1. Who we are

The DFBL Tasks SaaS application (tasks.dfbl-solution.com) is operated by DFBL Limited, a company incorporated in Ireland under company number 772000, with its registered office at:

DFBL Limited
The Tara Building
11–15 Tara Street
Dublin 2, D02 RY83
Ireland

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), DFBL Limited is the data controller of personal data collected through this application. When DFBL Limited processes data on behalf of a customer organisation, the customer is the controller and DFBL Limited acts as processor under the applicable Data Processing Addendum.

2. Scope

This policy describes how we collect, use, share and protect personal data when you use the DFBL Tasks application, a project, task and meeting-report management SaaS used by professional teams and their clients.

3. Information we collect

We collect the following categories of personal data:

• Account data. Name, professional email address, password (stored as a bcrypt hash, we never store passwords in clear text), language preference, theme preference, optional profile picture, role within your organisation, optional phone number and job title.
• Authentication data. Magic-link tokens (stored as SHA-256 hashes, the clear token is sent only by email and never persisted in clear), session cookies (signed JWT, HTTP-only).
• Application content you create. Tasks, projects, sub-projects, descriptions, deadlines, statuses, priority levels, blocking reasons, assignment information, team membership, internal comments, activity history.
• Meeting reports (CR) you submit. Text content of meeting summaries you upload or paste, audio recordings you submit for voice transcription, the structured tasks extracted by AI from those inputs.
• Client and member directory. Information about the client organisations and team members you create within your tenant: company name, contact details, job titles.
• Billing data (when applicable). When you subscribe to a paid plan, Stripe collects payment details directly. We store only the Stripe customer identifier, subscription status, plan tier, and invoicing email; we never receive or store credit card numbers.
• Usage telemetry. AI feature usage (number of calls, token counts, costs) per tenant for billing and quota enforcement; light navigation events for product improvement (page transitions, action types, no third-party analytics, no advertising pixels).
• Server and technical logs. Standard logs from our hosting (IP address, browser user-agent, timestamp, requested URL, HTTP status). Retained for security and operational diagnostics only.

4. Why we use your data and on what legal basis

• Operating the service: hosting your account, your projects/tasks, your meeting reports, the AI extraction features, and the multi-tenant isolation that ensures other customers cannot see your data. Legal basis: performance of the contract between you and DFBL Limited (Art. 6(1)(b) GDPR).
• AI features (Gemini): when you upload meeting text or audio, or use the assistant chat, we send the relevant content to Google Gemini for processing. Outputs (tasks, transcripts) are returned to your account. Inputs are not retained by Google for model training. Legal basis: performance of the contract.
• Billing and account administration: processing your subscription, invoicing, sending service-related notifications. Legal basis: performance of the contract + legal obligation (Art. 6(1)(b) and (c) GDPR).
• Security and abuse prevention: rate limiting, anomaly detection, audit logs. Legal basis: legitimate interest in the security and reliability of the service (Art. 6(1)(f) GDPR).
• Service improvement: aggregated usage statistics. We do not build behavioural profiles and do not use third-party analytics. Legal basis: legitimate interest.

5. Service providers (sub-processors)

We rely on a limited number of vetted service providers to operate the application. They process personal data only on our instructions, under written agreements that include GDPR-required safeguards.

• Hostinger International Ltd. application hosting, PostgreSQL database, server logs (EU servers).
• Resend, Inc. transactional email delivery (magic links, invitations, notifications). Hosted in the United States.
• Google LLC (Gemini API). AI processing for meeting report extraction, voice transcription, and the assistant chat. Hosted in the United States. Inputs sent to Gemini are not retained for model training.
• Stripe Payments Europe Limited. payment processing for paid subscriptions. European data, with US sub-processors under Standard Contractual Clauses.
• Google LLC (Google Drive). encrypted off-site backup of database snapshots and infrastructure configuration. Backups are private to DFBL Limited's administrator account.

6. International transfers

Some of our service providers (Resend, Google Gemini, Google Drive, Stripe US sub-processors) are established outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses and any additional safeguards required to ensure an adequate level of protection equivalent to that guaranteed by EU law.

7. How long we keep your data

• Active accounts: for the entire duration of your subscription or active use of the service.
• After cancellation or account deletion: we retain your account and content for 30 days (to allow you to reactivate or export), then permanently delete or anonymise. You may request immediate deletion at any time (see Section 9).
• Server logs: retained for up to 90 days, then automatically purged.
• Audit / activity logs within the application: retained as long as the account is active, for traceability and security.
• Database backups: kept for 7 days local + 7 days off-site Google Drive (encrypted), then automatically purged. Configuration backups retained 14 days.
• Billing records: retained 10 years as required by Irish accounting law.

8. Cookies

The application uses only strictly necessary cookies: an authentication session cookie (signed JWT, HTTP-only, SameSite-Lax) and a small preference cookie for your selected language and theme. We do not set tracking, advertising or analytics cookies. No consent banner is required because no non-essential cookies are deployed.

9. Your rights

Under the GDPR, you have the right to:

• access the personal data we hold about you;
• request rectification of inaccurate or incomplete data;
• request erasure of your data (right to be forgotten);
• request restriction of processing;
• object to processing based on legitimate interest;
• request data portability, you can export your tasks, projects and meeting reports as JSON from your account settings;
• withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
• lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or the supervisory authority of your country of residence.

To exercise any of these rights, contact us at privacy@dfbl-solution.com. We will respond within one month.

10. Security

We apply technical and organisational measures appropriate to the risk: encrypted transport (HTTPS / TLS), bcrypt password hashing, SHA-256 magic token hashing in database, multi-tenant isolation enforced at the database query level (every API endpoint validates that the requesting user has access to the requested tenant), strict input validation (Zod schemas), rate limiting and quota enforcement to prevent abuse. We perform regular security audits and reviews of our service providers. No transmission over the internet is fully secure; we cannot guarantee absolute security but commit to applying industry standards.

11. Children

The application is intended for business users. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy to reflect changes in our practice or in applicable law. The "Last updated" date at the top of the page indicates the most recent version. Material changes will be notified to active users by email and via an in-application banner where feasible.

13. Contact

Questions, requests, and complaints about this policy or our handling of your personal data:

DFBL Limited
The Tara Building, 11–15 Tara Street, Dublin 2, D02 RY83, Ireland
Email: privacy@dfbl-solution.com

1. Agreement

These Terms of Service ("Terms") govern your access to and use of the DFBL Tasks SaaS application available at tasks.dfbl-solution.com (the "Service"), provided by DFBL Limited, a company incorporated in Ireland under company number 772000, registered office at The Tara Building, 11–15 Tara Street, Dublin 2, D02 RY83, Ireland ("DFBL", "we", "us").

By signing up, accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.

2. The Service

DFBL Tasks is a project, task and meeting-report management application for professional teams. Features include task management, project management, sub-project hierarchies, AI-assisted extraction of action items from meeting reports (text or voice), client and team-member directory, multi-tenant isolation, role-based permissions, notifications and reporting.

We may update, improve, or discontinue features at our discretion. Material changes affecting paying customers will be notified at least 30 days in advance where reasonably possible.

3. Subscription, billing and trial

• Free trial. New paying organisations receive a 21-day free trial. No credit card is required to start; if no payment method is added before the trial ends, the account is automatically downgraded or suspended.
• Paid subscription. The Team plan is billed at the price displayed at tasks.dfbl-solution.com (currently €119 per month for up to 10 users; additional users at €12 per user/month). Annual prepayment is available at €1,190 (two months free).
• Free / consulting plan. Some accounts may be granted free access for consulting or partnership reasons. Such accounts are non-contractual and may be revoked at any time with reasonable notice.
• Payment. Payments are processed by Stripe. By providing payment information, you authorise us to charge the applicable fees on the recurring billing cycle until you cancel.
• Taxes. Prices are exclusive of applicable VAT. VAT is added at checkout where required.
• Late payment. If a payment fails, we will notify you and retry. After 14 days of unpaid invoice, we may suspend access until payment is made. After 60 days, we may terminate the account.

4. Cancellation and refunds

You may cancel your subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period; you retain access until that date. Subscription fees already paid are non-refundable except where required by mandatory consumer-protection law. After cancellation, your data is retained for 30 days for export or reactivation, then permanently deleted.

5. Acceptable use

You agree not to:

• use the Service for any unlawful purpose or in breach of applicable laws (including data protection law);
• upload content that infringes third-party rights, is defamatory, obscene, harassing, or contains malicious code;
• attempt to gain unauthorised access to the Service, other tenants, or the underlying infrastructure;
• reverse engineer, decompile or attempt to extract the source code of the Service except as permitted by law;
• use the Service to send spam, run scraping tools, or build a competing product based on its output;
• circumvent rate limits, quotas, or any technical restriction;
• misrepresent your identity or your authority to act on behalf of an organisation.

We may suspend or terminate accounts in case of material breach, with notice where reasonably possible.

6. AI features

The Service includes AI-assisted features (meeting-report extraction, voice transcription, chat assistant) powered by Google Gemini. AI outputs are generated by a model and may contain errors, omissions, or inaccuracies. You are responsible for reviewing AI outputs before relying on them for any business decision. AI features are subject to fair-use limits (rate limit and monthly quota) to prevent abuse and ensure availability for all users; the current limits are documented in your account settings.

7. Customer data and confidentiality

You retain all rights to the data you upload (tasks, projects, meeting reports, etc.). You grant DFBL a limited licence to host, process, transmit and display that data solely as necessary to provide the Service. We treat your data as confidential and apply the technical and organisational measures described in our Privacy Policy and Data Processing Addendum (DPA) where applicable. Our default DPA is available on request at legal@dfbl-solution.com.

We will not access your content except as necessary to provide the Service, prevent abuse, or when legally compelled.

8. Intellectual property

The Service, its source code, design, logos, methodology and documentation are owned by or licensed to DFBL Limited. The names "DFBL", "DFBL Tasks" and any associated logos are trademarks of DFBL Limited. These Terms do not grant you any right to our trademarks or branding.

9. Service availability and SLA

We aim to provide a high-availability service but do not guarantee uninterrupted operation. Planned maintenance will be announced in advance where reasonably possible. We are not liable for downtime caused by our sub-processors, internet outages, force majeure or factors outside our reasonable control. A formal SLA may be agreed separately with enterprise customers.

10. Disclaimers

The Service is provided on an "as is" and "as available" basis. To the fullest extent permitted by applicable law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, non-infringement, and any warranty arising from course of dealing or trade usage. We do not warrant that the Service will be error-free, uninterrupted, or that AI outputs will be accurate.

11. Limitation of liability

To the fullest extent permitted by applicable law, DFBL Limited, its directors, employees, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or business opportunity, arising out of or in connection with your use of the Service, even if we have been advised of the possibility of such damages. Our aggregate liability for any claim arising out of or related to the Service shall not exceed the fees you paid us in the 12 months preceding the event giving rise to the claim. Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law (e.g., gross negligence, wilful misconduct, or liability for death or personal injury).

12. Indemnification

You agree to indemnify and hold harmless DFBL Limited from any claim, demand, or expense (including reasonable legal fees) arising out of your breach of these Terms, your violation of applicable law, or third-party claims related to data you upload to the Service.

13. Suspension and termination

We may suspend or terminate your access in case of: (a) material breach of these Terms; (b) non-payment after the cure period in Section 3; (c) suspected fraud or abuse; (d) legal requirement. We will notify you where reasonably possible. Upon termination, your right to use the Service ceases; data retention follows Section 4 and our Privacy Policy.

14. Modifications to these Terms

We may update these Terms from time to time. The "Last updated" date at the top of the page indicates the most recent version. Material changes affecting paying customers will be notified by email at least 30 days in advance. Continued use after the effective date constitutes acceptance.

15. Governing law and jurisdiction

These Terms and any dispute arising out of or in connection with them or the Service are governed by the laws of Ireland. The courts of Ireland (Dublin) shall have exclusive jurisdiction, except that consumers ordinarily resident in another EU member state retain the protection of the mandatory rules of their country of residence.

16. Contact

Questions about these Terms:

DFBL Limited
The Tara Building, 11–15 Tara Street, Dublin 2, D02 RY83, Ireland
Email: legal@dfbl-solution.com