Privacy Policy

Last Updated: January 26, 2026

DeepTask Sandbox ("we", "us", "our", or "DeepTask AI") is committed to protecting your privacy. This Privacy Policy explains what information we do and do not collect when you use our desktop software application ("the Software").

IMPORTANT NOTICE ABOUT DATA COLLECTION

By using the Software, you acknowledge and consent to the following:

The Software is designed to operate primarily on your local computer. However, we automatically collect limited technical data (including your IP address) in server logs when the Software contacts our servers for update checks and to load the welcome page. This data collection is automatic and necessary for the Software to function.

What We Collect Automatically:

  • Your IP address (which may be considered personal data under applicable laws)
  • User agent and device information
  • Timestamps and basic request metadata
  • Software version information

Legal Basis for Collection: We collect this data based on our legitimate interests in:

  • Operating and securing our infrastructure
  • Preventing abuse and protecting against security threats
  • Ensuring software compatibility and reliability
  • Meeting our legal and security obligations

If you do not consent to this automatic data collection, you should not use the Software. By downloading, installing, or continuing to use the Software, you explicitly consent to the collection of IP addresses and related technical data as described in this Privacy Policy.

Key Principle: Local-First, Minimal Data Collection

The Software runs locally on your computer. We do not collect your scripts, sandbox activity, or the content you access through the sandbox. We do, however, receive limited technical information when the Software contacts our servers for update checks and to load the welcome page (for example, your IP address and basic request metadata, which may be considered personal data in some jurisdictions).

The Software uses a browser sandbox environment to execute scripts locally on your device. All activities within the sandbox remain on your computer, and we do not monitor, collect, or transmit any data from the sandbox execution environment.

1. Information We Do NOT Collect

We want to be absolutely clear about what we do not collect:

1.1 Personal Information

  • Names, email addresses, or contact information
  • User accounts or authentication credentials
  • Location data or geographic information
  • Demographic information

1.2 Usage and Activity Data

  • Scripts or automation code you create or execute (including example scripts)
  • Files or data you work with in the Software
  • Websites or applications you interact with
  • Keystrokes, screenshots, or activity logs
  • Any content you view, create, modify, or delete
  • Time spent using the Software or specific features
  • Which features you use or how you use them
  • Any activities within the browser sandbox environment
  • Whether you run, modify, or delete example scripts

1.3 Technical Data

  • System configuration or hardware specifications
  • Installed software or operating system details
  • Performance metrics or error logs
  • Crash reports or debugging information

2. Limited Server Communications (and What We Receive)

The Software is a desktop application with no backend services for your sandbox activity. The only server communications that occur are:

2.1 Update Checks

The Software periodically contacts our servers to check for available updates. These requests:

  • Are logged server-side for operational and security purposes
  • Include your current software version number to determine if updates are available or required
  • Do not include your scripts, sandbox activity, or content you access
  • May include limited technical data described below

If your software version is outdated beyond a threshold we set, the Software may require you to update before continuing use. This version check is necessary to ensure security and compatibility.

2.2 Welcome Page Loading

When you open the Software, it may load a welcome page from our servers. These requests:

  • Are logged server-side for operational and security purposes
  • Do not include your scripts, sandbox activity, or content you access
  • May include limited technical data described below

2.3 What These Logs Contain

Our server logs for update checks and welcome page requests may include:

  • Timestamp of the request
  • The requested URL/endpoint
  • IP address
  • User agent (e.g., browser/OS details sent by your device)
  • Software version number (to determine update requirements)
  • Basic request metadata used to operate and secure the service (e.g., status code, approximate region at a country level inferred from IP, and infrastructure identifiers such as request IDs)
  • Error information necessary to diagnose failures (when applicable)

These logs are used solely for:

  • Monitoring server performance and availability
  • Detecting technical issues or outages
  • Aggregate statistics (e.g., total number of update checks per day)
  • Security purposes such as abuse prevention and protecting our infrastructure

We do not attempt to use these logs to learn what you do inside the Software (your scripts, websites visited in the sandbox, or the content you interact with). However, some log data (such as IP address) may be considered personal data under certain laws.

2.4 Log Retention

We retain these server logs only for as long as reasonably necessary for operational, security, and troubleshooting purposes, and then delete or anonymize them. Retention periods may vary by environment and provider, but we generally retain logs for up to 30 days, unless a longer retention is required to investigate abuse, security incidents, or comply with legal obligations.

3. Local Data Storage

All your data remains on your local computer, including:

  • Scripts and automation code
  • Files created or modified using the Software
  • Configuration settings and preferences
  • Any content you download or access through the Software
  • All data processed within the browser sandbox environment
  • Websites visited and actions performed within the sandbox

You have complete control over this local data. You can delete the Software and all associated local files at any time.

3.1 Browser Sandbox Privacy

The browser sandbox runs entirely on your local computer. We do not:

  • Monitor or log activities within the sandbox
  • Collect data about websites you visit through the sandbox
  • Track scripts you execute or their results (including example scripts)
  • Transmit any sandbox activity data to our servers
  • Track whether or how you use the preinstalled example scripts

The sandbox is a local execution environment, and everything that happens within it stays on your device. The Software may include preinstalled example scripts for educational purposes, but we do not track your usage of these examples.

4. Third-Party Services

4.1 Example Scripts and External Services

The Software may include preinstalled example scripts for educational purposes. These example scripts may connect to third-party websites, services, or APIs to demonstrate functionality.

Important: The inclusion of any third-party service in example scripts does not constitute a recommendation or endorsement of that service. We are not affiliated with any third-party services referenced in examples.

Any connections to third-party services are direct between your computer and those services. We do not monitor or track these connections. Third-party services have their own privacy policies and terms of service, which you should review before using them.

4.2 Community Content

If you access community-provided scripts, tutorials, or content, you may be connecting to third-party websites or services. These third parties have their own privacy policies, and we have no control over their data collection practices.

4.3 Your Own Integrations

If you configure the Software to interact with third-party services (e.g., APIs, websites, or applications), those interactions are direct between your computer and those services. We do not intercept, monitor, or store data from these interactions.

5. No Cookies or Tracking

The Software does not use:

  • Cookies
  • Analytics services
  • Advertising networks
  • Any other tracking technologies

If the Software loads a welcome page from our servers, that page may be delivered through standard web infrastructure (such as hosting providers or CDNs). We do not use the welcome page to profile you or track your behavior across services, but standard server access logs described above may still be generated when the page is requested.

5.1 Do-Not-Track Signals

We do not track users across third-party websites and therefore do not respond to Do-Not-Track (DNT) signals. The Software does not engage in cross-site tracking.

5.2 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on users.

6. No Sale; Limited Sharing

We do not sell your personal data and we do not use the Software for advertising or cross-site tracking.

We may share limited server log data (described above) with:

  • Infrastructure and hosting providers that process logs on our behalf to operate and secure update checks and welcome page delivery
  • Professional advisors (e.g., legal, security) where necessary and subject to appropriate confidentiality obligations
  • Law enforcement or regulators where required by law or valid legal process

7. Data Security

Since all your data remains local on your computer:

  • You are responsible for securing your device and data
  • We recommend using standard security practices (strong passwords, encryption, etc.)
  • We cannot recover lost data as we do not store it

The limited server-side logs mentioned above are:

  • Stored on secure servers
  • Retained only as long as necessary for operational purposes
  • Protected with industry-standard security measures

8. Children's Privacy

The Software is not directed at children under the age of 16 (or the minimum age required by applicable law in your jurisdiction, which may be 13 in some regions). We do not knowingly collect personal data from children. Because the Software is local-first and we only receive limited server log data for update checks and welcome page requests, we generally cannot determine a user's age from this information. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

9. International Users and Data Transfers

IMPORTANT: The Software can be used worldwide, but we are a small startup and may not be able to fully comply with all data protection laws in every jurisdiction. The minimal server logs mentioned above may be processed and stored in data centers in various locations, depending on our infrastructure providers and the region you use the Software from.

9.1 Cross-Border Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your limited server log data may be transferred to and processed in countries outside your region, including the United States and other jurisdictions that may not provide the same level of data protection as your home country.

When we transfer personal data outside the EEA/UK/Switzerland, we endeavor to rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office, or other valid transfer mechanisms under applicable law. However, as a startup, we cannot guarantee that all transfers will meet all requirements under all applicable laws.

By using the Software, you explicitly consent to the transfer of your data (including IP addresses) to countries outside your jurisdiction, including countries that may have different or less protective data protection laws than your home country.

9.2 Regional Privacy Laws - Best Efforts Basis

We make commercially reasonable efforts to comply with applicable data protection laws worldwide, including but not limited to:

  • GDPR (European Union)
  • UK GDPR (United Kingdom)
  • CCPA/CPRA (California, USA)
  • LGPD (Brazil)
  • PDPA (Singapore)
  • PIPA (South Korea)
  • Privacy Act (Australia)

However, as a small startup with limited resources, we cannot guarantee full compliance with all data protection laws in all jurisdictions. Where local laws provide additional rights or protections, those rights apply to users in those jurisdictions to the extent we are able to honor them.

9.3 User Responsibility for Jurisdictional Compliance

You are responsible for determining whether your use of the Software complies with the laws applicable to you in your jurisdiction. If you are uncertain whether the Software's data collection practices are lawful in your location, you should seek independent legal advice before using the Software.

If you are located in a jurisdiction where the automatic collection of IP addresses or other technical data would violate applicable law without additional safeguards that we have not implemented, * you should not use the Software.*

10. Your Privacy Rights

Depending on where you live, you may have rights regarding personal data (which may include limited server log data such as IP address). These rights may include the right to access, delete, or object to certain processing. You can contact us to exercise applicable rights.

All your data is on your local computer, and you have full control over it.

10.1 EEA/UK Legal Bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, we process limited server log data for:

  • Legitimate interests (to operate, secure, and improve the reliability of update checks and welcome page delivery)
  • Legal obligations (where we must comply with applicable law and valid legal process)

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

10.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request deletion of your personal information
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell your personal information. To exercise your California privacy rights, contact us at [email protected].

10.3 Brazil (LGPD)

If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, delete, and obtain information about the processing of your personal data. To exercise these rights, contact us at the address below.

10.4 Other Jurisdictions

Users in other jurisdictions may have additional rights under local law. We are committed to honoring applicable data protection rights. Contact us to exercise any rights available to you under local law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the "Last Updated" date at the top of this policy. Material changes will be communicated through:

  • The Software's update mechanism
  • Our website
  • Other appropriate channels

We encourage you to review this Privacy Policy periodically.

12. Legal Disclosure and Compliance Limitations

12.1 Disclosure Requirements

We may be required to disclose information if:

  • Required by law or valid legal process in jurisdictions where we operate
  • Necessary to protect our rights, property, or safety
  • Required to enforce our Terms of Service
  • Required to comply with regulatory inquiries or investigations

Such disclosures would be limited to the minimal server logs described above.

12.2 Startup Limitations

As a startup with limited resources, we may not be able to:

  • Respond to all data subject requests in all jurisdictions within legally mandated timeframes
  • Implement all technical and organizational measures required by all data protection laws globally
  • Appoint data protection officers or representatives in all jurisdictions where required
  • Comply with all reporting and documentation obligations under all applicable laws
  • Contest all government data requests or legal demands

We will make commercially reasonable efforts to comply with applicable legal obligations, but we cannot guarantee that our practices will satisfy all requirements under all laws in all jurisdictions at all times.

12.3 Government and Legal Requests

We may receive requests for data from governments, law enforcement, or other legal authorities. While we will review such requests and object to overly broad or unlawful requests when feasible, we reserve the right to comply with valid legal demands without further notice to you, to the extent permitted or required by law.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]

14. Transparency Commitment

We believe in transparency about data practices. This Privacy Policy describes our current practices to the best of our knowledge. If our data collection practices change, we will make reasonable efforts to:

  • Update this Privacy Policy with explanations
  • Notify users through the Software when practicable
  • Provide notice before implementing material changes when feasible
  • Respect user choices regarding any new data collection

However, as a startup, we may need to make operational changes quickly and cannot guarantee advance notice in all circumstances.

15. Limitation of Liability for Privacy Matters

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

We disclaim all liability for:

  • Data breaches affecting server logs containing IP addresses or other technical data
  • Unauthorized access to or disclosure of data collected through the Software
  • Our failure to comply with data protection laws in any jurisdiction
  • Delays or failures in responding to data subject requests
  • Inaccuracies or incompleteness in this Privacy Policy
  • Changes to our data practices that you disagree with
  • Government access to data we collect
  • Cross-border data transfers to jurisdictions with inadequate data protection

We are not responsible for any damages, losses, or legal consequences arising from:

  • Your use of the Software in jurisdictions where our data practices may not comply with local law
  • Your failure to understand or review this Privacy Policy
  • Data protection regulatory actions or penalties in any jurisdiction
  • Third-party access to data we collect (whether authorized or unauthorized)

By using the Software, you acknowledge and accept these limitations and agree that your sole remedy for any privacy-related concerns is to stop using the Software.

Summary: The Software runs locally on your computer and we do not collect your scripts or sandbox activity. We automatically collect limited technical data in server logs when the Software checks for updates or loads the welcome page (including IP address, user agent, and timestamps) to operate and secure that infrastructure. This collection is automatic and occurs without additional consent each time the Software contacts our servers. By using the Software, you consent to this data collection. You maintain control and ownership of your local data.

IMPORTANT: As a startup, we may not fully comply with all data protection laws in all jurisdictions. You are responsible for determining if our data practices are acceptable and lawful for your use case.