Legal

Privacy Policy

Last updated: 14 March 2026

1. Introduction

CloudInfinity Ltd ("we", "us", "our") operates the Gravitask platform (www.gravitask.net and app.gravitask.net). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Gravitask, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the platform.

2. Information We Collect

2.1 Personal Data

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored in encrypted form)
  • Organisation and workspace names
  • Profile preferences (theme, accent colour)

2.2 Usage Data

We automatically collect certain information when you use the platform, including:

  • IP address and browser type
  • Pages visited and features used
  • Time and date of access
  • Device and operating system information
  • Referring URLs

2.3 Content Data

We store the content you create within Gravitask, including tasks, projects, comments, file attachments, and other work management data. This data is necessary to provide you with the service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Gravitask platform
  • Create and manage your account
  • Send transactional emails (account verification, password resets, task notifications)
  • Respond to your enquiries and provide customer support
  • Monitor usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

  • Contract performance: Processing necessary to provide you with the Gravitask service
  • Legitimate interests: Improving our service, preventing fraud, and ensuring security
  • Consent: Where you have given us explicit consent for specific processing (e.g., marketing communications)
  • Legal obligation: Where we are legally required to process your data

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service providers: We use third-party services for hosting (Microsoft Azure), email delivery (SendGrid), and analytics. These providers are contractually bound to protect your data.
  • Workspace members: Information you share within a workspace (tasks, comments, files) is visible to other members of that workspace according to the permissions set.
  • Legal requirements: We may disclose your information if required by law, regulation, or legal process.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6. Data Storage and Security

Your data is stored on Microsoft Azure infrastructure located in the United Kingdom. We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Password hashing using industry-standard algorithms (bcrypt)
  • Access controls and role-based permissions
  • Regular security assessments and monitoring
  • Secure key management via Azure Key Vault

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Content data (tasks, projects, comments) created within shared workspaces may be retained for other workspace members even after your account is deleted.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing of your data
  • Portability: Request transfer of your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@gravitask.net.

9. Cookies

We use cookies and similar tracking technologies. For detailed information about the cookies we use and the purposes for which we use them, please see our Cookie Policy.

10. Children's Privacy

Gravitask is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Gravitask after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@gravitask.net
  • Company: CloudInfinity Ltd
  • Address: United Kingdom

We value your privacy

We use cookies to enhance your browsing experience, serve personalised content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy.

Cookie Preferences