendar outside your own.
  • Your browsing behaviour. We don't embed analytics.

Google OAuth scope

TaskSpark requests a single scope: https://www.googleapis.com/auth/drive.file. Per Google's documentation, this lets an app:

Access files in Google Drive that were created or opened by the app. The app cannot access files it did not create.

When you first sign in, TaskSpark creates one Sheet named TaskSpark - {workspace}. That's the only file it can read or write. You can find it in your Drive, move it, rename it, share it, or delete it.

Microsoft OAuth scope

If you enable Outlook sync, TaskSpark requests Calendars.Read. It can read calendar events. It cannot write, delete, or access mail or contacts. The flow uses PKCE, so no client secret ever travels, and there's no TaskSpark backend for tokens to be stolen from.

Local storage

On this machine, TaskSpark stores:

  • A local cache of your tasks, so the app works offline and launches fast.
  • Your preferences: which features are on, your toggle states, kanban column layout.
  • OAuth tokens (encrypted using the OS credential vault on Windows).

All of it lives under %APPDATA%\TaskSpark. Delete that folder and you're back to first-launch state.

Third parties

  • Google Drive / Sheets, stores your tasks. Subject to Google's terms.
  • Microsoft Graph, optional, for Outlook calendar read.
  • GitHub, hosts releases and the changelog feed.
  • Formspree, only for the website's contact form.

No advertising networks. No data brokers. No retargeting. Ever.

Your rights

Because we don't store your data, most data rights ("right to access", "right to delete") apply to your Drive, not to us, you already have access, and you can delete any time. If you still want to reach out about your information, use the contact form or email hello@taskspark.tech.

Contact

TaskSpark is built by Jana Ridler in the USA. Questions about privacy go to hello. I read them all.